#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #exploit #cloud #phishing #ransomware #authentication #breach #supply-chain
Articles tagged with: #mfa Clear filter
Essential 8 (Maturity 1) - MFA "remember device" for customers + daily vuln scanning for hosted website (seeking audit experiences)

Essential 8 (Maturity 1) - MFA "remember device" for customers + daily vuln scanning for hosted website (seeking audit experiences)

cybersecurity www.reddit.com

Hi all - we're a small NGO (~25 staff) working through Essential 8 Maturity Level 1 . Most controls are in good shape, but we're hitting confusion in two areas and would love real-world audit experiences and how you tackled them. 1) MFA for customers on our online services (e.g., discussion forum) We enforce MFA everywhere for admins and VPN/remote access (every login, no bypass). For customers using our forum, we're balancing usability: Q1. In your audits, did assessors require MFA to fire...

#mfa
Is MFA alone sufficient for securing access to SaaS on personal mobile devices without MDM?

Is MFA alone sufficient for securing access to SaaS on personal mobile devices without MDM?

cybersecurity www.reddit.com

Hi everyone. I'd like to get some insights on best practices for security. Here's the situation: Our staff accesses SaaS using personal mobile devices. We currently do not have Mobile Device Management implemented. Due to the nature of personal devices, enforcing IP whitelisting is not feasible as users connect from various networks. We have only enabled Multi-Factor Authentication (MFA) as a security measure. Given these factors, do you think MFA alone provides sufficient protection against...

#authentication #mfa
How to Build a Secure iOS App with MFA

How to Build a Secure iOS App with MFA

Okta Developer developer.okta.com

Modern mobile applications require robust security solutions, especially when handling sensitive user data or enterprise-level access. Okta offers a powerful identity platform, and with the BrowserSignIn module from its Swift SDK, adding secure login to your iOS app becomes scalable and straightforward. In this post, you'll learn how to: Set up your Okta developer account Configure your iOS app for authentication using best practices Customize the authentication experience with MFA policies...

#security-tools #authentication #mfa #identity
Does VPN SSO with Windows Hello for Business satisfy MFA requirements?

Does VPN SSO with Windows Hello for Business satisfy MFA requirements?

cybersecurity www.reddit.com

I'm thing about moving our remote access from RADIUS app-based 2FA to SAML Single Sign-On (SSO) on our firewall VPN. All users sign into Microsoft Entra ID - joined laptops with Windows Hello for Business (WHfB) (PIN, fingerprint, or facial recognition). Since WHfB uses a TPM-bound key on the device (something you have) plus PIN/biometric (something you know/are), Microsoft recognizes it as MFA. When the VPN connection is made via SAML SSO, Entra ID passes the MFA claim into the VPN session....

#mfa #2fa #saml #sso
Keeping an Eye on MFA-Bombing Attacks, (Mon, Aug 18th)

Keeping an Eye on MFA-Bombing Attacks, (Mon, Aug 18th)

SANS Internet Storm Center, InfoCON: green isc.sans.edu

I recently woke up (as one does each day, hopefully) and saw a few Microsoft MFA prompts had pinged me overnight. Since I had just awakened, I just deleted them, then two minutes later clued in - this means that one of my passwords was compromised, and I had no idea which site the compromised creds were for.

#mfa
Infocon: green

Infocon: green

SANS Internet Storm Center, InfoCON: green isc.sans.edu

ISC Stormcast For Friday, August 15th, 2025 https://isc.sans.edu/podcastdetail/9572

#mfa