DUO Push Notifications Phishing Exercise


#1

Can anyone provide any guidance regarding the ability to perform 2FA Push notification Phishing Exercises to train users on approving random Push notification requests? Can this kind of exercise be achieved via an API or within the DUO admin console directly? Does anyone perform this or similar efforts to improve their security posture and what metrics can be pulled to show testing trends?


#2

I know that you can send a Push to a user’s mobile device from the user page at the top right, by clicking “Send Duo Push”, although this will display on their device as a “Support request.” You will have to wait on that page to see if the individual user accepts or denies. There is a API endpoint for sending support pushes, I assume you could develop a script to do this en masse.