We have started to see a tag on several successful Duo user authentication events where it says "No secure factors registered". This is in bold, red text. I am not finding any information about this error / warning. Does anyone know what this means and if it is something to be concerned about?
Hi @billcon . That message means that the user who authenticated does not have any of what we consider a "secure factor" enrolled in Duo for authentication, like a WebAuthn security key or platform factor like Touch ID on a Mac, or a phone with Duo Mobile activated to respond to a verified Duo Push request.
It serves as a warning to you that if you were to enable risk-based factor selection in Duo those users who don't have a secure factor might find themselves unable to log in if they get put into a step-up authentication scenario.