Duo's Security Blog

SEPTEMBER 6, 2023

But conventional protection solutions, like password security, fall short when it comes to efficacy. We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms.

Passwords 105

Passwords Password Management Authentication Threat Detection 105

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Cyber Risk 147

Cyber Risk Risk Financial Services Banking 147

Duo's Security Blog

JULY 1, 2021

Tall Tale #1: PINs Are Just Passwords In Part 1 , we talked about how passwordless authentication is still multi-factor: Possession of a private key, ideally stored on a piece of secure hardware A biometric or PIN the authenticator uses to locally verify the user’s identity Reasoning about a PIN being used as a factor is simpler than a biometric.

Passwords 98

Passwords Surveillance Authentication Risk 98

Duo's Security Blog

SEPTEMBER 4, 2023

And when it comes to managing access for this plethora of devices, password security just isn’t cutting it anymore. In our recent passkey blog series , we’ve been unpacking the difference between new passkey technology and more conventional password security in light of some of the most critical authentication scenarios.

Passwords 81

Passwords Authentication Accountability Password Management 81

Duo's Security Blog

FEBRUARY 11, 2022

To help you make the most of this new offering, Duo Product Manager Chris Demundo and Product Marketing Manager Ted Kietzman recently hosted the webinar Ask Us Anything: Passwordless Tips & Tricks , answering passwordless questions crowdsourced from our Duo Community public forum. Our long-term goal is to bring them together.

Authentication 111

Authentication Passwords Mobile Risk 111

Thales Cloud Protection & Licensing

FEBRUARY 19, 2025

Go Beyond FIDO Standards: Best Practices When Deploying FIDO Security Keys in Enterprise madhav Thu, 02/20/2025 - 06:22 Initially designed for the consumer market, the FIDO (Fast IDentity Online) standard aims to replace passwords with more secure authentication methods for online services. While recent versions, like FIDO2.1,

Authentication 71

Authentication Passwords Marketing Risk 71

Duo's Security Blog

OCTOBER 18, 2022

By this point, we’re all familiar with the list of requirements for a strong password: unique, long, memorable, free from any personal information… But even the strongest passwords can pose a risk if they’re the only thing standing between your users and enterprise content.

Insurance 64

Insurance Passwords Cyber Insurance Authentication 64

Duo's Security Blog

SEPTEMBER 1, 2023

Nobody likes passwords. And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security? And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security?

Passwords 69

Passwords Authentication Phishing Technology 69

Thales Cloud Protection & Licensing

DECEMBER 2, 2021

This is because remote work disperses employees, increases the threat landscape and the inherent business risk. To reduce the overall risk, organizations are investing in access security. Many businesses are still relying on single factor, insecure passwords, that are a source of increased risks.

Authentication 125

Authentication Passwords Risk Mobile 125

Duo's Security Blog

SEPTEMBER 16, 2021

With MFA in place, you can reduce your reliance on passwords and modify password policies to require less frequent resets, alleviating help desk burden and reducing user frustration. Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales See the video at the blog post.

Authentication 128

Authentication Passwords Phishing CISO 128

Duo's Security Blog

OCTOBER 6, 2023

To achieve more resilience in this heightened risk environment, stepping up zero trust maturity is essential. In other words, it’s not just about implementing MFA to verify user trust, it’s about using phishing-resistant MFA with risk-based authentication , device posture checks and other security controls.

Authentication 144

Authentication Risk Social Engineering InfoSec 144

Duo's Security Blog

JANUARY 14, 2025

Hes asking if you can help him with a password reset and hes calling from a recognized numberdo you trust it? Preventing Helpdesk Phishing with Duo and Traceless Webinar Helpdesk impersonation is a big concern today, with MSPs contending with fraudulent attempts from attackers pretending to be clients. How can Duo MSP help?

Phishing 111

Phishing Technology Scams Cybercrime 111

Duo's Security Blog

OCTOBER 11, 2023

To learn more about how Duo’s access management trifecta empowers you to authenticate further and defend faster, be sure to tune into our webinar Authenticate Further, Defend Faster with Higher Security from Duo. Forget coming up with a password that will eventually, inevitably find its way onto the dark web. Talk about a team up!

