Duo's Security Blog

SEPTEMBER 20, 2022

Cisco Secure Access by Duo is a leading provider of multi-factor authentication (MFA) for the global workforce – but what does that mean? Multi-Factor Authentication (MFA) is the practice of adding multiple (two or more) identity verification dimensions at login.

Education 52

Education Authentication Passwords Technology 52

Duo's Security Blog

SEPTEMBER 1, 2023

Passkeys simplify account registration for apps and websites, are easy to use, work across most of a user’s devices, and even work on other devices within physical proximity.” - FIDO Alliance Most people know what passwords are and have experienced first-hand some of the many issues with them.

Passwords 102

Passwords Authentication Insurance Cyber Insurance 102

Duo's Security Blog

MARCH 24, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. And then that’s something that they know, and that’s what grants them access to the system.

Passwords 83

Passwords Authentication Password Management Technology 83

Duo's Security Blog

JANUARY 8, 2024

While understanding these types of attacks can seem intimidating, it is important to know what an AiTM attack is and how it works to safeguard your users and your organization. What is an AiTM attack? How does the proxy work? All the attacker needs to do is get the user to click the link.

Authentication 67

Authentication Phishing Passwords Encryption 67

eSecurity Planet

NOVEMBER 21, 2022

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “After authentication to Azure AD via a browser, a cookie is created and stored for that session,” the team noted. How to Respond to Token Theft.

Authentication 145

Authentication Phishing Password Management Accountability 145

Javvad Malik

NOVEMBER 11, 2021

However, it’s not a complete return to office, and for now, it appears as if hybrid work environments are the way to go. However, it’s not a complete return to office, and for now, it appears as if hybrid work environments are the way to go. To support this hybrid environment, we’ve seen many strategies adopted.

VPN 100

VPN Authentication Passwords Scams 100

NetSpi Technical

JANUARY 18, 2024

Time-Based One-Time Password (TOTP) Time-Based One-Time Password (TOTP) is a common two-factor authentication (2FA) mechanism used across the internet. During authentication, the secret is used in combination with the time in a cryptographic hash function to produce a secure 6-digit passcode. The credentials had been obtained.

Authentication 115

Authentication Passwords Accountability Penetration Testing 115

Krebs on Security

SEPTEMBER 2, 2021

Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. mail server responds “OK” = successful access).

Accountability 301

Accountability Authentication Passwords Hacking 301

Duo's Security Blog

AUGUST 1, 2022

for companies to implement security that works security framework. There were 60 changes made, with new rules around multi-factor (MFA) being one of the most significant. focuses on developing stronger authentication requirements around NIST Zero Trust Architecture guidelines. What Is PCI DSS? to PCI DSS 4.0.

Authentication 84

Authentication Passwords Accountability VPN 84

Troy Hunt

NOVEMBER 14, 2018

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. Adding a second factor typically means either requiring "something that you have" or "something that you are".

Passwords 259

Passwords Authentication Accountability Mobile 259

Duo's Security Blog

DECEMBER 12, 2023

In this blog, see the depth of Duo integrations with various AWS applications and services, and learn how you can better equip your organization with security that frustrates the attackers and not the users. What does that mean? What does it mean to build a successful zero trust security model?

Data breaches 85

Data breaches Authentication Passwords Risk 85

Krebs on Security

APRIL 6, 2022

Microsoft blogged about its attack at the hands of LAPSUS$, and about the group targeting its customers. “There is a lot of speculation about how good they are, tactics et cetera, but I think it’s more than that,” said the CXO, who spoke about the incident on condition of anonymity. ” HOW DID WE GET HERE?

Social Engineering 252

Social Engineering Phishing Engineering Accountability 252

Duo's Security Blog

JANUARY 11, 2023

What is Duo Network Gateway? Then it verifies user identity with advanced multi-factor authentication (MFA). How does DNG for SMB work? How does DNG for SMB work? This capability is generally available for Duo Beyond customers. Why do I need DNG?

