No items found.
No items found.
Resources
Blog
Hacking Duo in Real Time
No items found.

Hacking Duo in Real Time

Written By
Published On
May 23, 2022

Transcript

This is Alice, she doesn’t know it yet, but she’s being phished. The link she clicked on looks just like her work login. So she proceeds as normal, entering her username and password.

However, she’s not the only one logged in to her account. She has unknowingly let in a bad actor with her. This is what the bad actor sees. In their software, we can see that even with Duo’s push 2FA, they were able to capture Alice’s login credentials with the phishing link.

But what if Alice had Beyond Identity? When she clicks on the bad link, it again takes her to a screen that looks just like her work login. Notice there is no password field, as Beyond Identity's frictionless MFA is completely passwordless. As Beyond Identity begins its authentication process, it checks for things like if antivirus software is installed, if the firewall is on, what operating system version the device is on, and other customizable risk policies that are configured in the admin console.

Noticing the bad link, Beyond Identity does not authenticate this device and prevents the login. From the bad actor’s point of view, you can see that they were unable to capture any of Alice’s credentials when she tried to login with Beyond Identity’s passwordless MFA.

All MFA’s are not created equal. Using Beyond Identity eliminates passwords and user friction providing the strongest, phishing-resistant MFA.

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Popular blogs
No items found.

Hacking Duo in Real Time

Download

Transcript

This is Alice, she doesn’t know it yet, but she’s being phished. The link she clicked on looks just like her work login. So she proceeds as normal, entering her username and password.

However, she’s not the only one logged in to her account. She has unknowingly let in a bad actor with her. This is what the bad actor sees. In their software, we can see that even with Duo’s push 2FA, they were able to capture Alice’s login credentials with the phishing link.

But what if Alice had Beyond Identity? When she clicks on the bad link, it again takes her to a screen that looks just like her work login. Notice there is no password field, as Beyond Identity's frictionless MFA is completely passwordless. As Beyond Identity begins its authentication process, it checks for things like if antivirus software is installed, if the firewall is on, what operating system version the device is on, and other customizable risk policies that are configured in the admin console.

Noticing the bad link, Beyond Identity does not authenticate this device and prevents the login. From the bad actor’s point of view, you can see that they were unable to capture any of Alice’s credentials when she tried to login with Beyond Identity’s passwordless MFA.

All MFA’s are not created equal. Using Beyond Identity eliminates passwords and user friction providing the strongest, phishing-resistant MFA.

Hacking Duo in Real Time

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Transcript

This is Alice, she doesn’t know it yet, but she’s being phished. The link she clicked on looks just like her work login. So she proceeds as normal, entering her username and password.

However, she’s not the only one logged in to her account. She has unknowingly let in a bad actor with her. This is what the bad actor sees. In their software, we can see that even with Duo’s push 2FA, they were able to capture Alice’s login credentials with the phishing link.

But what if Alice had Beyond Identity? When she clicks on the bad link, it again takes her to a screen that looks just like her work login. Notice there is no password field, as Beyond Identity's frictionless MFA is completely passwordless. As Beyond Identity begins its authentication process, it checks for things like if antivirus software is installed, if the firewall is on, what operating system version the device is on, and other customizable risk policies that are configured in the admin console.

Noticing the bad link, Beyond Identity does not authenticate this device and prevents the login. From the bad actor’s point of view, you can see that they were unable to capture any of Alice’s credentials when she tried to login with Beyond Identity’s passwordless MFA.

All MFA’s are not created equal. Using Beyond Identity eliminates passwords and user friction providing the strongest, phishing-resistant MFA.

Hacking Duo in Real Time

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Subscribe on SpotifySubscribe on Apple

Transcript

This is Alice, she doesn’t know it yet, but she’s being phished. The link she clicked on looks just like her work login. So she proceeds as normal, entering her username and password.

However, she’s not the only one logged in to her account. She has unknowingly let in a bad actor with her. This is what the bad actor sees. In their software, we can see that even with Duo’s push 2FA, they were able to capture Alice’s login credentials with the phishing link.

But what if Alice had Beyond Identity? When she clicks on the bad link, it again takes her to a screen that looks just like her work login. Notice there is no password field, as Beyond Identity's frictionless MFA is completely passwordless. As Beyond Identity begins its authentication process, it checks for things like if antivirus software is installed, if the firewall is on, what operating system version the device is on, and other customizable risk policies that are configured in the admin console.

Noticing the bad link, Beyond Identity does not authenticate this device and prevents the login. From the bad actor’s point of view, you can see that they were unable to capture any of Alice’s credentials when she tried to login with Beyond Identity’s passwordless MFA.

All MFA’s are not created equal. Using Beyond Identity eliminates passwords and user friction providing the strongest, phishing-resistant MFA.

Book

Hacking Duo in Real Time

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

Download the book

Download the book
suggested resources
Zero Trust
Passwordless
DevOps
CIAM
Workforce
Infographic
Secure Workforce
Thought Leadership
Product
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept