Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1172
Views
0
Helpful
1
Replies

Feature Suggestion | Security Scorecard

john.lockie
Level 1
Level 1

‎08-10-2018 04:14 PM

It would be awesome if you had a report of effective access or configuration for architects/auditors to review. For example, it would be awesome if you could point out weak configs that could expose people to thinks like “self enrollment” feature given to users in the New User Policy. it’s not clear to most people that if you choose to deny access for new users, and happen to leverage the authorized networks option while failing to select the box “require enrollment from these networks” (maybe because this is not a very understood setting) that you have exposed your Duo to miscreants enrolling 2FA devices with a phished account. I think these riskier features should be called out for the user base, who might have a false sense of security because “hey…we are running Duo 2FA”. Microsoft does something similar for Azure clients (Security Scorecard).

0 Helpful
1 Reply 1

mkorovesisduo
Level 4
Level 4

‎08-13-2018 06:02 AM

Thanks for the suggestion. I’ll pass that along to our team.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents