Duo's Security Blog

JULY 15, 2021

Yes, it’s a password-less authentication method, greatly streamlining the login experience, and while that’s a great incentive to use passwordless for logging in, it’s not an improvement in authentication security in and of itself. That isn’t to say that every password-less solution needs to be phish-proof.

Phishing 105

Phishing Authentication Passwords Risk 105

Duo's Security Blog

SEPTEMBER 16, 2021

With MFA in place, you can reduce your reliance on passwords and modify password policies to require less frequent resets, alleviating help desk burden and reducing user frustration. Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales See the video at the blog post.

Authentication 128

Authentication Passwords Phishing CISO 128

Duo's Security Blog

SEPTEMBER 1, 2023

Nobody likes passwords. And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security? And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security?

Passwords 69

Passwords Authentication Phishing Technology 69

Security Boulevard

APRIL 18, 2025

Also, find out what Tenable webinar attendees said about identity security. The Cyber Centre has also observed router compromises stemming from basic security mistakes, such as the use of default and weak passwords, and of default security settings. Check out NISTs effort to further mesh its privacy and cyber frameworks.

Risk 59

Risk Cybersecurity Data privacy Software 59

Duo's Security Blog

DECEMBER 19, 2024

Phishing is still one of the most common attack vectors, and the holidays provide an especially appealing time to launch an attack thats been supercharged by modern natural language processing models and novel QR codes. No industry is spared this phishing season, though some are targeted more often than others.

Phishing 64

Phishing Authentication Social Engineering Passwords 64

Security Affairs

MAY 8, 2020

Group-IB, a Singapore-based cybersecurity company, observed the growth of the lifespan of phishing attacks in the second half of 2019. Figure 1 The distribution of web-phishing among target categories . CERT-GIB’s findings indicate that phishing attack perpetrators have revised their so-called target pool. Target reshuffle.

Phishing 87

Phishing Spyware Banking Malware 87

Thales Cloud Protection & Licensing

FEBRUARY 19, 2025

Go Beyond FIDO Standards: Best Practices When Deploying FIDO Security Keys in Enterprise madhav Thu, 02/20/2025 - 06:22 Initially designed for the consumer market, the FIDO (Fast IDentity Online) standard aims to replace passwords with more secure authentication methods for online services. While recent versions, like FIDO2.1,

Authentication 71

Authentication Passwords Marketing Risk 71

Malwarebytes

APRIL 2, 2023

Apple fixes actively exploited vulnerability and introduces new features Steer clear of this EE phish that wants your card details 3 tips to raise your backup game 3 tips for creating backups your organization can rely on when ransomware strikes Stay safe!

Backups 89

Backups DDOS Ransomware Cyber threats 89

SecureWorld News

JULY 21, 2020

"It steals usernames and passwords for outgoing email servers. Combined, these tools create a virtually super-powered botnet that further reveal the importance of addressing phishing attacks. The path toward eradicating phishing schemes is far from clear, but SecureWorld has resources to make it clearer.

Phishing 83

Phishing Banking Passwords Authentication 83

Duo's Security Blog

OCTOBER 6, 2023

In other words, it’s not just about implementing MFA to verify user trust, it’s about using phishing-resistant MFA with risk-based authentication , device posture checks and other security controls. TL,DR: Check out our on-demand webinar Your Zero Trust Roadmap , where we outline the five key steps to secure user access to apps.

Authentication 144

Authentication Risk Social Engineering InfoSec 144

Security Affairs

FEBRUARY 7, 2020

. “ Certfa Lab has identified a new series of phishing attacks from the Charming Kitten 1 , the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. site domain where login credential details of his/her email such as the password and two factor authentication (2FA) code are requested.

Phishing 116

Phishing Advertising Malware Media 116

Duo's Security Blog

NOVEMBER 20, 2023

Security professionals agree that passwords are low hanging fruit for cybercriminals and can even be the keys to the kingdom when the compromised passwords belong to privileged accounts. According to a 2023 Cisco Duo sponsored survey , only 62% of organizations make MFA mandatory for their entire workforce.

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

SecureWorld News

SEPTEMBER 29, 2020

Office supply phishing cyberattack campaign. A federal judge just sentenced a Nigerian national to three years in prison for being part of a phishing ring that effectively stole office supplies so it could resell them. It turns out, cybercriminals would like that person's login credentials because they have value. government agencies.

Phishing 96

Phishing Government Cyber Risk Cybercrime 96

Security Boulevard

FEBRUARY 14, 2022

Customers end up calling help desks for multiple reasons, including to reset their passwords and manage their profile, privacy, and data sharing settings. For example, allowing customers to manage and reset their usernames and passwords alone can save enterprises millions of dollars annually. Learn More In Our Webinar.

Passwords 97

Passwords Retail Digital transformation Risk 97

Duo's Security Blog

OCTOBER 11, 2023

To learn more about how Duo’s access management trifecta empowers you to authenticate further and defend faster, be sure to tune into our webinar Authenticate Further, Defend Faster with Higher Security from Duo. Forget coming up with a password that will eventually, inevitably find its way onto the dark web. Talk about a team up!

Authentication 126

Authentication Risk Technology Phishing 126

Security Boulevard

JULY 6, 2023

It's no secret that the bad guys are training their artificial intelligence (AI) engines to crack passwords, perform account takeovers (ATO), and automate their ransomware demands. In fact, they are using AI to not only predict your users' current passwords. Mind blown! We typically know the location of the legitimate user.

Artificial Intelligence 105

Artificial Intelligence Passwords Authentication Accountability 105

Duo's Security Blog

JULY 6, 2023

The writing is certainly on the wall that username and password credentials are a menace to secure environments, and moving to strong authentication is the solution. There’s no time like the present for starting your passwordless journey Weak authentication with passwords and phishable MFA is putting enterprises at risk.

Authentication 100

Authentication Passwords Risk Technology 100

NopSec

JULY 25, 2017

Make sure your business email password is “Password123.” As it happens, the easiest way to actively exploit a system is to have the password or key. So how does an ethical hacker (and really, malicious ones, too) get a password or key? So how does an ethical hacker (and really, malicious ones, too) get a password or key?

Passwords 40

Passwords Penetration Testing Phishing Accountability 40

Duo's Security Blog

NOVEMBER 6, 2023

Passwords that are easily detectable or reused often are vulnerable to phishing attacks. This lowers the number of passwords users must remember (or re-use, as is often the case). It’s also the foundation for a passwordless future, powering-up phishing resistance and user experience to defend against attackers.

Passwords 83

Passwords Authentication Risk Technology 83

Duo's Security Blog

APRIL 23, 2025

New threat types such as push-bombing, social engineering, and spear phishing are forcing organizations to do more than rely on MFA alone. Duo passwordless reduces your reliance on passwords, improves user experience, reduces IT overhead, and strengthens security posture. Attacks have evolved. Pretty much any app you can think of.

Authentication 59

Authentication Risk Social Engineering Accountability 59

Duo's Security Blog

MARCH 9, 2022

Firewall status, drive encryption status, password status and whether an antivirus or anti-malware agent is running can all contribute to improved security resilience. Resources Webinar: Essential Eight - How Does Your Organization Rate? Solution Brief: Duo for Essential Eight Customer Story: Deakin University.

Cybersecurity 98

Cybersecurity Passwords Authentication VPN 98

Digital Shadows

AUGUST 17, 2021

What is Phish(ing)? But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. Why should I care about Phish? The reason why phishing is still reigning supreme?

Phishing 52

Phishing Accountability Social Engineering Mobile 52

eSecurity Planet

JUNE 21, 2024

Keeper and Dashlane are top password managers prioritizing multi-layered encryption systems for secure password sharing. Both password managers are suitable for small to large businesses. 5 Keeper, a low-cost password manager, highlights security with strong end-to-end encryption and authentication. user • Premium: $4.99/user

Password Management 103

Password Management Passwords Encryption VPN 103

Security Boulevard

SEPTEMBER 20, 2024

Specifically, CISA and USCG assessors had the most success gaining initial access, attaining network permanence, evading defenses and moving laterally by using valid accounts, phishing schemes and default credentials – all simple attack methods. Replace default passwords with strong passwords.

