What to Look for in a Modern Two-Factor Authentication Solution
Here are a few important qualities you should look for in a modern two-factor authentication solution, from cloud services to easy deployment and more.
Securing ERP (Enterprise Resource Planning) Software for Manufacturers
Within the complexity of the manufacturing industry exist many security threats, including threats to Internet/intranet communications, intellectual property, global supply chain, proprietary business data and more.
Two-Factor Authentication for Electronic Health Record (EHR) Apps
> The federally mandated switch from paper records to digital records has the healthcare industry transitioning to the widespread use of electronic health record systems (EHRs), but application security is still a concern.
Best of 2013: Duo Security’s Year of Excellence in InfoSec
As we ring in the new year, it’s the perfect time to take a look back at Duo Security’s most notable 2013 milestones. The following blogs chronicle one great year leading the information security industry, from finding fixes for major Android vulnerabilities to attending the top hacker conventions, to signing on a major social media giant, and more - we’d like to give three cheers to our awesome year in 2013, and here’s to many more!
Mitigating Credential-Stealing Malware with Two-Factor Authentication
Learn how you can mitigate credential-stealing malware and protect yourself from all kinds of information security threats.
Password Palpitations — The Ongoing Threat of LM Hashing
How do we protect sensitive information from prying eyes on our computers and networks? The simple answer is to deploy controls to monitor and restrict the transfer or viewing of sensitive data on those shared resources.
Why 2 Factor Authentication Hinges on the User Experience
With Twitter’s recent move to “push” and public-key cryptography, we and many others were glad to see them move away from SMS-only 2 factor authentication. Not only did they add better security, but they are also providing their users with a much more appealing experience.
Beyond the Vulnerabilities of the Application Specific Password: Exploiting Google Chrome’s OAuth2 Tokens
Earlier this year, we wrote about how any Google Application Specific Password (ASP) could be used to bypass 2-Step Verification. Although Google issued a fix to prevent account compromise, your ASPs can still be used to do almost anything else with your Google account.
Penetration Testing and Two Factor Authentication
> In the world of security assessments, penetration testing often stands out as "the service I need to have done" when businesses are desiring to seek out a third-party evaluation of their security posture. However, there can be a large gap between the reality of penetration testing versus what a company actually needs to have done.
Spear Phishing: How Attackers Use Email to Steal Privileged Information, Install Malware & Make Your Life Miserable
Just like real fishing, criminals engaged in phishing dangle tempting bait in front of users in the hope that they can lure them into revealing their login credentials. If you have an email account, you’ve received at least one real looking email, seemingly from a financial institution like a bank or Paypal, asking you to provide your user name, password, or social security number.