Skip navigation
Banner image that combines the Marvels logo with the Duo logo
Product & Engineering

The Access Management Trifecta That Helps You Protect Your Resources

What do a super-powered girl from Jersey City, a S.A.B.E.R. agent-turned Super Hero and a cosmically powered former fighter pilot have in common? Maybe not much at first glance. But when their homes are threatened, Ms. Marvel, Captain Monica Rambeau and Captain Marvel team up to protect the people and places they love.

Just like the epic team up seen in Marvel Studios’ The Marvels, Duo’s trio of access management has features that empower you to protect the resources that matter most. Whether you’re facing credential theft, MFA bypass attacks or weak third-party security, Duo gives you the power you need to stop attackers in their tracks.

To learn more about how Duo’s access management trifecta empowers you to authenticate further and defend faster, be sure to tune into our webinar Authenticate Further, Defend Faster with Higher Security from Duo. Attendees will receive limited-edition sunglasses to fight cyberthreats in style.*

And be sure to catch all the action in Marvel Studios’ The Marvels, only in theaters November 10th!

Defending against credential theft with SSO

Did you know that according to an F5 Labs report, more than 11.5 billion credentials were leaked between 2016 and 2020? Yes, that’s billion with a b. Credential theft is so common that attackers don’t even necessarily need to obtain credentials themselves. Though some attackers still do put the legwork into obtaining credentials through phishing campaigns, brute force attacks or other means, many more simply purchase compromised credentials off the dark web.

And once they’re purchased, it’s not that hard to put them to use.

How to defend against credential theft and credential stuffing with SSO

When it comes to credential theft, the threat is real. But much like Ms. Marvel, you’re not alone in facing it. Kamala Khan has encountered much in her Ms. Marvel adventures, but nothing could have prepared this small-town, teenaged hero to leave Jersey for a cosmic adventure of galactic proportions and team up with her idol, Captain Marvel, and Captain Monica Rambeau in which they become The Marvels!

Here to help you face credential thefts, there’s an equally potent cybersecurity tool at your disposal: single sign-on (SSO). Single sign-on connects users to multiple applications using only a single login, giving them access to all the resources they need while decreasing the number of passwords they need to create (or re-use). It combines simplicity with security, removing friction for users and reducing complexity for admins.

Laptop computer screen showing how Duo SSO connects users to multiple apps, including: 1Password, Amazon, Atlassian, box, etc.

Single sign-on is also one of the foundations for a passwordless future. Passwordless authentication describes a process of verifying your identity using methods like biometrics, security keys or specialized mobile apps. When connected to an SSO solution, passwordless technology removes credentials from the login process altogether.

Forget coming up with a password that will eventually, inevitably find its way onto the dark web. When your passwordless SSO solution is connected to, say, biometrics, your user can log on with their thumbprint.

Preventing MFA Bypass Attacks with stronger MFA

Of course, SSO isn’t the only tool in place to protect against stolen credentials. In fact, multi-factor authentication (MFA) has been the access security tool of choice for years now. It’s not hard to understand why. MFA excels at determining which logins are coming from legitimate users and which logins are actually coming from attackers.

Unfortunately, the growing popularity of MFA has naturally led to an evolution in attacks targeting this verification method. So now security teams find themselves in a pickle: How can they defend against attacks that bypass MFA?

Using strong MFA to protect against MFA bypass attacks

Captain Monica Rambeau's life changed course forever after the events of Marvel Studios’ WandaVision, when her exposure to reality altering energy imbued her with the power to perceive and manipulate all energy along the electromagnetic spectrum. Multi-factor authentication has evolved as well, and protecting against MFA bypass attacks requires implementing stronger authentication factors.

While MFA historically leveraged factors like SMS and email messages, phone calls, soft tokens and hardware tokens, we’ve seen attackers find ways to circumvent these methods. But there are stronger factors. Look for MFA technology that makes use of FIDO2-compliant authenticator options, like biometric-capable devices or FIDO2-capable security keys. MFA that leverages device-bound factors like Universal 2nd Factor (U2F) or Push are also more resistant to MFA bypass attacks.

Addressing weak third-party security with risk-based authentication

Together, MFA and SSO can protect you from stolen credentials and MFA bypass attacks. But what about when the threat comes from users outside of your organization? Perhaps you have a contractor who needs access to certain parts of your network. Or maybe you’ve partnered with a third-party service provider to manage part of your infrastructure, but you’re worried that their access leaves your sensitive data vulnerable to attackers.

Managing third-party risk is tricky, but not impossible. And the good news is that the same tools we already talked about – SSO and strong, phishing-resistant MFA – provide essential access management controls for both internal users and third parties. Talk about a team up! But if you want to take your third-party security to the next level, it might be worth adding a new super-powered hero to your team.

Introducing risk-based authentication

Carol Danvers’ mission to stop the Kree from using a new mysterious weapon to wreak havoc on the universe is complicated by the fact that she suddenly finds herself teamed up with Kamala Khan and Captain Monica Rambeau. And when you want to ensure you have the appropriate response to havoc-wreaking authentication risks facing your network, you can use risk-based authentication.

Risk-based authentication technology ensures that the most appropriate level of security is delivered to users across your network, all while minimizing friction. That’s because risk-based authentication works behind the scenes, evaluating risk signals and dynamically determining the most appropriate form of access security to deploy.

For example, a user operating from a trusted device connected to a familiar Wi-Fi network may only need to approve an MFA push. But a user operating from an unmanaged device in a unique location may require a stronger authentication method to access the resources they’ve been given permission to use. And if an access attempt mimics a known attack pattern – like a high volume of repeated push requests – then even stronger factors may be deployed or access may be blocked altogether.

Risk-based authentication is all about providing the appropriate security response to the situation. And when combined with strong MFA and SSO, this technology trifecta plays a pivotal role in protecting your network from all sorts of threats, including those posed by third parties.

The security team-up you need to protect your resources

We’re all about a good team up, whether it’s at the movies or in your security stack. Captain Marvel, Captain Monica Rambeau, and Ms. Marvel team up as a chase unfolds taking them from planet to planet, forcing them to work together in order to save the universe as they know it.

And when it comes to securing your environment, SSO, MFA and Risk-Based Authentication make the perfect combo. Tune into our webinar Authenticate Further, Defend Faster with Higher Security from Duo to learn more about how to use this trifecta to protect your environment. You can also check out our other Marvels posts to learn about how to use strong authentication to defend against modern threats.

And be sure to check out Marvel Studios’ The Marvels, only in theaters on November 10th!

*Only available in the US. While supplies last.