Other Topics - Duo Security

There’s a new, sneaky brute-force attack targeting enterprise Office 365 customers, according to a new report from cloud access security broker Skyhigh Networks. Dubbed KnockKnock, the attacks use existing corporate credentials and public cloud tenan...

Duo supports many authentication methods, but we highly recommend Duo Push because it’s fast, convenient, secure, and comes without any additional telephony or hardware costs to your organization. We’ve produced several different kinds of content to ...

Today, we are excited to announce that Duo will be offering native multi-factor authentication within Azure AD. This means that organizations can now select Duo as their preferred authentication and access management provider for users accessing clou...

In keeping with Duo.com’s redesign in 2016, the Duo Admin Panel is planned to receive a new look in October. These updates include improvements to the color palette, primary and secondary navigation, simplification of iconography, text alignment, and...

In a new blog post, Duo Senior Security Researcher Mark Loveless provides an analysis of the recent BlueBorne vulnerability and its associated security risks, including details on the likelihood of an attack, how to mitigate risk, and more. Check it ...

When attacks on hardware erode the trust we in the software world place on it, new challenges arise that can’t be solved simply by using signature-based detection. In his latest blog post, Senior R&D Engineer Kyle Lady discusses some of the talks r...

Authored by Duo’s Principal Security Strategist, Wendy Nather, our latest blog explains the concept of “security anthropology” - the idea of researching and creating personas for organizations to better understand how they approach security. While ma...

NIST released new standards for password security in June in their final version of the SP 600-83 docs. Federal agencies and contractors use NIST’s standards as guidelines on how to secure digital identities. In 2003, NIST manager Bill Burr made up t...

Hi there! A lot of the Duo Labs team were in Las Vegas for BSidesLV, Black Hat, and DEF CON, and as a part of my visit I took pictures of rather poor examples of OPSEC. I gathered about half the pictures into a short blog where I talk about OPSEC dur...

This blog published yesterday by Duo’s Ian Sharpe covers how to implement technical, Duo policy-driven controls to support and secure a bring-your-own-device (BYOD) policy at an organization. Check it out on the Duo blog here.

Three years ago, Duo’s Information Security Journalist, Thu Pham, wrote about the different criteria to consider when choosing a modern two-factor authentication (2FA) solution, in What to Look for in a Modern Two-Factor Authentication Solution. But ...

Technology moves fast - the guidelines for securing “digital identities” is already four years old; old enough to be replaced by the National Institute of Science and Technology (NIST). The new, final Special Publication (SP) 800-63-3 was released at...

Hi I’m fresh from Clef so still learning about Duo. Is there any point to having Limit Login Attempts as well as Duo (WordPress)

In part 2 of our series on moving beyond the perimeter (read part 1 here), Duo’s Principal Security Strategist Wendy Nather explains how you can build a new security model within your organization. She covers: Enrolling users/endpoints into inventori...

In Duo’s latest white paper, Principal Security Strategist Wendy Nather explains the theory behind Google’s BeyondCorp security model, the different components required and the overall security architecture. This white paper is part 1 of 2 in the Mov...