Duo's Security Blog

OCTOBER 24, 2023

Much like Captain Monica Rambeau’s own journey, MFA is evolving to help security teams protect against a new kind of threat: MFA bypass attacks. In this blog, we’ll discuss some of the ways you can use MFA and features like Duo’s Trusted Endpoints to protect against MFA bypass attacks. What is an MFA bypass attack?

Social Engineering 76

Social Engineering Education Authentication Engineering 76

Duo's Security Blog

MARCH 4, 2024

Recently, attackers have targeted multi-factor authentication (MFA). MFA is a common second line of defense against compromised passwords. However, attackers are finding ways around MFA.

Authentication 73

Authentication Social Engineering Passwords Risk 73

Duo's Security Blog

MAY 23, 2023

It has become clear that MFA is basic ‘you must be this tall to ride the rollercoaster’ for any [organisation].” Picking on someone…credential compromise in Australia It goes without saying that a lack of MFA puts your company or personal accounts at risk. As a result, about 3.9

Authentication 122

Authentication Passwords Data breaches Phishing 122

Duo's Security Blog

NOVEMBER 27, 2023

MFA Fatigue MFA fatigue attacks ( T1621 ), which have become increasingly common, occur when adversaries send a barrage of MFA requests to users in an effort to exhaust them into providing access. You can use these in both our standard MFA flow , as well as in our Passwordless offerings.

Authentication 73

Authentication Social Engineering Risk Accountability 73

Duo's Security Blog

JANUARY 29, 2024

The activity observed in these attacks represents some of the most common attack patterns against MFA. Even if access was not ultimately gained, any malicious MFA attempts typically signify a breach of first factor credentials. Duo customers in the educational sector and beyond can take steps to secure their environments.

Education 116

Education Authentication Passwords Phishing 116

Duo's Security Blog

NOVEMBER 17, 2022

As attackers have figured out ways to get around traditional multi-factor authentication (MFA), Duo has continued to evolve to prevent fraudulent access and protect the workforce. In response to MFA fatigue and push-phishing attacks, we announced the Public Preview of Verified Duo Push in August of this year.

Authentication 70

Authentication Risk Phishing Engineering 70

Cisco Security

JANUARY 10, 2023

Using this information, last year I wrote a blog summing up the nine top of mind issues I believed will most impact CISOs as we headed into 2022. For more practical advice on this topic, I also wrote a blog on some of the challenges and opportunities within the cyber liability insurance market back in June which you can read here.

CISO 137

CISO Insurance Cyber Insurance Phishing 137

Duo's Security Blog

AUGUST 25, 2022

We’re excited to announce early access release of the Verified Duo Push, which will increase the security of our push-based multi-factor authentication (MFA) solution. This, in turn, will help improve the resilience of your network against bad actors looking to exploit push harassment or push fatigue.

Authentication 68

Authentication Mobile VPN Threat Detection 68

Duo's Security Blog

SEPTEMBER 23, 2021

Trusted Sessions brings the “Remember Me” feature from our browser prompt to Windows Logon, allowing you to trust your local logins with Duo and reduce the amount of times needed to MFA in the future, saving you lots of time, energy and defenestration of Windows endpoints. If it has, we'll prompt for MFA. is looking to solve.

Authentication 68

Authentication Engineering Manufacturing Technology 68

Duo's Security Blog

JULY 21, 2023

Increasingly, attackers are successfully finding ways to take advantage of gaps in weaker multi-factor authentication (MFA) systems. Risk signs are vital Many other MFA systems’ risk-based authentication signals are plagued by false positives and weak contextualized risk signals.

Authentication 70

Authentication Risk Engineering Phishing 70

NetSpi Executives

OCTOBER 24, 2023

Leveraging multifactor authentication (MFA) can prevent exposed passwords from being used. MFA is a multi-step process that requires users to enter more information than simply a password to log into an account. Some platforms or services require MFA while others include it as an option for user accounts.

Social Engineering 59

Social Engineering Engineering Cybersecurity Passwords 59

Duo's Security Blog

FEBRUARY 27, 2024

In the first part of this three-part blog series , we discussed the various methods available to MFA users. How MFA methods stand up to threats Threat type #1: Physical compromise Many authentication methods use device possession as a factor (i.e., Devices can be stolen or temporarily accessed by an attacker to subvert MFA.

Social Engineering 123

Social Engineering Authentication Phishing Engineering 123

Duo's Security Blog

NOVEMBER 14, 2023

In today’s blog, we’ll talk about how RBA and more secure methods of authentication can securely enable third-party access. For example, a company that uses third-party vendors to access its systems can use RBA to require MFA for all login attempts and escalate the authentication method when a new location is detected.

Authentication 66

Authentication Risk Mobile Technology 66

Malwarebytes

SEPTEMBER 17, 2023

We've written about BlackCat/ALPHV many times on the Malwarebytes Labs Blog. We continue to wait for MGM to grow a pair and reach out as they have clearly demonstrated that they know where to contact us.

