2023 So Far: Specops Authentication Platform Improvements

MFA Fatigue Attack Improvements, Immediate password sync for hybrid resets & more

Specops Authentication is our platform that secures self-service key recovery and password resets, changes and account unlocks with multi-factor authentication (MFA), via self-service and/or at the IT service desk. The platform powers products like Specops uReset, Specops Secure Service Desk and Specops Key Recovery.

We’ve released a lot for our Specops Authentication platform since the start of the year. We’ve added new identity service options for MFA, MFA fatigue attack improvements, drastically improved the password sync time at reset for hybrid environments and more.

Let’s take a look at some highlights of what we’ve released so far in 2023.

MFA Fatigue Attack Protections

With many organizations interested in increasing defenses against MFA fatigue attacks (“MFA prompt bombing”), our team continues to improve options for customers looking to carry these defenses to Specops Authentication.

New Support for Duo Verified Push

Duo customers looking to extend the MFA fatigue attack defenses built into Duo Verified Push can now extend those defenses to their Specops Authentication products. This year we’ve added support for the Duo OpenID Connect integration which includes support for Duo Verified Push and more.

Duo customers interested in protecting against MFA push spam attacks will find this extension of Duo Verified Push to password reset MFA especially helpful. Duo customers can read more about configuring this here.

Globally Disable Specops Fingerprint push notifications

End users can’t be fatigued by push notifications if the push notifications are not available in their MFA app. Customers who use Specops Fingerprint as an MFA factor can now globally disable push notifications for the ID service.

Configuration steps can be found here.

Other actions for defending against MFA Fatigue Attacks

In many MFA systems, the first step of authentication is the password. Without a compromised password, most MFA fatigue attacks won’t be able to proceed. Minimizing the risk of your end users’ passwords being compromised by blocking the use of over 4 billion known compromised passwords with Specops Password Policy can help add another protection layer for organizations concerned about their susceptibility to this attack type.

From minutes to seconds: Azure AD (Entra ID) password sync for Specops uReset customers in hybrid environments

With this new feature, Specops uReset customers in hybrid environments will now see hybrid AD password resets via uReset instantly synchronized to Azure AD vs a lag via Azure AD Connect Sync.This instant sync means that users will now be able to log into Azure AD (Entra ID) systems immediately after a password reset via uReset instead of waiting several minutes.

Configuration steps found here.

Keeping User Data Private and Passwords More Secure at the Service Desk: Privacy and Security Improvements in Secure Service Desk

Specops Secure Service Desk continues to be one of the only solutions that can help organizations enforce end user verification at the service desk. We continue to not only improve the options available for end user verification but also improve the options available to organizations who take their duty to protect end user data and privacy seriously.

Disable sharing new passwords via SMS or email

Specops Secure Service Desk customers who would prefer to avoid putting end user passwords in SMS or email channels can now choose to rely only on service desk agents verbally sharing newly agent-assisted reset passwords. Enabling agents to share newly reset passwords via email or SMS can now be disabled within the Admin Web Portal.

Configuration steps available here.

Hide user’s personal email address from agent view

Personal email addresses are often classified as PII (personally identifiable information) and organizations often have an extra duty to protect such sensitive info. Specops Secure Service Desk customers can now increase end user’s privacy at the service desk by preventing the agent from viewing the user’s personal email when choosing to authenticate via that ID service in Secure Service Desk.

Steps to enable this privacy setting can be found here.

Identity service improvements and additions for Swedish users

Organizations with Swedish users have seen two additions so far this year.

New: the Freja eID identity service

This year, we’ve introduced a new identity service, Freja eID. Freja is a Swedish government approved mobile electronic identity used for identification.

Customers with Swedish users who are interested in configuring this ID service can find more detail here.

New support for the Mobile BankID “secure start” requirement

Customers using the Mobile BankID service will find the “secure start” requirement from Mobile BankID implemented, ensuring continuity of service ahead of the May 2024 deadline. End users will now scan a QR code when using this service, as described here.

And more

These were just some highlights of improvements and features we added to the Specops Authentication platform so far this year. To review everything we added, check out the release notes.

Want to see how some of these features could work for your organization? Contact us.