VPN 99

VPN Firewall Authentication Internet 99

Duo's Security Blog

FEBRUARY 11, 2022

What is passwordless authentication? Because passwordless is a new technology, we know you want to try it before you rip and replace all of the authentication in your environment. Because passwordless is a new technology, we know you want to try it before you rip and replace all of the authentication in your environment.

Authentication 79

Authentication Passwords Mobile Risk 79

Duo's Security Blog

OCTOBER 12, 2021

Customer trust is essential for businesses to succeed, which Salesforce is putting into practice with a future requirement for all customers to enable multi-factor authentication (MFA). What Does This Announcement Mean for Salesforce Customers? How Does Salesforce Recommend Customers Get Started to Enable MFA?

Authentication 52

Authentication Risk Marketing Phishing 52

Identity IQ

AUGUST 21, 2023

What is Clone Phishing and How Do I Avoid It? In this blog post, we dive into the world of clone phishing, shedding light on what it is, the potential risks it poses, and most importantly, how to protect yourself from falling victim to it. What is Clone Phishing? How Does Clone Phishing Work?

Phishing 85

Phishing Authentication Passwords Identity Theft 85

Duo's Security Blog

JUNE 3, 2021

Okay, there are a few lingering cases we haven’t been able to eradicate yet, such as old WiFi systems and some legacy software nobody knows how to work with anymore. Do you remember how we used to be afraid of biometrics because a few early implementations stored users’ personal information in a central database?

Authentication 82

Authentication Passwords Phishing Accountability 82

Security Boulevard

MARCH 2, 2022

What Is the Cost of Poor Secrets Management? Secrets are sensitive information used to authenticate user and machine identities. The proliferation of applications and machine-to-machine authentication and authorization has highlighted the need to understand the most commonly used secrets. brooke.crothers. Certificates.

Authentication 98

Authentication Passwords Data breaches Encryption 98

BH Consulting

FEBRUARY 15, 2024

Cyber attacks featured in the top five risks for the year ahead, along with factors like extreme weather and the cost of living crisis. Scale is a factor: larger organisations seem better equipped than SMEs to react to risks. It included recommendations never to share passwords and to use multi-factor authentication.

Passwords 52

Passwords Surveillance Risk Data breaches 52

Duo's Security Blog

SEPTEMBER 30, 2022

Does the FTC Safeguards Rule affect you? If you are not sure what the new security requirements are or if they affect your business or organization, don’t worry – we put together a webinar to help answer those questions. The new cybersecurity rules were published on December 9, 2021 and will require compliance by December 9, 2022.

Cybersecurity 63

Cybersecurity Authentication CISO Healthcare 63

Duo's Security Blog

AUGUST 24, 2022

It can also be challenging for school leaders to break down what new laws mean and what they can do to support pre-existing academic compliance mandates to help secure student data. However, adding two-factor or multi-factor authentication (MFA) cybersecurity may be a good place to start.

Cybersecurity 52

Cybersecurity Education Insurance Authentication 52

Duo's Security Blog

MARCH 9, 2022

Together these practices — which include multi-factor authentication (MFA), restricting administrative privileges and daily backups — provide a clear framework for businesses anywhere that are looking to improve their foundational security footing , as we’ve previously noted on the Duo Blog.

Cybersecurity 71

Cybersecurity Authentication Passwords VPN 71

Cisco Security

FEBRUARY 4, 2022

My good friend and fellow Advisory CISO Helen Patton has done a great summary of the memo in a previous blog. In other words, one size does not fit all. Here are some questions to tailor our efforts: Identities – Is multi-factor authentication (MFA) in place for some but not all applications (e.g.,

Architecture 81

Architecture Authentication CISO Government 81

Duo's Security Blog

MAY 12, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. But for a long time, it wasn’t a central focus in the conversation around what’s important for security to design.

Passwords 52

Passwords Authentication Mobile Technology 52

SecureWorld News

SEPTEMBER 17, 2021

Part of the reason is what you might call the human factor. Password problems because of the human factor. It’s not surprising Microsoft has worked towards a passwordless world. Almost 100% of organizations today are largely embracing two-step or multi-factor verification and ditching passwords. Sebastian P.

