New Duo Feature Guide: Strengthening Your Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a security tool used by various organizations to protect user credentials, or the username and password. MFA has been recommended, or required, by governments and has grown in popularity as a measure to quickly add a layer of security, especially if credentials are compromised as part of a phishing attack.
However, MFA has been in the news recently as attackers are finding new and creative ways to get around it. On the one hand, this means that MFA is such a common practice that attackers have had to get creative. On the other hand, it means that simply enabling MFA is not enough and organizations must follow secure MFA practices. Some examples of these attacks include one-time-passcodes intercepted by bad actors (MITRE ID T1111), adversaries registering a fraudulent device to a trusted account (MITRE ID T1098.005), or push phishing attacks that rely on a trusted user to grant access to an attacker (MITRE ID T1621).
What can organizations do?
There are best practices organizations should follow in order to make sure that MFA in their environment is secure against these new threats. As a first step, organizations need to modernize their authentication, moving away from RADIUS or LDAP protocols and moving towards SAML. Additionally, it is important to adopt FIDO2 compliant authentication, such as passwordless or security keys, wherever possible.
For Duo customers, we also recommend moving all authentications to the new Universal Prompt. The Universal Prompt unlocks important security measures that Duo is releasing to strengthen organizations against the new threat landscape.
New secure features
In addition to Duo’s new broader solutions, like Passwordless and Risk-Based Authentication, Duo has released a number of additional features that organizations can deploy today to better protect their users. These include the following updates:
Self-Service Portal: Step up authentication requirements for users when they are enrolling new devices
API for User Activity Logs: Stay on top of user device enrollment threats through Duo’s API solution
Enrollment Threat Detection: Use machine-learning to surface new enrollment threats that need the security team’s attention
Verified Duo Push: Require users to enter a code in the Duo mobile application to better protect against push phishing attacks
Policy Defaults: Duo has established new policy defaults based on research that enhance organizations’ secure access without adding unnecessary friction.
How to get started
For all new Duo customers, the Liftoff Guide walks through best practices of how to deploy and manage Duo. To highlight the newly available features, Duo has added the companion guide, New Duo Feature Guide: Strengthening Your MFA. This guide can walk customers through these new features and how to deploy and manage them.
Not a Duo customer but interested in trying out these features? Sign up for a free trial today to get started.