Overview of Verified Push and Push Harassment Scenarios:
The Verified Push feature in Duo enhances security by requiring users to input a code displayed on their access device into the Duo Mobile app. This ensures that only the legitimate user can approve authentication requests, mitigating risks such as push harassment and fatigue attacks. In a push harassment scenario, attackers send repeated fraudulent push notifications to a user's device, attempting to exploit user fatigue or inattention to gain unauthorized access. If multiple pushes are denied or ignored, Duo automatically escalates to Verified Push mode, requiring the user to enter a code to authenticate, ensuring the legitimacy of the login attempt.
Key Features of Verified Push:
Enhanced Security: Prevents accidental approvals by requiring a code entry.
Mitigation of Push Harassment: Automatically escalates to Verified Push mode after multiple ignored or denied pushes.
User-Friendly: Balances security with usability by only stepping up authentication when necessary 3.
How Verified Push Works in Push Harassment Scenarios:
Initial Push Requests: If a user receives multiple fraudulent push notifications and denies or ignores them, Duo flags the activity as suspicious.
Escalation to Verified Push: The system requires the user to input a code displayed on their access device into the Duo Mobile app.
Authentication Assurance: This additional step ensures that only the legitimate user can complete the authentication process, blocking unauthorized access attempts.
For more details on Verified Push and its role in mitigating push harassment, refer to the Duo Authentication FAQs and Cisco Duo Identity TDM.
Overview of Wi-Fi Fingerprint in Risk-Based Authentication:
The Wi-Fi Fingerprint feature in Duo's Risk-Based Authentication enhances security by evaluating surrounding Wi-Fi networks to determine if a user’s location has changed. This approach reduces reliance on IP addresses, which can be noisy or masked by VPNs, and ensures a seamless user experience by minimizing false positives. By using anonymized Wi-Fi network information, Duo can validate that a user remains in a familiar location, even if their IP address changes, such as during a VPN login. This prevents unnecessary authentication friction while maintaining robust security.
Key Benefits of Wi-Fi Fingerprint:
Enhanced Security: Reduces reliance on IP addresses by using Wi-Fi network data to validate user location.
Improved User Experience: Avoids unnecessary authentication steps when users connect from familiar Wi-Fi networks.
Privacy Protection: Uses anonymized Wi-Fi data, ensuring user privacy while maintaining security.
How Wi-Fi Fingerprint Works:
Signal Collection: Duo scans nearby Wi-Fi networks (SSIDs/BSSIDs) and hashes them into a unique Wi-Fi fingerprint.
Risk Assessment: If the Wi-Fi fingerprint matches a previously recognized location, the login is trusted, even if the IP address changes.
Frictionless Authentication: Users can log in without additional verification, ensuring a smooth experience.
The Future of Identity Verification: Passwordless Authentication
Passwords are a significant security challenge—they are often forgotten, reused, or compromised. Cisco Duo is paving the way for a passwordless future, starting with multi-factor authentication (MFA) as the foundation. By leveraging long-lived sessions and strong MFA, organizations can introduce users to a passwordless experience through single sign-on (SSO) workflows. Duo's passwordless solution uses WebAuthn to enable secure logins via biometrics, security keys, or Duo Mobile, eliminating the need for traditional password.
Key Features of Duo Passwordless Authentication
Enhanced Security: Combines biometrics, security keys, and device health checks to ensure trusted authentication
Frictionless Usability: Simplifies login processes with options like Touch ID, Face ID, and FIDO2 security keys
Holistic Security: Integrates seamlessly with existing MFA and SSO solutions to maintain robust security without creating gaps
Reference Document Links:
Duo Authentication FAQs
Cisco Duo Identity TDM
What is Two-Factor Authentication?
... View more