Cybersecurity 97

Cybersecurity IoT Hacking Risk 97

Security Boulevard

JULY 21, 2023

This is why it's critical to secure your user identities and passwords and the IAM services that manage them. For example, after entering a username and password or SSO credentials, a user may be required to accept a push notification from an authenticator app or enter a PIN sent to a personal device.

Threat Detection 98

Threat Detection Passwords Authentication Accountability 98

Thales Cloud Protection & Licensing

AUGUST 15, 2022

It’s no secret that passwords have become one of the weakest links in enterprise security. While password guessing and brute force attempts are still a risk, cybercriminals no longer need to go through the trouble. Passwordless authentication was developed to combat phishing attacks, a crucial risk that cannot be ignored.

Authentication 71

Authentication Phishing Passwords Risk 71

CyberSecurity Insiders

APRIL 10, 2023

In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. Why is identity management and security important in 2023? “In Batch training for the Identity Management key players.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

Webroot

FEBRUARY 5, 2025

Major companies like Apple, Google, and Microsoft are rolling out passkeys as a replacement for passwords, promising both enhanced security and a smoother user experience. With Password Day coming up this Saturday, it’s the perfect time to discuss the future of authentication.

Authentication 60

Authentication Password Management Passwords Backups 60

NopSec

FEBRUARY 15, 2017

Do you feel confident that everyone in your organization could identify a phishing email that contained ransomware? In today’s post, we share information with the goal that it will help everyone in your organization protect themselves from phishing attacks.

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

Duo's Security Blog

FEBRUARY 6, 2024

Traditionally, credentials (such as usernames, passwords or security tokens) have been the gatekeepers of access. This way, IT Administrators can quickly address any security gaps by migrating from weak authentication to strong, phishing-resistant, multi-factor passwordless deployments across a customer’s entire enterprise stack.

Accountability 119

Accountability Authentication Risk Marketing 119

Duo's Security Blog

MAY 6, 2024

The security industry has diligently battled compromised credentials, evolving from passwords to multifactor authentication (MFA) to passwordless — our most secure and phishing-resistant method to date — and one that is fully supported in Duo. Despite these advancements, we still see many identity-based breaches year over year.

Authentication 95

Authentication Accountability VPN Phishing 95

Security Boulevard

OCTOBER 4, 2024

1 - CISA to promote MFA, software updates, phishing protection during Cybersecurity Awareness Month October has arrived, and with it Cybersecurity Awareness Month, now in its 21st year. Learn how to spot phishing attempts made via email, text or voice calls. Dive into six things that are top of mind for the week ending Oct.

Cybersecurity 69

Cybersecurity CISO Ransomware Technology 69

Security Affairs

OCTOBER 5, 2023

Researcher discovered that global B2B CRM provider Really Simple Systems exposed online a non-password-protected database with million records. Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 3 million records.

Data breaches 131

Data breaches B2B Education Risk 131

Security Boulevard

MARCH 12, 2025

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 - 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings. Want to know more?

Passwords 52

Passwords Authentication Digital transformation Government 52

Jane Frankland

OCTOBER 17, 2023

Secure web browsing matters for ITDMs for several reasons: Protection against cyber threats: Secure web browsing acts as a vital defence mechanism against various cyber threats, such as malware infections, phishing attacks, and data breaches. Alternatively, reusing passwords, sharing passwords; and simply ignoring browser software updates.

Security Awareness 124

Security Awareness Education Cybersecurity Data breaches 124

Security Boulevard

APRIL 28, 2021

Networks can also be easily breached by social engineering, password theft, or tainted USBs, as in the Stuxnet attack. . . In later rounds, the Trojan spread through spear-phishing emails with malicious Excel or Word files. How the infection first started is uncertain, but the usual suspect of phishing is suspected.

Energy and Utilities 72

Energy and Utilities Malware DDOS Internet 72

Security Boulevard

APRIL 12, 2022

No more typing out usernames and thinking up passwords. Examples of self-service include managing login preferences and passwords, updating contact information, requesting specific support, and so on. Even with the convenience of social registration and self-service, managing usernames and passwords is a source of consumer frustration.

Healthcare 52

Healthcare Passwords Authentication CISO 52