Passwords 58

Passwords Authentication Accountability Mobile 58

Duo's Security Blog

JANUARY 27, 2022

Not all multi-factor authentication (MFA) solutions are equal. For a two-factor authentication solution, that may include hidden costs, such as upfront, capital, licensing, support, maintenance, and operating costs. How can you be sure you’re getting the best security return on your investment?

Authentication 71

Authentication Software Mobile Passwords 71

Duo's Security Blog

JUNE 24, 2021

We can map this exact example onto modern multi-factor authentication. What is Second Factor Phishing? What does it mean when users get “too used to” MFA protection? At Duo, some of our customers are worried about second factor phishing or push phishing.

Phishing 66

Phishing Authentication Education Passwords 66

Krebs on Security

MARCH 29, 2022

In the United States, when federal, state or local law enforcement agencies wish to obtain information about who owns an account at a social media firm, or what Internet addresses a specific cell phone account has used in the past, they must submit an official court-ordered warrant or subpoena.

Accountability 276

Accountability Government Hacking Social Engineering 276

Duo's Security Blog

JUNE 17, 2021

See the video at the blog post. Part of ensuring that passwordless is just as secure as multi-factor is ensuring that it is multi-factor. Part of ensuring that passwordless is just as secure as multi-factor is ensuring that it is multi-factor. See the video at the blog post.

Authentication 54

Authentication Manufacturing Passwords Accountability 54

CyberSecurity Insiders

OCTOBER 13, 2021

This blog was written by an independent guest blogger. It does this by designating which groups of users are allowed access to which applications and identifying which user attributes are required to access each application. ” Let ’ s explore how below. Passwords: An unsustainable business cost.

Passwords 141

Passwords Accountability Data breaches Authentication 141

SecureWorld News

OCTOBER 12, 2021

This is similar to how some real-life thieves check for open car doors to steal loose change in a glovebox. In 2018, the SentinelOne blog ranked superhero names combined with a number as one of the worst passwords. Mozilla moves towards multi-factor authentication. This type of thing has been going on for years.

Passwords 61

Passwords Authentication Technology Data breaches 61

Duo's Security Blog

OCTOBER 21, 2022

While security teams work to stay vigilant and put defenses in place, it can be difficult to keep up with the evolving threats. One of these threats that has gained attention includes circumventing an organization’s multi-factor authentication (MFA) protection. What is MFA fatigue?

Authentication 61

Authentication Risk Passwords Phishing 61

Centraleyes

MAY 23, 2024

What is Data Access Governance? Tapping into your company’s data is appealing, but caution must be taken to ensure that sensitive information does not get into the wrong hands. Tapping into your company’s data is appealing, but caution must be taken to ensure that sensitive information does not get into the wrong hands.

Government 52

Government Backups Data privacy Accountability 52

The Last Watchdog

JUNE 22, 2020

Overnight, those in charge must learn how to operate all of our elementary, junior high and high schools as if they were digital-native startups. Attackers quickly figured how to slip obscenities and even pornographic videos into live classes. And it must be assumed that many of them are likely ignorant of good cyber hygiene practices.

Mobile 276

Mobile Passwords Technology VPN 276

Duo's Security Blog

DECEMBER 7, 2022

Much has been published about how the demand — and subsequent cost — for cyber liability insurance has skyrocketed in line with increasing incidents of cyberattacks. But what are the risks with this approach? Tech Wire Asia cites that premiums could be expected to reach anywhere between US$500 million and US$1 billion by 2025.

Insurance 79

Insurance Cyber Insurance Ransomware Risk 79

Security Boulevard

OCTOBER 19, 2021

Top ten vulnerabilities that threaten your API, how to identify them, and how to prevent them. Today, let’s go through each of these vulnerabilities to understand how they happen, how to identify them, and how to prevent them. API #2: Broken User Authentication. Authentication is hard for APIs.

Authentication 93

Authentication Accountability Penetration Testing Banking 93

SC Magazine

MAY 7, 2021

Google announced that it will automatically enroll users in multifactor authentication – what they are calling two-step verification. Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” Risher said. Photo by Mario Tama/Getty Images).

Authentication 89

Authentication Passwords Password Management Mobile 89