Ransomware 122

Ransomware Social Engineering Passwords Backups 122

Duo's Security Blog

NOVEMBER 16, 2021

Essentially, SSO reduces password fatigue. Furthermore, the SSO application dashboard for end users should be protected with multi-factor authentication (MFA) to reduce risks of phishing and other identity attacks that could compromise credentials.

Passwords 85

Passwords Authentication VPN Data breaches 85

Thales Cloud Protection & Licensing

MAY 13, 2024

Unlocking the Cloud: Microsoft and Thales Spearhead Passwordless & MFA for Organizations moving to Microsoft 365. A study published by Microsoft in May 2023 , confirmed how MFA is effective at deterring cyberattacks and showed that the use of MFA reduced the risk of compromise by more than 99.2%.

Authentication 62

Authentication Phishing Marketing Cloud Migration 62

The Last Watchdog

DECEMBER 6, 2022

Password-based multi-factor authentication (MFA) systems, for instance, require constantly logging in and out of user sessions; employees waste working time, and can even suffer from MFA fatigue. These inefficiencies can open the gate to cyber attacks.

Authentication 203

Authentication Healthcare Artificial Intelligence Passwords 203

Cisco Security

AUGUST 21, 2023

In this blog post, we’ll delve deeper into the potential and versatility of Duo APIs, their applications across industries, and how they can elevate your security posture to new heights. This includes IP threats, MFA flood attacks, suspicious activity, and more.

Authentication 72

Authentication Technology Small Business Architecture 72

Duo's Security Blog

DECEMBER 12, 2023

In this blog, see the depth of Duo integrations with various AWS applications and services, and learn how you can better equip your organization with security that frustrates the attackers and not the users. Prevent unauthorized access to applications utilizing AWS Directory Services with Duo MFA Note: This integration uses RADIUS Auth Proxy.

Data breaches 82

Data breaches Authentication Passwords Risk 82

Duo's Security Blog

JUNE 15, 2023

This is particularly important now that many bad actors are attempting to bypass MFA with tactics such as MFA fatigue. Check out some other blogs: The Bigger the Party, the Bigger the Risks Healthy Device? This protects the corporate apps third parties will need to access in order to do their work. Want to learn more?

Risk 138

Risk Authentication Phishing Insurance 138

Thales Cloud Protection & Licensing

SEPTEMBER 8, 2022

This is the first blog in a series of three that will cover the reasons for choosing FIDO devices, an introduction to the latest FIDO security key releases from Thales, and an overview of Thales’ dedicated FIDO security key customized for Azure. Enhance identity verification with MFA. FIDO2 offers both passwordless and MFA.

Authentication 71

Authentication Passwords Phishing Data breaches 71

Duo's Security Blog

FEBRUARY 16, 2024

However, today’s landscape sees push-targeting MFA attacks increasing. Enabling Verified Duo Push can disarm push harassment and MFA fatigue attacks , with the bonus of putting your clients on the path towards passwordless.

Authentication 103

Authentication Accountability Risk Mobile 103

Duo's Security Blog

OCTOBER 31, 2023

In addition to lowering password fatigue, Duo SSO enhances security with the ability to enforce strong or phishing-resistant authentication using Duo MFA or Passwordless, granular access policies based on contextual factors such as location and device trust.

Security Awareness 70

Security Awareness Authentication Phishing Passwords 70

Thales Cloud Protection & Licensing

JUNE 27, 2019

Security teams are employing features such as multi-factor authentication (MFA), single sign-on (SSO) and other core IAM elements to confirm each user has a high assurance session, is using a valid machine and is accessing the appropriate types of file shares.

Digital transformation 79

Digital transformation Data breaches Technology Authentication 79

CyberSecurity Insiders

OCTOBER 13, 2021

This blog was written by an independent guest blogger. From the perspective of the user, SSO helps to eliminate password fatigue by requiring users to remember only a single set of credentials. SSO, MFA, and other technologies are helping access management to evolve beyond the password. ” I stand by those words.

Passwords 141

Passwords Accountability Data breaches Authentication 141

Duo's Security Blog

NOVEMBER 9, 2021

See the video at the blog post. Streamlined Authentication Consider the number of times a user has to interact with a security tool such as MFA. Yes we are aware of “MFA Fatigue.” Adopting the OIDC standard for application integration enhances the overall security of MFA deployments.

Authentication 85

Authentication Mobile Phishing Technology 85

Duo's Security Blog

APRIL 24, 2023

Cyber attackers are increasingly targeting gaps in weaker multi-factor authentication (MFA) implementations. Weaker MFA implementations are under attack It has been an unprecedented year of cyberattacks targeting MFA. Attackers have invested significant time, energy, and focus exploiting weak MFA. MFA fatigue ).

Authentication 95

Authentication Risk Cyber Attacks Mobile 95