08-05-2019 07:34 AM
I have Duo Security set up with Windows Remote Desktop so that when I RDP to my Windows 10 machine, I get a Duo Security alert that is needed to log in.
However I have discovered that if I cancel the Duo Popup on my Windows PC, at the bottom Left corner of the Windows Login screen, there are two rectangular boxes for my userid. If I click on the second one, it wants me to authenticate via Due Security but if I click on the first one, I can simply bypass Duo Security and log in without Duo requiring me to authenticate via MFA!
I can’t believe it would be so easy to work around Duo Security. Is there a way I can stop that first login option from appearing so that Duo can’t be bypassed?
08-05-2019 11:25 AM
I am thinking this may related to the issue mentioned here
Duo Authentication for Windows Logon and RDP: FAQ | Duo Security?
08-05-2019 12:01 PM
@BMG4ME That is a possibility if you are using Microsoft LiveId/Account. Additionally there are a number of other scenarios we have documented here: https://help.duo.com/s/article/4341?language=en_US
08-11-2019 08:52 PM
I think I may have found another one which I really would rather discuss privately.
08-12-2019 10:06 AM
If that’s the case I would suggest engaging our Security Response guidance found here: Security Response | Duo Security.
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: