Duo's Security Blog

SEPTEMBER 16, 2021

At Duo, we're building a passwordless authentication solution that’s as easy to set up as it is to use – with our world-class security baked in. Your Journey Begins with Multi-Factor Authentication See the video at the blog post. Learn more about common misconceptions related to passwordless authentication methods.

Authentication 128

Authentication Passwords Phishing CISO 128

Thales Cloud Protection & Licensing

FEBRUARY 19, 2025

Go Beyond FIDO Standards: Best Practices When Deploying FIDO Security Keys in Enterprise madhav Thu, 02/20/2025 - 06:22 Initially designed for the consumer market, the FIDO (Fast IDentity Online) standard aims to replace passwords with more secure authentication methods for online services. While recent versions, like FIDO2.1, standard (i.e.,

Authentication 71

Authentication Passwords Marketing Risk 71

Hacker's King

OCTOBER 26, 2024

Activities during this week include engaging workshops, informative webinars, and community events, all designed to empower individuals with the knowledge and skills necessary to navigate today’s cyber threats effectively. Be Cautious with Email Attachments: Phishing attacks often come disguised as legitimate emails.

Cybersecurity 59

Cybersecurity Cyber threats Education Passwords 59

Duo's Security Blog

OCTOBER 6, 2023

Threat actors have dramatically escalated their attacks – targeting security controls like multi-factor authentication (MFA), conducting wily social engineering attacks and extorting businesses large and small with ransomware. For more information, check out our on-demand webinar Your Zero Trust Roadmap.

Authentication 144

Authentication Risk Social Engineering InfoSec 144

Thales Cloud Protection & Licensing

MARCH 12, 2025

The FIDO (Fast Identity Online) standard has emerged as the gold standard in authentication technology, providing a robust framework for secure and convenient access. The newly introduced SafeNet eToken Fusion NFC PIV enables passwordless, phishing-resistant authentication across a wide range of devices.

Passwords 71

Passwords Authentication Digital transformation Government 71

Duo's Security Blog

SEPTEMBER 1, 2023

Unlike passwords, passkeys are always strong and phishing resistant. Remote Users The web authentication process begins when the remote user wants to connect to an application. Users need to be trained since they’re a new way of authentication, but typically users can enroll or manage them through a UI-driven workflow by themselves.

Passwords 133

Passwords Authentication Insurance Cyber Insurance 133

Thales Cloud Protection & Licensing

AUGUST 15, 2022

FIDO - Leading the Zero Trust Passwordless Authentication Evolution. A Zero Trust approach starts with Multi-Factor Authentication (MFA). The Role of Passwordless Authentication. Passwordless authentication was developed to combat phishing attacks, a crucial risk that cannot be ignored. Tue, 08/16/2022 - 06:32.

Authentication 71

Authentication Phishing Passwords Risk 71

Security Boulevard

APRIL 18, 2025

Also, find out what Tenable webinar attendees said about identity security. Protect all administrative access with phishing-resistant multi-factor authentication. Check out NISTs effort to further mesh its privacy and cyber frameworks. And get the latest on the MITRE CVE program and on attacks against edge routers.

Risk 59

Risk Cybersecurity Data privacy Software 59

Duo's Security Blog

APRIL 23, 2025

"Ninety-nine percent of attacks can be blocked with multi-factor authentication (MFA) is an oft-discussed quote from 2019. New threat types such as push-bombing, social engineering, and spear phishing are forcing organizations to do more than rely on MFA alone.

Authentication 59

Authentication Risk Social Engineering Accountability 59

Duo's Security Blog

OCTOBER 11, 2023

To learn more about how Duo’s access management trifecta empowers you to authenticate further and defend faster, be sure to tune into our webinar Authenticate Further, Defend Faster with Higher Security from Duo. In fact, multi-factor authentication (MFA) has been the access security tool of choice for years now.

Authentication 126

Authentication Risk Technology Phishing 126

Duo's Security Blog

DECEMBER 19, 2024

Phishing is still one of the most common attack vectors, and the holidays provide an especially appealing time to launch an attack thats been supercharged by modern natural language processing models and novel QR codes. No industry is spared this phishing season, though some are targeted more often than others.

Phishing 64

Phishing Authentication Social Engineering Passwords 64

Webroot

FEBRUARY 5, 2025

But what exactly are passkeys, and why are they considered the future of authentication? With Password Day coming up this Saturday, it’s the perfect time to discuss the future of authentication. Passkeys leverage public-key cryptography to authenticate users without requiring them to remember or type in a password.

Authentication 60

Authentication Password Management Passwords Backups 60

Duo's Security Blog

NOVEMBER 20, 2023

One piece of evidence to support this hypothesis is the low adoption of a basic security control that protects against identity-based attacks - multi-factor authentication (MFA). Add to this, the risks of weak authentication factors such as SMS one-time passcodes and dormant or inactive accounts.

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

SecureWorld News

JULY 21, 2020

The inclusion of authentic content also makes it harder for spam filters to detect the emails as malicious. Combined, these tools create a virtually super-powered botnet that further reveal the importance of addressing phishing attacks. Here's what the webinar covers: What is the new era of phishing attacks?

Phishing 88

Phishing Banking Passwords Authentication 88

Duo's Security Blog

JULY 6, 2023

Today we will discuss the survey makeup, review key results and explain why Duo’s Passwordless technology is well positioned to meet enterprise authentication needs highlighted in the study. Workforce authentication failures are common and MFA is still not mandatory Duo has always focused on meeting customers where they are.

Authentication 100

Authentication Passwords Risk Technology 100

Security Affairs

FEBRUARY 7, 2020

. “ Certfa Lab has identified a new series of phishing attacks from the Charming Kitten 1 , the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. site domain where login credential details of his/her email such as the password and two factor authentication (2FA) code are requested.

Phishing 117

Phishing Advertising Malware Media 117

SecureWorld News

OCTOBER 19, 2021

TAG reported that Iranian-government-backed actors, known as APT35 and by the aliases Rocket Kitten and Charming Kitten, are quickly picking up speed, especially when it comes to implementing slick phishing attacks. Developing advanced phishing techniques to lure victims. Rocket Kitten successfully attacks university website.

Phishing 98

Phishing Authentication Social Engineering Government 98

Security Boulevard

MAY 2, 2025

Specifically, CISA and USCG assessors had the most success gaining initial access, attaining network permanence, evading defenses and moving laterally by using valid accounts, phishing schemes and default credentials all simple attack methods. Enforce multi-factor authentication across all software development environments.

52

52

Security Boulevard

MARCH 21, 2025

To get more information, check out: The full Tenable Cloud AI Risk Report 2025 The webinar 2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud on April 17, 2025 at 2 pm EDT The video Why firms need exposure management for cloud security 2 - U.K.s

Risk 69

Risk IoT Cybersecurity Manufacturing 69

Duo's Security Blog

SEPTEMBER 1, 2023

We’ve been answering these questions in this blog series by unpacking the pros and cons of passkey technology from different authentication perspectives. Today, we’re focusing on how passkeys compare to passwords when it comes to authenticating on cloud sites. An alternate site cannot be substituted, mitigating the threat of phishing.

Passwords 69

Passwords Authentication Phishing Technology 69

Duo's Security Blog

OCTOBER 18, 2021

Recently, while co-hosting a webinar that kicked off Cybersecurity Awareness Month, a panelist commented that cybersecurity and privacy are team sports on a campus, much like our athletic teams. The use of phishing to take over user accounts as a first step to gain access to a campus for a ransomware attack has been making the headlines.

Insurance 97

Insurance Education Risk Cyber Insurance 97

CyberSecurity Insiders

APRIL 10, 2023

In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. Identity Verification and Validation: Users' and devices' identities should be confirmed and authenticated before granting access to systems and data.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

Security Boulevard

JULY 6, 2023

According to the 2023 ForgeRock Identity Breach Report , fraudsters are using generative AI to execute phishing emails, create malicious code, and deliver voice or video-based impersonation attacks, known as "deepfakes," that are becoming more frequent and more difficult for humans to detect.

Artificial Intelligence 105

Artificial Intelligence Passwords Authentication Accountability 105

Security Boulevard

JULY 20, 2023

AI can be used to monitor user behavior and make real-time decisions about whether to grant access or add step-up authentication if there is anything anomalous about the request (such as a login from an unusual timezone). If it detects a threat or anomalous behavior, its dashboard explains the decision in human-readable form. We should, too.

Artificial Intelligence 98

Artificial Intelligence Authentication Education Risk 98

Duo's Security Blog

SEPTEMBER 6, 2023

Be sure to tune into our webinar, The State of Passkeys in the Enterprise , on September 7th at 9am PST | 12pm EST. Passkeys on Cloud Platforms Passkeys have growing support from significant vendors. This enables client-side support for passkey authentication.

Passwords 105

Passwords Password Management Authentication Threat Detection 105

Duo's Security Blog

MARCH 9, 2022

Together these practices — which include multi-factor authentication (MFA), restricting administrative privileges and daily backups — provide a clear framework for businesses anywhere that are looking to improve their foundational security footing , as we’ve previously noted on the Duo Blog.

Cybersecurity 98

Cybersecurity Passwords Authentication VPN 98

Duo's Security Blog

NOVEMBER 6, 2023

Passwords that are easily detectable or reused often are vulnerable to phishing attacks. It’s also the foundation for a passwordless future, powering-up phishing resistance and user experience to defend against attackers. Today, compromised credentials are growing as one of the most common causes of data breaches.

Passwords 83

Passwords Authentication Risk Technology 83

Security Boulevard

FEBRUARY 14, 2022

During just the past few years, the number of breaches, phishing attacks, fraud, and ransomware has reached new heights. And 61% of all data breaches are the result of schemes, such as phishing, that steal login credentials 6. Learn More In Our Webinar. To learn more, attend our ForgeRock and Accenture webinar.

Passwords 97

Passwords Retail Digital transformation Risk 97

Duo's Security Blog

FEBRUARY 6, 2024

Addressing identity-based attacks Duo has made a number of significant investments in identity security over the last several years with the release of Duo’s Trust Monitor, Duo’s Risk-Based Authentication, and moving Duo’s Trusted Endpoints feature into Duo’s Essentials edition. Stay tuned!

Accountability 119

Accountability Authentication Risk Marketing 119

Security Boulevard

JULY 21, 2023

Prevention Prevention starts with some basic security hygiene of your IAM infrastructure, like ensuring that your users always use multi-factor authentication (MFA) for any systems that need passwords, go passwordless for all modern applications that can support it, and leverage continuous authorization to ensure IAM infrastructure security.

Threat Detection 98

Threat Detection Passwords Authentication Accountability 98

NopSec

FEBRUARY 15, 2017

Do you feel confident that everyone in your organization could identify a phishing email that contained ransomware? What if the recipient is in a hurry and under a lot of stress – will they be aware of how sophisticated and authentic-looking a well-crafted whaling attack can be?

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

Security Boulevard

APRIL 30, 2021

Conventional enterprise security strategies are built on an authentication/authorization model, network checkpoints and sandboxes that sample or inspect moving packets across the network. Webinar: Defending Against Nation-State Attacks: Breaking the Kill Chain. Webinar: SolarWinds CSI: Re-creating the SolarWinds Attack. .

Firewall 105

Firewall Security Defenses Cyber Attacks Technology 105

Security Boulevard

MARCH 19, 2021

These detect phishing emails and remove threats from messages, documents and other files and disable any URLs before they even enter the network, a process known as content sanitization. Blog: 2020 – A Transformation Year in Cybersecurity On-Demand Webinar: Is Your Remote Workforce a Top Security Risk? . Increased File Sharing.

Cybersecurity 119

Cybersecurity CISO Social Engineering Technology 119

Security Boulevard

SEPTEMBER 20, 2024

Specifically, CISA and USCG assessors had the most success gaining initial access, attaining network permanence, evading defenses and moving laterally by using valid accounts, phishing schemes and default credentials – all simple attack methods. Maintain a comprehensive asset inventory, and keep software updated and patched.

Cybersecurity 97

Cybersecurity IoT Hacking Risk 97

Cisco Security

AUGUST 26, 2021

Active Lock protects individual files by requiring step-up authentication until the threat is cleared. There are many options for step-up authentication, including Cisco Duo OTP and push notifications. Also have a look at a webinar recording about the D3E technology here. [2] Read more here. More details here. Read more here.

Technology 145

Technology Firewall VPN Authentication 145

Security Boulevard

OCTOBER 4, 2024

1 - CISA to promote MFA, software updates, phishing protection during Cybersecurity Awareness Month October has arrived, and with it Cybersecurity Awareness Month, now in its 21st year. Protect all accounts that offer multifactor authentication (MFA) with this security method. Keep all your software updated.

Cybersecurity 69

Cybersecurity CISO Ransomware Technology 69

eSecurity Planet

JUNE 21, 2024

5 Keeper, a low-cost password manager, highlights security with strong end-to-end encryption and authentication. Passwordless authentication: Accepts third-party passwordless authentication like QR codes, mobile authenticator apps, one-time passwords, and more. 5 Security: 4.6/5 5 Pricing: 3.6/5 5 Customer support: 3.9/5

Password Management 103

Password Management Passwords Encryption VPN 103