Authentication 126

Authentication Risk Technology Phishing 126

Duo's Security Blog

APRIL 23, 2025

To stay protected, you need to increase the effectiveness of your MFA with powerful next-generation capabilities such as passwordless, risk-based authentication, adaptive access policies, and identity visibility tools. You can also watch our on-demand webinar, Get Defensive With Your MFA , as well. Moving to the cloud?

Authentication 59

Authentication Risk Social Engineering Accountability 59

Duo's Security Blog

NOVEMBER 20, 2023

Security professionals agree that passwords are low hanging fruit for cybercriminals and can even be the keys to the kingdom when the compromised passwords belong to privileged accounts. Add to this, the risks of weak authentication factors such as SMS one-time passcodes and dormant or inactive accounts.

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

Security Boulevard

FEBRUARY 14, 2022

How Enterprise Customer Identity Helps You Make Money, Slash Costs, and Reduce Risk. Here are four reasons why investing in great customer experiences with ForgeRock's enterprise CIAM will help your organization make money, slash costs, and reduce risk. Reduced Risk. ForgeRock also reduces risk with Zero Trust security.

Passwords 97

Passwords Retail Digital transformation Risk 97

Duo's Security Blog

JULY 6, 2023

The study also covered multi-factor authentication, identity protections, identity risks and identity vulnerabilities experienced. Some companies don’t have budget to implement MFA, they don’t have the skills to implement it, or the solution is too complex and it negatively affects user productivity.

Authentication 100

Authentication Passwords Risk Technology 100

Malwarebytes

APRIL 2, 2023

Last week on Malwarebytes Labs: Solving the password’s hardest problem with passkeys, featuring Anna Pobletts Food giant Dole reveals more about ransomware attack Bogus Chat GPT extension takes over Facebook accounts Ransomware gunning for transport sector's OT systems next GitHub accidentally exposes RSA SSH key ChatGPT helps both criminals (..)

Backups 91

Backups DDOS Ransomware Cyber threats 91

Security Boulevard

JULY 21, 2023

This is why it's critical to secure your user identities and passwords and the IAM services that manage them. By providing visibility into attack paths, it helps to mitigate these risks. Passwordless : Passwords are typically the weakest link in any organization's security apparatus.

Threat Detection 98

Threat Detection Passwords Authentication Accountability 98

Security Boulevard

SEPTEMBER 20, 2024

That’s according to “ CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments, ” a report about the risk and vulnerability assessments (RVAs) conducted by the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Replace default passwords with strong passwords. Coast Guard (USCG).

Cybersecurity 97

Cybersecurity IoT Hacking Risk 97

Duo's Security Blog

MARCH 9, 2022

The Australian government is urging companies in the region to adopt strong cybersecurity practices due to increased global risk stemming from the conflict in Ukraine. Firewall status, drive encryption status, password status and whether an antivirus or anti-malware agent is running can all contribute to improved security resilience.

Cybersecurity 98

Cybersecurity Passwords Authentication VPN 98

Duo's Security Blog

NOVEMBER 6, 2023

Passwords that are easily detectable or reused often are vulnerable to phishing attacks. A smart user, when faced with the risk of stolen credentials, knows better than to face this threat alone. This lowers the number of passwords users must remember (or re-use, as is often the case).

Passwords 83

Passwords Authentication Risk Technology 83

Security Boulevard

JULY 6, 2023

It's no secret that the bad guys are training their artificial intelligence (AI) engines to crack passwords, perform account takeovers (ATO), and automate their ransomware demands. In fact, they are using AI to not only predict your users' current passwords. Mind blown! We typically know the location of the legitimate user.

Artificial Intelligence 105

Artificial Intelligence Passwords Authentication Accountability 105

Security Boulevard

NOVEMBER 21, 2024

shines a bright light on the risks organizations face if their identity and access management (IAM) system is targeted by cyberattackers. Point-in-time scans risk missing active threats like Kerberoasting , DCSync and password spraying — techniques that cyberattackers can execute repeatedly to evade periodic checks.

Risk 102

Risk Accountability Passwords Authentication 102

NopSec

JULY 25, 2017

Make sure your business email password is “Password123.” Penetration Testing is the active exploitation of risk in applications, network devices, and systems. As it happens, the easiest way to actively exploit a system is to have the password or key. Starting with password guessing. So how do you get a user list?

Passwords 40

Passwords Penetration Testing Phishing Accountability 40

Cisco Security

FEBRUARY 14, 2022

That brings up an even higher level of risk. Firms need to ensure seamless remote collaboration, mitigate risk to the network, employees and data, and protect themselves from COVID exposed weaknesses to operations that may have been overlooked previously. Is that because users think that password is secure?

Passwords 128

Passwords Technology Government CISO 128

SecureWorld News

SEPTEMBER 29, 2020

Unwitting employees of the agencies visited the fake web pages and provided their e-mail account usernames and passwords. The ring employed 'phishing' attacks, which used fraudulent e-mails and websites that mimicked the legitimate e-mails and web pages of U.S. government agencies including the U.S. Environmental Protection Agency.

Phishing 96

Phishing Government Cyber Risk Cybercrime 96

CyberSecurity Insiders

APRIL 10, 2023

In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. Thus, a robust identity security framework is essential to safeguard against these risks and ensure the protection of personal information.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

Duo's Security Blog

AUGUST 25, 2021

If the computer required a password, I needed to go around the classroom and enter the password on each computer, because teachers weren’t allowed to share the credentials with students. And you might not realize that there were few, if any, security measures in place to ensure that students were not risking their own data and privacy.

Cybersecurity 93

Cybersecurity Passwords Technology Data breaches 93

Security Affairs

OCTOBER 5, 2023

Researcher discovered that global B2B CRM provider Really Simple Systems exposed online a non-password-protected database with million records. Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 3 million records.

Data breaches 133

Data breaches B2B Education Risk 133

Duo's Security Blog

SEPTEMBER 30, 2022

If you are not sure what the new security requirements are or if they affect your business or organization, don’t worry – we put together a webinar to help answer those questions. Watch the FTC Safeguards Rule Webinar. The definition of financial institutions includes non-financial institutions. Try Duo for free!

Cybersecurity 94

Cybersecurity Authentication CISO Healthcare 94

Duo's Security Blog

JULY 15, 2021

Yes, it’s a password-less authentication method, greatly streamlining the login experience, and while that’s a great incentive to use passwordless for logging in, it’s not an improvement in authentication security in and of itself. That isn’t to say that every password-less solution needs to be phish-proof.

Phishing 105

Phishing Authentication Passwords Risk 105

Duo's Security Blog

FEBRUARY 6, 2024

Traditionally, credentials (such as usernames, passwords or security tokens) have been the gatekeepers of access. Reducing the risk of identity-based attacks Picture a scenario where an attacker acquires a list of dormant accounts, performs credential-stuffing, and gets the necessary credentials to log-in. Stay tuned!

Accountability 119

Accountability Authentication Risk Marketing 119

Responsible Cyber

MARCH 2, 2025

As businesses increasingly rely on cloud platforms and applications for collaboration, productivity, and operations, understanding their security features is criticalespecially when managing subscriptions to mitigate risks like Shadow IT, Shadow AI, and cybersecurity vulnerabilities. Its ease of use, secure sharing options (e.g.,

Education 40

Education Marketing Encryption Threat Detection 40

Jane Frankland

OCTOBER 17, 2023

By implementing secure browsing practices, ITDMs can significantly reduce the risk of unauthorised access to sensitive data and protect their organisation’s assets. Then there’s the promise of free content, software, and products; and using unsecured public wi-fi networks, or weak passwords.

Security Awareness 124

Security Awareness Education Cybersecurity Data breaches 124

Security Boulevard

OCTOBER 4, 2024

Specifically, they’re encouraging people to: Boost their password usage by using strong passwords , which are long, random and unique, and using a password manager to generate and store them. In the U.S., Protect all accounts that offer multifactor authentication (MFA) with this security method. “Our Source: “Oh, Behave!

Cybersecurity 69

Cybersecurity CISO Ransomware Technology 69

Webroot

FEBRUARY 5, 2025

Major companies like Apple, Google, and Microsoft are rolling out passkeys as a replacement for passwords, promising both enhanced security and a smoother user experience. With Password Day coming up this Saturday, it’s the perfect time to discuss the future of authentication.

Authentication 60

Authentication Password Management Passwords Backups 60