10-30-2018 09:24 AM
Can anyone provide any guidance regarding the ability to perform 2FA Push notification Phishing Exercises to train users on approving random Push notification requests? Can this kind of exercise be achieved via an API or within the DUO admin console directly? Does anyone perform this or similar efforts to improve their security posture and what metrics can be pulled to show testing trends?
10-31-2018 04:55 AM
I know that you can send a Push to a user’s mobile device from the user page at the top right, by clicking “Send Duo Push”, although this will display on their device as a “Support request.” You will have to wait on that page to see if the individual user accepts or denies. There is a API endpoint for sending support pushes, I assume you could develop a script to do this en masse.
08-10-2020 05:56 PM
Is there at least any training material for this. We’ve had a user fall victim to getting their password compromised, then they approved the requests
08-11-2020 10:28 AM
Hi Les, thanks for this feedback and sorry to hear about your user. What kind of training material are you looking for?
Just so you’re aware, our end-user guide includes the step “If you get a login request that you weren’t expecting, press Deny to reject the request. You’ll be given the ability to report it as fraudulent, or you can tap It was a mistake to deny the request without reporting it” at both https://guide.duo.com/iphone and https://guide.duo.com/android
We also have this very short video that demonstrates accepting and rejecting pushes in different scenarios: https://www.youtube.com/watch?v=rv12VryxlcE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide