[{"data":1,"prerenderedAt":3020},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"navbar-about-highlight":155,"navbar-resource-highlight":211,"use-case-page":256,"blog/how-to-set-up-multi-factor-authentication-for-microsoft-365":1276},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"3v32gocrrqz","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"motto9r9yg",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-08zrjigffq5t","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","2lvuonnywj",[156,180],{"createdDate":157,"id":158,"name":159,"modelId":160,"published":13,"stageModifiedSincePublish":6,"query":161,"data":162,"variations":173,"lastUpdated":174,"firstPublished":175,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":176,"meta":177,"rev":179},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":163,"type":19,"testimonialLink":48,"testimonial":164},{},{"@type":17,"id":18,"model":19,"value":165},{"query":166,"folders":167,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":168,"variations":169,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":170,"rev":172},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":171,"hasAutosaves":41},{"small":39,"medium":40},"7t755zfvte3",{},1776247404986,1776247404973,[],{"breakpoints":178,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"4moh0qpywtr",{"createdDate":181,"id":182,"name":88,"modelId":160,"published":13,"meta":183,"stageModifiedSincePublish":6,"query":185,"data":186,"variations":207,"lastUpdated":208,"firstPublished":209,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":210,"rev":179},1776255761419,"05a9322735fc427db12e2740e4302300",{"breakpoints":184,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":187,"link":206,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":189},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":190,"folders":191,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":194,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":203,"rev":205},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":36,"lastPreviewUrl":37,"breakpoints":204,"hasAutosaves":41},{"small":39,"medium":40},"6s8ic0w0ao6",{"text":87,"url":86},{},1776255810913,1776255810900,[],[212,235],{"createdDate":213,"id":214,"name":88,"modelId":215,"published":13,"meta":216,"stageModifiedSincePublish":6,"query":218,"data":219,"variations":230,"lastUpdated":231,"firstPublished":232,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":233,"rev":234},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":217,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":220,"link":229,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":221},{"query":222,"folders":223,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":224,"variations":225,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":226,"rev":228},[],[],{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":227,"hasAutosaves":41},{"small":39,"medium":40},"r77qqueuo3j",{"text":87,"url":86},{},1776256937553,1776256937540,[],"q0jkez80wkg",{"createdDate":236,"id":237,"name":11,"modelId":215,"published":13,"stageModifiedSincePublish":6,"query":238,"data":239,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":253,"meta":254,"rev":234},1776256949234,"ce043785b71b4ece98eac811ecf4ba10",[],{"link":240,"type":19,"testimonial":241,"testimonialLink":48},{},{"@type":17,"id":18,"model":19,"value":242},{"query":243,"folders":244,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":245,"variations":246,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":247,"rev":249},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":248,"hasAutosaves":41},{"small":39,"medium":40},"mnaneamy308",{},1776256974140,1776256974130,[],{"breakpoints":255,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[257,441,560,679,797,917,1037,1157],{"createdDate":258,"id":259,"name":260,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":262,"data":268,"variations":429,"lastUpdated":430,"firstPublished":431,"testRatio":33,"screenshot":432,"createdBy":34,"lastUpdatedBy":433,"folders":434,"meta":435,"rev":440},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[263],{"@type":264,"property":265,"operator":266,"value":267},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":269,"customFonts":270,"seoTitle":318,"title":318,"tsCode":37,"seoDescription":319,"fontAwesomeIcon":320,"jsCode":37,"blocks":321,"url":267,"state":426},[],[271],{"family":272,"kind":273,"version":274,"lastModified":275,"files":276,"category":295,"menu":296,"subsets":297,"variants":300},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"900italic":286,"700italic":287,"100italic":288,"italic":289,"regular":290,"200italic":291,"500italic":292,"300italic":293,"600italic":294},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[298,299],"latin","latin-ext",[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[322,421],{"@type":106,"@version":107,"tagName":323,"id":324,"children":325},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[326,343,351,358,370,385,396,407,413],{"@type":106,"@version":107,"layerName":327,"id":328,"component":329,"responsiveStyles":340},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":327,"options":330,"isRSC":118},{"title":318,"description":331,"points":332,"video":339},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[333,335,337],{"item":334},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":336},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":338},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":341},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},"transparent",{"@type":106,"@version":107,"id":344,"component":345,"responsiveStyles":348},"builder-96634044407e491299e291ed64669e39",{"name":346,"options":347,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":349},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},"#000",{"@type":106,"@version":107,"id":352,"component":353,"responsiveStyles":356},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":354,"options":355,"isRSC":118},"Diagonal",{"darkMode":41},{"large":357},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":360,"component":361,"responsiveStyles":368},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":359,"tag":359,"options":362,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":365,"description":366,"animatedTitle":37,"image":367,"reverse":6,"descriptionPaddingHorizontal":118},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":371,"component":372,"responsiveStyles":380},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":373,"options":374,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":377,"description":378,"reverse":41,"image":379},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":381},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":386,"component":387,"responsiveStyles":393},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":373,"options":388,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":390,"description":391,"reverse":6,"image":392},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":394},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},"36px",{"@type":106,"@version":107,"layerName":373,"id":397,"component":398,"responsiveStyles":404},"builder-42c32198083f4880acb37c5cb76934da",{"name":373,"options":399,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":401,"description":402,"reverse":41,"image":403},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":405},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},"47px",{"@type":106,"@version":107,"id":408,"component":409,"responsiveStyles":411},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":354,"options":410,"isRSC":118},{"darkMode":6},{"large":412},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":414,"component":415,"responsiveStyles":419},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":416,"tag":416,"options":417,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":418},"bg-black",{"large":420},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":422,"@type":106,"tagName":131,"properties":423,"responsiveStyles":424},"builder-pixel-21yj6h3p4wh",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":425},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":427},{"path":37,"query":428},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":436,"winningTest":118,"breakpoints":437,"kind":438,"hasLinks":6,"originalContentId":439,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","atvz4dp24b7",{"createdDate":442,"id":443,"name":444,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":445,"data":448,"variations":552,"lastUpdated":553,"firstPublished":554,"testRatio":33,"screenshot":555,"createdBy":34,"lastUpdatedBy":433,"folders":556,"meta":557,"rev":440},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[446],{"@type":264,"property":265,"operator":266,"value":447},"/uc/browser-extension-security",{"seoDescription":449,"jsCode":37,"fontAwesomeIcon":450,"tsCode":37,"title":444,"seoTitle":444,"customFonts":451,"inputs":456,"blocks":457,"url":447,"state":549},"Shine a light on risky browser extensions.","faPuzzlePiece",[452],{"kind":273,"family":272,"version":274,"files":453,"category":295,"lastModified":275,"subsets":454,"variants":455,"menu":296},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"100italic":288,"italic":289,"regular":290,"900italic":286,"800italic":285,"700italic":287,"200italic":291,"300italic":293,"500italic":292,"600italic":294},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],[],[458,544],{"@type":106,"@version":107,"tagName":323,"id":459,"meta":460,"children":461},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":324},[462,478,485,492,501,511,521,531,538],{"@type":106,"@version":107,"id":463,"meta":464,"component":465,"responsiveStyles":476},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":328},{"name":327,"options":466,"isRSC":118},{"title":444,"description":467,"points":468,"video":475},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[469,471,473],{"item":470},"Discover every browser extension in use",{"item":472},"Spot risky or unsanctioned behavior",{"item":474},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":477},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":479,"meta":480,"component":481,"responsiveStyles":483},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":344},{"name":346,"options":482,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":484},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":486,"meta":487,"component":488,"responsiveStyles":490},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":352},{"name":354,"options":489,"isRSC":118},{"darkMode":41},{"large":491},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":493,"component":494,"responsiveStyles":499},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":359,"tag":359,"options":495,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":496,"description":497,"image":498,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":500},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":502,"meta":503,"component":504,"responsiveStyles":509},"builder-93738f98109a4009affb349afd7bb182",{"previousId":371},{"name":373,"options":505,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":506,"description":507,"reverse":41,"image":508},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":510},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":512,"meta":513,"component":514,"responsiveStyles":519},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":386},{"name":373,"options":515,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":516,"description":517,"reverse":6,"image":518},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":520},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":522,"meta":523,"component":524,"responsiveStyles":529},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":397},{"name":373,"options":525,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":526,"description":527,"reverse":41,"image":528},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":530},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":532,"meta":533,"component":534,"responsiveStyles":536},"builder-1a689287d1a1418997d57db578a71105",{"previousId":408},{"name":354,"options":535,"isRSC":118},{"darkMode":6},{"large":537},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":539,"component":540,"responsiveStyles":542},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":416,"tag":416,"options":541,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":543},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":545,"@type":106,"tagName":131,"properties":546,"responsiveStyles":547},"builder-pixel-0edn39avfcei",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":548},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":550},{"path":37,"query":551},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":438,"winningTest":118,"breakpoints":558,"lastPreviewUrl":559,"hasLinks":6,"originalContentId":259,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":561,"id":562,"name":563,"modelId":261,"published":13,"query":564,"data":567,"variations":670,"lastUpdated":671,"firstPublished":672,"testRatio":33,"screenshot":673,"createdBy":34,"lastUpdatedBy":674,"folders":675,"meta":676,"rev":440},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[565],{"@type":264,"property":265,"operator":266,"value":566},"/uc/account-takeover-detection",{"title":563,"customFonts":568,"jsCode":37,"seoTitle":563,"seoDescription":573,"fontAwesomeIcon":574,"tsCode":37,"blocks":575,"url":566,"state":667},[569],{"kind":273,"category":295,"variants":570,"menu":296,"files":571,"family":272,"subsets":572,"version":274,"lastModified":275},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"800italic":285,"700italic":287,"italic":289,"900italic":286,"600italic":294,"200italic":291,"regular":290,"100italic":288},[298,299],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[576,662],{"@type":106,"@version":107,"tagName":323,"id":577,"meta":578,"children":579},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":324},[580,596,603,610,619,629,639,649,656],{"@type":106,"@version":107,"id":581,"meta":582,"component":583,"responsiveStyles":594},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":328},{"name":327,"options":584,"isRSC":118},{"title":563,"description":585,"points":586,"video":593},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[587,589,591],{"item":588},"Identify credential-based ATO as it unfolds",{"item":590},"Surface hijacked sessions and token misuse",{"item":592},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":595},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":597,"meta":598,"component":599,"responsiveStyles":601},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":344},{"name":346,"options":600,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":602},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":604,"meta":605,"component":606,"responsiveStyles":608},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":352},{"name":354,"options":607,"isRSC":118},{"darkMode":41},{"large":609},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":611,"component":612,"responsiveStyles":617},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":359,"tag":359,"options":613,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":614,"description":615,"image":616,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":618},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":620,"meta":621,"component":622,"responsiveStyles":627},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":371},{"name":373,"options":623,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":624,"description":625,"reverse":41,"image":626},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":628},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":630,"meta":631,"component":632,"responsiveStyles":637},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":386},{"name":373,"options":633,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":634,"description":635,"reverse":6,"image":636},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":638},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":640,"meta":641,"component":642,"responsiveStyles":647},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":397},{"name":373,"options":643,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":644,"description":645,"reverse":41,"image":646},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":648},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":650,"meta":651,"component":652,"responsiveStyles":654},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":408},{"name":354,"options":653,"isRSC":118},{"darkMode":6},{"large":655},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":657,"component":658,"responsiveStyles":660},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":416,"tag":416,"options":659,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":661},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":663,"@type":106,"tagName":131,"properties":664,"responsiveStyles":665},"builder-pixel-s5u3wmvz7jq",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":666},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":668},{"path":37,"query":669},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":677,"hasLinks":6,"originalContentId":259,"breakpoints":678,"winningTest":118,"kind":438,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":680,"id":681,"name":682,"modelId":261,"published":13,"query":683,"data":686,"variations":789,"lastUpdated":790,"firstPublished":791,"testRatio":33,"screenshot":792,"createdBy":34,"lastUpdatedBy":674,"folders":793,"meta":794,"rev":440},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[684],{"@type":264,"property":265,"operator":266,"value":685},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":687,"jsCode":37,"customFonts":688,"fontAwesomeIcon":693,"seoTitle":682,"title":682,"blocks":694,"url":685,"state":786},"Harden access paths with visibility,  detection, and guardrails.",[689],{"kind":273,"files":690,"version":274,"lastModified":275,"subsets":691,"menu":296,"category":295,"variants":692,"family":272},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"regular":290,"italic":289,"800italic":285,"500italic":292,"600italic":294,"200italic":291,"900italic":286,"700italic":287,"100italic":288,"300italic":293},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"faRadar",[695,781],{"@type":106,"@version":107,"tagName":323,"id":696,"meta":697,"children":698},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":577},[699,715,722,729,738,748,758,768,775],{"@type":106,"@version":107,"id":700,"meta":701,"component":702,"responsiveStyles":713},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":581},{"name":327,"options":703,"isRSC":118},{"title":682,"description":704,"points":705,"video":712},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[706,708,710],{"item":707},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":709},"Monitor how users actually log in across apps, flows, and tools",{"item":711},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":714},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":716,"meta":717,"component":718,"responsiveStyles":720},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":597},{"name":346,"options":719,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":721},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":723,"meta":724,"component":725,"responsiveStyles":727},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":604},{"name":354,"options":726,"isRSC":118},{"darkMode":41},{"large":728},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":730,"component":731,"responsiveStyles":736},"builder-dec0246085e1485c803f7152b1922a81",{"name":359,"tag":359,"options":732,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":733,"description":734,"image":735,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":737},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":739,"meta":740,"component":741,"responsiveStyles":746},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":620},{"name":373,"options":742,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":743,"description":744,"reverse":41,"image":745},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":747},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":749,"meta":750,"component":751,"responsiveStyles":756},"builder-431d175c59004669b0b2776b07d71737",{"previousId":630},{"name":373,"options":752,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":753,"description":754,"reverse":6,"image":755},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":757},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":759,"meta":760,"component":761,"responsiveStyles":766},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":640},{"name":373,"options":762,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":763,"description":764,"reverse":41,"image":765},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":767},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":769,"meta":770,"component":771,"responsiveStyles":773},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":650},{"name":354,"options":772,"isRSC":118},{"darkMode":6},{"large":774},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":776,"component":777,"responsiveStyles":779},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":416,"tag":416,"options":778,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":780},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":782,"@type":106,"tagName":131,"properties":783,"responsiveStyles":784},"builder-pixel-7akm7dayau8",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":785},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":787},{"path":37,"query":788},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":438,"lastPreviewUrl":795,"breakpoints":796,"hasLinks":6,"originalContentId":562,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":798,"id":799,"name":800,"modelId":261,"published":13,"query":801,"data":804,"variations":909,"lastUpdated":910,"firstPublished":911,"testRatio":33,"screenshot":912,"createdBy":34,"lastUpdatedBy":674,"folders":913,"meta":914,"rev":440},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[802],{"@type":264,"property":265,"operator":266,"value":803},"/uc/clickfix-protection",{"seoDescription":805,"fontAwesomeIcon":806,"customFonts":807,"seoTitle":812,"jsCode":37,"tsCode":37,"title":812,"blocks":813,"url":803,"state":906},"Block attacks that trick users into running malicious code.","faLaptopCode",[808],{"files":809,"subsets":810,"menu":296,"version":274,"kind":273,"family":272,"lastModified":275,"variants":811,"category":295},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"200italic":291,"800italic":285,"700italic":287,"600italic":294,"100italic":288,"italic":289,"regular":290,"300italic":293,"500italic":292,"900italic":286},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"ClickFix protection",[814,901],{"@type":106,"@version":107,"tagName":323,"id":815,"meta":816,"children":817},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":696},[818,834,841,848,858,868,878,888,895],{"@type":106,"@version":107,"id":819,"meta":820,"component":821,"responsiveStyles":832},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":700},{"name":327,"options":822,"isRSC":118},{"title":812,"description":823,"points":824,"image":831},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[825,827,829],{"item":826},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":828},"Block malicious copy-and-paste actions before code is executed",{"item":830},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":833},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":835,"meta":836,"component":837,"responsiveStyles":839},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":716},{"name":346,"options":838,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":840},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":842,"meta":843,"component":844,"responsiveStyles":846},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":723},{"name":354,"options":845,"isRSC":118},{"darkMode":41},{"large":847},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":849,"meta":850,"component":851,"responsiveStyles":856},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":730},{"name":359,"tag":359,"options":852,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":853,"description":854,"reverse":6,"image":855},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":857},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":859,"meta":860,"component":861,"responsiveStyles":866},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":739},{"name":373,"options":862,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":863,"description":864,"reverse":41,"image":865},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":867},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":869,"meta":870,"component":871,"responsiveStyles":876},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":749},{"name":373,"options":872,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":873,"description":874,"reverse":6,"image":875},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":877},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":879,"meta":880,"component":881,"responsiveStyles":886},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":759},{"name":373,"options":882,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":883,"description":884,"reverse":41,"image":885},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":887},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":889,"meta":890,"component":891,"responsiveStyles":893},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":769},{"name":354,"options":892,"isRSC":118},{"darkMode":6},{"large":894},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":896,"component":897,"responsiveStyles":899},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":416,"tag":416,"options":898,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":900},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":902,"@type":106,"tagName":131,"properties":903,"responsiveStyles":904},"builder-pixel-zzjpxxgrc2l",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":905},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":907},{"path":37,"query":908},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":915,"originalContentId":681,"winningTest":118,"hasLinks":6,"kind":438,"breakpoints":916,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":918,"id":919,"name":920,"modelId":261,"published":13,"query":921,"data":924,"variations":1029,"lastUpdated":1030,"firstPublished":1031,"testRatio":33,"screenshot":1032,"createdBy":34,"lastUpdatedBy":674,"folders":1033,"meta":1034,"rev":440},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[922],{"@type":264,"property":265,"operator":266,"value":923},"/uc/incident-response",{"seoDescription":925,"customFonts":926,"title":920,"jsCode":37,"fontAwesomeIcon":931,"seoTitle":932,"tsCode":37,"blocks":933,"url":923,"state":1026},"Investigate and respond faster with unique browser telemetry.",[927],{"kind":273,"subsets":928,"menu":296,"variants":929,"category":295,"family":272,"version":274,"lastModified":275,"files":930},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"900italic":286,"600italic":294,"200italic":291,"300italic":293,"100italic":288,"700italic":287,"800italic":285,"regular":290,"italic":289,"500italic":292},"faSatelliteDish","Browser based incident response",[934,1021],{"@type":106,"@version":107,"tagName":323,"id":935,"meta":936,"children":937},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":696},[938,955,962,969,978,988,998,1008,1015],{"@type":106,"@version":107,"id":939,"meta":940,"component":941,"responsiveStyles":953},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":700},{"name":327,"options":942,"isRSC":118},{"title":943,"description":944,"points":945,"video":952},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[946,948,950],{"item":947},"Reconstruct what happened with real browser session context",{"item":949},"Investigate faster with real-world session context",{"item":951},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":954},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":956,"meta":957,"component":958,"responsiveStyles":960},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":716},{"name":346,"options":959,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":961},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":963,"meta":964,"component":965,"responsiveStyles":967},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":723},{"name":354,"options":966,"isRSC":118},{"darkMode":41},{"large":968},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":970,"component":971,"responsiveStyles":976},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":359,"tag":359,"options":972,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":973,"description":974,"image":975,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":979,"meta":980,"component":981,"responsiveStyles":986},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":739},{"name":373,"options":982,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":983,"description":984,"reverse":41,"image":985},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":987},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":989,"meta":990,"component":991,"responsiveStyles":996},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":749},{"name":373,"options":992,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":993,"description":994,"reverse":6,"image":995},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":997},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":999,"meta":1000,"component":1001,"responsiveStyles":1006},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":759},{"name":373,"options":1002,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1003,"description":1004,"reverse":41,"image":1005},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":1007},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1009,"meta":1010,"component":1011,"responsiveStyles":1013},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":769},{"name":354,"options":1012,"isRSC":118},{"darkMode":6},{"large":1014},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1016,"component":1017,"responsiveStyles":1019},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":416,"tag":416,"options":1018,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1020},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1022,"@type":106,"tagName":131,"properties":1023,"responsiveStyles":1024},"builder-pixel-z197gdgcmu",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1025},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1027},{"path":37,"query":1028},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":438,"breakpoints":1035,"originalContentId":681,"winningTest":118,"lastPreviewUrl":1036,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":1038,"id":1039,"name":1040,"modelId":261,"published":13,"query":1041,"data":1044,"variations":1149,"lastUpdated":1150,"firstPublished":1151,"testRatio":33,"screenshot":1152,"createdBy":34,"lastUpdatedBy":674,"folders":1153,"meta":1154,"rev":440},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[1042],{"@type":264,"property":265,"operator":266,"value":1043},"/uc/shadow-saas",{"seoTitle":1045,"seoDescription":1046,"customFonts":1047,"fontAwesomeIcon":1052,"title":1053,"jsCode":37,"tsCode":37,"blocks":1054,"url":1043,"state":1146},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[1048],{"kind":273,"variants":1049,"files":1050,"family":272,"version":274,"subsets":1051,"lastModified":275,"category":295,"menu":296},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"regular":290,"900italic":286,"italic":289,"100italic":288,"200italic":291,"600italic":294,"700italic":287,"800italic":285},[298,299],"faShieldCheck","Secure shadow SaaS",[1055,1141],{"@type":106,"@version":107,"tagName":323,"id":1056,"meta":1057,"children":1058},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":935},[1059,1075,1082,1089,1098,1108,1118,1128,1135],{"@type":106,"@version":107,"id":1060,"meta":1061,"component":1062,"responsiveStyles":1073},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":939},{"name":327,"options":1063,"isRSC":118},{"title":1045,"description":1064,"points":1065,"video":1072},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[1066,1068,1070],{"item":1067},"Discover every SaaS app users access, managed or not",{"item":1069},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":1071},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":1074},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1076,"meta":1077,"component":1078,"responsiveStyles":1080},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":956},{"name":346,"options":1079,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1081},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1083,"meta":1084,"component":1085,"responsiveStyles":1087},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":963},{"name":354,"options":1086,"isRSC":118},{"darkMode":41},{"large":1088},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1090,"component":1091,"responsiveStyles":1096},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":359,"tag":359,"options":1092,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1093,"description":1094,"image":1095,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":1097},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1099,"meta":1100,"component":1101,"responsiveStyles":1106},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":979},{"name":373,"options":1102,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1103,"description":1104,"reverse":41,"image":1105},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":1107},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1109,"meta":1110,"component":1111,"responsiveStyles":1116},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":989},{"name":373,"options":1112,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1113,"description":1114,"reverse":6,"image":1115},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":1117},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1119,"meta":1120,"component":1121,"responsiveStyles":1126},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":999},{"name":373,"options":1122,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1123,"description":1124,"reverse":41,"image":1125},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":1127},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1129,"meta":1130,"component":1131,"responsiveStyles":1133},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":1009},{"name":354,"options":1132,"isRSC":118},{"darkMode":6},{"large":1134},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1136,"component":1137,"responsiveStyles":1139},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":416,"tag":416,"options":1138,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1140},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1142,"@type":106,"tagName":131,"properties":1143,"responsiveStyles":1144},"builder-pixel-d1ul2kmxbed",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1145},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1147},{"path":37,"query":1148},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":919,"winningTest":118,"lastPreviewUrl":1155,"breakpoints":1156,"kind":438,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":1158,"id":1159,"name":1160,"modelId":261,"published":13,"query":1161,"data":1164,"variations":1268,"lastUpdated":1269,"firstPublished":1270,"testRatio":33,"screenshot":1271,"createdBy":34,"lastUpdatedBy":674,"folders":1272,"meta":1273,"rev":440},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[1162],{"@type":264,"property":265,"operator":266,"value":1163},"/uc/shadow-ai",{"fontAwesomeIcon":1165,"seoTitle":1166,"jsCode":37,"customFonts":1167,"title":1172,"tsCode":37,"seoDescription":1173,"blocks":1174,"url":1163,"state":1265},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[1168],{"variants":1169,"category":295,"files":1170,"subsets":1171,"family":272,"kind":273,"menu":296,"lastModified":275,"version":274},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"regular":290,"700italic":287,"200italic":291,"italic":289,"500italic":292,"600italic":294,"300italic":293,"100italic":288,"900italic":286},[298,299],"Secure shadow AI","See and control shadow AI apps in the browser.",[1175,1260],{"@type":106,"@version":107,"tagName":323,"id":1176,"meta":1177,"children":1178},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":1056},[1179,1195,1202,1209,1219,1228,1237,1247,1254],{"@type":106,"@version":107,"id":1180,"meta":1181,"component":1182,"responsiveStyles":1193},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":1060},{"name":327,"options":1183,"isRSC":118},{"title":1172,"description":1184,"points":1185,"image":1192},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[1186,1188,1190],{"item":1187},"Map every AI tool used across your workforce",{"item":1189},"Review and classify apps by sensitivity, purpose, and policy status",{"item":1191},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":1194},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1196,"meta":1197,"component":1198,"responsiveStyles":1200},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":1076},{"name":346,"options":1199,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1201},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1203,"meta":1204,"component":1205,"responsiveStyles":1207},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":1083},{"name":354,"options":1206,"isRSC":118},{"darkMode":41},{"large":1208},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1210,"meta":1211,"component":1212,"responsiveStyles":1217},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":1090},{"name":359,"tag":359,"options":1213,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1214,"description":1215,"image":1216,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":1218},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1220,"meta":1221,"component":1222,"responsiveStyles":1226},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":1099},{"name":373,"options":1223,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1224,"description":1225,"reverse":41,"image":1115},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":1227},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1229,"meta":1230,"component":1231,"responsiveStyles":1235},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":1109},{"name":373,"options":1232,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1233,"description":1234,"reverse":6,"image":1125},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":1236},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1238,"meta":1239,"component":1240,"responsiveStyles":1245},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":1119},{"name":373,"options":1241,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1242,"description":1243,"reverse":41,"image":1244},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":1246},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1248,"meta":1249,"component":1250,"responsiveStyles":1252},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":1129},{"name":354,"options":1251,"isRSC":118},{"darkMode":6},{"large":1253},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1255,"component":1256,"responsiveStyles":1258},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":416,"tag":416,"options":1257,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1259},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1261,"@type":106,"tagName":131,"properties":1262,"responsiveStyles":1263},"builder-pixel-wxx9tk70r9p",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1264},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1266},{"path":37,"query":1267},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":1274,"originalContentId":1039,"kind":438,"lastPreviewUrl":1275,"hasLinks":6,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"_path":1277,"_dir":1278,"_draft":6,"_partial":6,"_locale":37,"sys":1279,"ogImage":118,"summary":1282,"title":1296,"subtitle":118,"metaTitle":1297,"synopsis":1298,"hashTags":1299,"publishedDate":1302,"slug":1303,"content":1304,"tagsCollection":1804,"relatedBlogPostsCollection":1814,"authorsCollection":3011,"_id":3015,"_type":3016,"_source":3017,"_file":3018,"_stem":3019,"_extension":3016},"/blog/how-to-set-up-multi-factor-authentication-for-microsoft-365","blog",{"id":1280,"publishedAt":1281},"4mmRSzpyYVed9NMTjePYm6","2025-02-06T20:40:06.132Z",{"json":1283},{"data":1284,"content":1285,"nodeType":1295},{},[1286],{"data":1287,"content":1288,"nodeType":1294},{},[1289],{"data":1290,"marks":1291,"value":1292,"nodeType":1293},{},[],"Understand which MFA solutions are available for Microsoft 365 and which is the right choice for your tenant.","text","paragraph","document","How to set up Multi-Factor Authentication for Microsoft 365","How to set up MFA for Microsoft O365","Conditional Access, Security Defaults, or Legacy? Figuring out how to deploy MFA in Microsoft 365 can be complex. This post summarises your options.",[1300,1301],"MFA","Microsoft365","2021-03-15T00:00:00.000+01:00","how-to-set-up-multi-factor-authentication-for-microsoft-365",{"json":1305,"links":1799},{"nodeType":1295,"data":1306,"content":1307},{},[1308,1315,1322,1357,1365,1373,1380,1387,1394,1401,1408,1415,1435,1442,1449,1456,1462,1469,1544,1551,1574,1592,1598,1604,1647,1653,1688,1705,1712,1718,1782],{"nodeType":1294,"data":1309,"content":1310},{},[1311],{"nodeType":1293,"value":1312,"marks":1313,"data":1314},"Microsoft often has lots of flexibility but it can be hard or time-consuming to figure out all the options and make an informed decision. This post summarises your options for using MFA in Microsoft 365, helps you quickly eliminate some, and gives you the information you need to consider what’s left.",[],{},{"nodeType":1294,"data":1316,"content":1317},{},[1318],{"nodeType":1293,"value":1319,"marks":1320,"data":1321},"At a high level, you’ve got three choices:",[],{},{"nodeType":1323,"data":1324,"content":1325},"unordered-list",{},[1326,1337,1347],{"nodeType":1327,"data":1328,"content":1329},"list-item",{},[1330],{"nodeType":1294,"data":1331,"content":1332},{},[1333],{"nodeType":1293,"value":1334,"marks":1335,"data":1336},"Security Defaults",[],{},{"nodeType":1327,"data":1338,"content":1339},{},[1340],{"nodeType":1294,"data":1341,"content":1342},{},[1343],{"nodeType":1293,"value":1344,"marks":1345,"data":1346},"Conditional Access",[],{},{"nodeType":1327,"data":1348,"content":1349},{},[1350],{"nodeType":1294,"data":1351,"content":1352},{},[1353],{"nodeType":1293,"value":1354,"marks":1355,"data":1356},"Legacy MFA (also referred to as “per-user MFA”)",[],{},{"nodeType":1358,"data":1359,"content":1360},"heading-1",{},[1361],{"nodeType":1293,"value":1362,"marks":1363,"data":1364},"Some quick decisions",[],{},{"nodeType":1366,"data":1367,"content":1368},"heading-2",{},[1369],{"nodeType":1293,"value":1370,"marks":1371,"data":1372},"Do you have Azure AD Premium licenses?",[],{},{"nodeType":1294,"data":1374,"content":1375},{},[1376],{"nodeType":1293,"value":1377,"marks":1378,"data":1379},"If everyone has Azure AD Premium P1 or higher licenses, you should use Conditional Access. Conditional Access allows you to deploy MFA with full flexibility, from simply mandating it in all situations, to convenience features like exceptions for things like certain IP ranges, apps, or break-glass accounts. A simple setup doesn’t take long but if you’re really looking for quick and easy, you can still use Security Defaults.",[],{},{"nodeType":1366,"data":1381,"content":1382},{},[1383],{"nodeType":1293,"value":1384,"marks":1385,"data":1386},"Can you deploy to everyone?",[],{},{"nodeType":1294,"data":1388,"content":1389},{},[1390],{"nodeType":1293,"value":1391,"marks":1392,"data":1393},"If you don’t have Azure AD Premium P1 licenses, but you are comfortable deploying MFA to everyone, you should use Security Defaults. Security Defaults is intended to be the easy-to-deploy MFA option, available to all, regardless of license. Configuration is simply an on/off switch and some very sensible and useful defaults are configured for you but they can’t be changed and no one can be excluded.",[],{},{"nodeType":1366,"data":1395,"content":1396},{},[1397],{"nodeType":1293,"value":1398,"marks":1399,"data":1400},"Neither applicable?",[],{},{"nodeType":1294,"data":1402,"content":1403},{},[1404],{"nodeType":1293,"value":1405,"marks":1406,"data":1407},"If you’ve answered no to both questions, your only remaining option is to use Legacy MFA. As the name suggests, this is not an option Microsoft is endorsing or actively developing - their tools and new features are focused purely on Conditional Access or Security Defaults. However, if neither are an option for you, you should at least ensure MFA is configured on your sensitive accounts, like administrators, and per-user MFA can be used to achieve that, regardless of license.",[],{},{"nodeType":1366,"data":1409,"content":1410},{},[1411],{"nodeType":1293,"value":1412,"marks":1413,"data":1414},"Can I do this if I'm using on-premise AD?",[],{},{"nodeType":1294,"data":1416,"content":1417},{},[1418,1422,1431],{"nodeType":1293,"value":1419,"marks":1420,"data":1421},"These options will turn on MFA for users that exist in Azure AD, for logins to Azure AD. If you have on-premise AD and you want to start using Azure AD, you need to first look at something like ",[],{},{"nodeType":1423,"data":1424,"content":1426},"hyperlink",{"uri":1425},"https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect",[1427],{"nodeType":1293,"value":1428,"marks":1429,"data":1430},"Azure AD Connect",[],{},{"nodeType":1293,"value":1432,"marks":1433,"data":1434}," to sync your users and start your journey in “hybrid” AD.",[],{},{"nodeType":1366,"data":1436,"content":1437},{},[1438],{"nodeType":1293,"value":1439,"marks":1440,"data":1441},"One last thing…",[],{},{"nodeType":1294,"data":1443,"content":1444},{},[1445],{"nodeType":1293,"value":1446,"marks":1447,"data":1448},"Regardless of which option you choose, you need to look into disabling “Legacy authentication”. Unrelated to “Legacy MFA”, legacy authentication is just the original way apps authenticated to Azure AD. However, it doesn’t support MFA so leaving it on makes turning on MFA a bit redundant since there will still be a single-factor route into your tenant.",[],{},{"nodeType":1294,"data":1450,"content":1451},{},[1452],{"nodeType":1293,"value":1453,"marks":1454,"data":1455},"Now that you know which options are available to you let’s explore them in some more detail taking a look at the key features and things you need to think about.",[],{},{"nodeType":1358,"data":1457,"content":1458},{},[1459],{"nodeType":1293,"value":1334,"marks":1460,"data":1461},[],{},{"nodeType":1294,"data":1463,"content":1464},{},[1465],{"nodeType":1293,"value":1466,"marks":1467,"data":1468},"Key points:",[],{},{"nodeType":1323,"data":1470,"content":1471},{},[1472,1482,1492,1514,1524,1534],{"nodeType":1327,"data":1473,"content":1474},{},[1475],{"nodeType":1294,"data":1476,"content":1477},{},[1478],{"nodeType":1293,"value":1479,"marks":1480,"data":1481},"Requires no license - available to all.",[],{},{"nodeType":1327,"data":1483,"content":1484},{},[1485],{"nodeType":1294,"data":1486,"content":1487},{},[1488],{"nodeType":1293,"value":1489,"marks":1490,"data":1491},"Once enabled, all users will have to register within 14 days of their next login.",[],{},{"nodeType":1327,"data":1493,"content":1494},{},[1495],{"nodeType":1294,"data":1496,"content":1497},{},[1498,1502,1510],{"nodeType":1293,"value":1499,"marks":1500,"data":1501},"Users must register using an “Authenticator” app (",[],{},{"nodeType":1423,"data":1503,"content":1505},{"uri":1504},"/blog/which-mfa-methods-should-you-use/",[1506],{"nodeType":1293,"value":1507,"marks":1508,"data":1509},"learn more about MFA methods here",[],{},{"nodeType":1293,"value":1511,"marks":1512,"data":1513},")",[],{},{"nodeType":1327,"data":1515,"content":1516},{},[1517],{"nodeType":1294,"data":1518,"content":1519},{},[1520],{"nodeType":1293,"value":1521,"marks":1522,"data":1523},"Once registered, users will be prompted for MFA “as necessary” (i.e. not every time).",[],{},{"nodeType":1327,"data":1525,"content":1526},{},[1527],{"nodeType":1294,"data":1528,"content":1529},{},[1530],{"nodeType":1293,"value":1531,"marks":1532,"data":1533},"Admins will be prompted every time.",[],{},{"nodeType":1327,"data":1535,"content":1536},{},[1537],{"nodeType":1294,"data":1538,"content":1539},{},[1540],{"nodeType":1293,"value":1541,"marks":1542,"data":1543},"Legacy authentication is turned off",[],{},{"nodeType":1294,"data":1545,"content":1546},{},[1547],{"nodeType":1293,"value":1548,"marks":1549,"data":1550},"Key questions:",[],{},{"nodeType":1323,"data":1552,"content":1553},{},[1554,1564],{"nodeType":1327,"data":1555,"content":1556},{},[1557],{"nodeType":1294,"data":1558,"content":1559},{},[1560],{"nodeType":1293,"value":1561,"marks":1562,"data":1563},"Can you enable it for all accounts? Remember, Security Defaults is applied to all accounts that use Azure AD.",[],{},{"nodeType":1327,"data":1565,"content":1566},{},[1567],{"nodeType":1294,"data":1568,"content":1569},{},[1570],{"nodeType":1293,"value":1571,"marks":1572,"data":1573},"Do all users have access to a mobile device? Users will be required to register for the authenticator MFA method, which requires a mobile device. ",[],{},{"nodeType":1294,"data":1575,"content":1576},{},[1577,1581,1589],{"nodeType":1293,"value":1578,"marks":1579,"data":1580},"Read more here: ",[],{},{"nodeType":1423,"data":1582,"content":1584},{"uri":1583},"https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",[1585],{"nodeType":1293,"value":1586,"marks":1587,"data":1588},"What is Security Defaults?",[],{},{"nodeType":1293,"value":37,"marks":1590,"data":1591},[],{},{"nodeType":1358,"data":1593,"content":1594},{},[1595],{"nodeType":1293,"value":1344,"marks":1596,"data":1597},[],{},{"nodeType":1294,"data":1599,"content":1600},{},[1601],{"nodeType":1293,"value":1466,"marks":1602,"data":1603},[],{},{"nodeType":1323,"data":1605,"content":1606},{},[1607,1617,1627,1637],{"nodeType":1327,"data":1608,"content":1609},{},[1610],{"nodeType":1294,"data":1611,"content":1612},{},[1613],{"nodeType":1293,"value":1614,"marks":1615,"data":1616},"Requires Azure AD Premium P1 licenses",[],{},{"nodeType":1327,"data":1618,"content":1619},{},[1620],{"nodeType":1294,"data":1621,"content":1622},{},[1623],{"nodeType":1293,"value":1624,"marks":1625,"data":1626},"Allows you to create a set of conditions under which users should be allowed access. For example, you can control which users a policy applies to, which apps they are trying to access, how often they should be prompted, where they are logging in from, and which type of device they are permitted to use.",[],{},{"nodeType":1327,"data":1628,"content":1629},{},[1630],{"nodeType":1294,"data":1631,"content":1632},{},[1633],{"nodeType":1293,"value":1634,"marks":1635,"data":1636},"Policies can be put into audit mode first to allow you to ensure they won’t be disruptive.",[],{},{"nodeType":1327,"data":1638,"content":1639},{},[1640],{"nodeType":1294,"data":1641,"content":1642},{},[1643],{"nodeType":1293,"value":1644,"marks":1645,"data":1646},"Legacy authentication should be disabled, but you must do this yourself.",[],{},{"nodeType":1294,"data":1648,"content":1649},{},[1650],{"nodeType":1293,"value":1548,"marks":1651,"data":1652},[],{},{"nodeType":1323,"data":1654,"content":1655},{},[1656,1666],{"nodeType":1327,"data":1657,"content":1658},{},[1659],{"nodeType":1294,"data":1660,"content":1661},{},[1662],{"nodeType":1293,"value":1663,"marks":1664,"data":1665},"Does everyone have the requisite license?",[],{},{"nodeType":1327,"data":1667,"content":1668},{},[1669],{"nodeType":1294,"data":1670,"content":1671},{},[1672,1676,1684],{"nodeType":1293,"value":1673,"marks":1674,"data":1675},"What should your policies look like? Microsoft has a ",[],{},{"nodeType":1423,"data":1677,"content":1679},{"uri":1678},"https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common",[1680],{"nodeType":1293,"value":1681,"marks":1682,"data":1683},"sensible set of base policies",[],{},{"nodeType":1293,"value":1685,"marks":1686,"data":1687},"; implementing the first four policies listed would replicate Security Defaults.",[],{},{"nodeType":1294,"data":1689,"content":1690},{},[1691,1694,1702],{"nodeType":1293,"value":1578,"marks":1692,"data":1693},[],{},{"nodeType":1423,"data":1695,"content":1697},{"uri":1696},"https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview",[1698],{"nodeType":1293,"value":1699,"marks":1700,"data":1701},"What is Conditional Access?",[],{},{"nodeType":1293,"value":37,"marks":1703,"data":1704},[],{},{"nodeType":1358,"data":1706,"content":1707},{},[1708],{"nodeType":1293,"value":1709,"marks":1710,"data":1711},"Legacy MFA",[],{},{"nodeType":1294,"data":1713,"content":1714},{},[1715],{"nodeType":1293,"value":1466,"marks":1716,"data":1717},[],{},{"nodeType":1323,"data":1719,"content":1720},{},[1721,1730,1740,1750,1772],{"nodeType":1327,"data":1722,"content":1723},{},[1724],{"nodeType":1294,"data":1725,"content":1726},{},[1727],{"nodeType":1293,"value":1479,"marks":1728,"data":1729},[],{},{"nodeType":1327,"data":1731,"content":1732},{},[1733],{"nodeType":1294,"data":1734,"content":1735},{},[1736],{"nodeType":1293,"value":1737,"marks":1738,"data":1739},"You can configure MFA enforcement per user, and you can specify which methods can be used.",[],{},{"nodeType":1327,"data":1741,"content":1742},{},[1743],{"nodeType":1294,"data":1744,"content":1745},{},[1746],{"nodeType":1293,"value":1747,"marks":1748,"data":1749},"Users are prompted for MFA on every login.",[],{},{"nodeType":1327,"data":1751,"content":1752},{},[1753],{"nodeType":1294,"data":1754,"content":1755},{},[1756,1760,1768],{"nodeType":1293,"value":1757,"marks":1758,"data":1759},"Management tooling is well...legacy. Only available via a legacy portal that is quite clunky. You can still configure ",[],{},{"nodeType":1423,"data":1761,"content":1763},{"uri":1762},"https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates#change-state-using-powershell",[1764],{"nodeType":1293,"value":1765,"marks":1766,"data":1767},"via PowerShell",[],{},{"nodeType":1293,"value":1769,"marks":1770,"data":1771}," though.",[],{},{"nodeType":1327,"data":1773,"content":1774},{},[1775],{"nodeType":1294,"data":1776,"content":1777},{},[1778],{"nodeType":1293,"value":1779,"marks":1780,"data":1781},"Not recommended by Microsoft or being actively developed.",[],{},{"nodeType":1294,"data":1783,"content":1784},{},[1785,1788,1796],{"nodeType":1293,"value":1578,"marks":1786,"data":1787},[],{},{"nodeType":1423,"data":1789,"content":1791},{"uri":1790},"https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates",[1792],{"nodeType":1293,"value":1793,"marks":1794,"data":1795},"How to enable per-user MFA",[],{},{"nodeType":1293,"value":37,"marks":1797,"data":1798},[],{},{"entries":1800},{"hyperlink":1801,"block":1802,"inline":1803},[],[],[],{"items":1805},[1806,1810],{"sys":1807,"name":1809},{"id":1808},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"sys":1811,"name":1813},{"id":1812},"3pjES4THCIfSAwhGdNwBcy","Identity security",{"items":1815},[1816,2255],{"__typename":1817,"sys":1818,"content":1820,"title":2236,"synopsis":2237,"hashTags":2238,"publishedDate":1302,"slug":2240,"tagsCollection":2241,"authorsCollection":2247},"BlogPosts",{"id":1819},"5Zy1Kj162pY69NT6001gAa",{"json":1821},{"data":1822,"content":1823,"nodeType":1295},{},[1824,1831,1837,1846,1852,1859,1866,2003,2009,2015,2022,2029,2036,2043,2050,2057,2064,2071,2078,2098,2105,2112,2217],{"data":1825,"content":1826,"nodeType":1294},{},[1827],{"data":1828,"marks":1829,"value":1830,"nodeType":1293},{},[],"Multi-Factor Authentication (MFA) - also known as 2 Step Verification (2SV), or 2 Factor Authentication (2FA) - is an additional step when users login to a service in addition to their username and password. Common implementations are things like SMS security codes, or login confirmations on smartphones.",{"data":1832,"content":1833,"nodeType":1294},{},[1834],{"data":1835,"marks":1836,"value":37,"nodeType":1293},{},[],{"data":1838,"content":1844,"nodeType":1845},{"target":1839},{"sys":1840},{"id":1841,"type":1842,"linkType":1843},"3VqrRPLsLo8yynXCUeigZA","Link","Entry",[],"embedded-entry-block",{"data":1847,"content":1848,"nodeType":1294},{},[1849],{"data":1850,"marks":1851,"value":37,"nodeType":1293},{},[],{"data":1853,"content":1854,"nodeType":1358},{},[1855],{"data":1856,"marks":1857,"value":1858,"nodeType":1293},{},[],"MFA is a security control everyone can agree on",{"data":1860,"content":1861,"nodeType":1294},{},[1862],{"data":1863,"marks":1864,"value":1865,"nodeType":1293},{},[],"Security people find it notoriously difficult to agree on what the most important security controls are, but there is broad agreement on the value of MFA. This has been accepted and adopted by some big names who are pushing MFA hard because they know it works:",{"data":1867,"content":1868,"nodeType":1323},{},[1869,1899,1926,1954,1981],{"data":1870,"content":1871,"nodeType":1327},{},[1872],{"data":1873,"content":1874,"nodeType":1294},{},[1875,1881,1885,1895],{"data":1876,"marks":1877,"value":1880,"nodeType":1293},{},[1878],{"type":1879},"bold","Microsoft",{"data":1882,"marks":1883,"value":1884,"nodeType":1293},{},[],": “",{"data":1886,"content":1888,"nodeType":1423},{"uri":1887},"https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/",[1889],{"data":1890,"marks":1891,"value":1894,"nodeType":1293},{},[1892],{"type":1893},"underline","One simple action you can take to prevent 99.9 percent of attacks on your accounts",{"data":1896,"marks":1897,"value":1898,"nodeType":1293},{},[],"”",{"data":1900,"content":1901,"nodeType":1327},{},[1902],{"data":1903,"content":1904,"nodeType":1294},{},[1905,1910,1914,1923],{"data":1906,"marks":1907,"value":1909,"nodeType":1293},{},[1908],{"type":1879},"AWS",{"data":1911,"marks":1912,"value":1913,"nodeType":1293},{},[],": “MFA is the best way to protect accounts from inappropriate access” - ",{"data":1915,"content":1917,"nodeType":1423},{"uri":1916},"https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/",[1918],{"data":1919,"marks":1920,"value":1922,"nodeType":1293},{},[1921],{"type":1893},"Top 10 security items to improve in your AWS account",{"data":1924,"marks":1925,"value":37,"nodeType":1293},{},[],{"data":1927,"content":1928,"nodeType":1327},{},[1929],{"data":1930,"content":1931,"nodeType":1294},{},[1932,1937,1941,1950],{"data":1933,"marks":1934,"value":1936,"nodeType":1293},{},[1935],{"type":1879},"Google",{"data":1938,"marks":1939,"value":1940,"nodeType":1293},{},[],": “On-device prompts helped prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.\" - ",{"data":1942,"content":1944,"nodeType":1423},{"uri":1943},"https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html",[1945],{"data":1946,"marks":1947,"value":1949,"nodeType":1293},{},[1948],{"type":1893},"New research: How effective is basic account hygiene at preventing hijacking",{"data":1951,"marks":1952,"value":1953,"nodeType":1293},{},[]," ",{"data":1955,"content":1956,"nodeType":1327},{},[1957],{"data":1958,"content":1959,"nodeType":1294},{},[1960,1965,1969,1978],{"data":1961,"marks":1962,"value":1964,"nodeType":1293},{},[1963],{"type":1879},"UK National Cyber Security Centre",{"data":1966,"marks":1967,"value":1968,"nodeType":1293},{},[]," (NCSC): “One of the most effective ways of providing additional protection to a password protected account is to use MFA.” - ",{"data":1970,"content":1972,"nodeType":1423},{"uri":1971},"https://www.ncsc.gov.uk/collection/passwords/updating-your-approach",[1973],{"data":1974,"marks":1975,"value":1977,"nodeType":1293},{},[1976],{"type":1893},"Password policy: updating your approach",{"data":1979,"marks":1980,"value":1953,"nodeType":1293},{},[],{"data":1982,"content":1983,"nodeType":1327},{},[1984],{"data":1985,"content":1986,"nodeType":1294},{},[1987,1991,2000],{"data":1988,"marks":1989,"value":1990,"nodeType":1293},{},[],"and even Obama: “The President is calling on Americans to move beyond just the password to leverage multiple factors of authentication when logging-in to online accounts.” - ",{"data":1992,"content":1994,"nodeType":1423},{"uri":1993},"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan",[1995],{"data":1996,"marks":1997,"value":1999,"nodeType":1293},{},[1998],{"type":1893},"FACT SHEET: Cybersecurity National Action Plan | whitehouse.gov",{"data":2001,"marks":2002,"value":1953,"nodeType":1293},{},[],{"data":2004,"content":2008,"nodeType":1845},{"target":2005},{"sys":2006},{"id":2007,"type":1842,"linkType":1843},"2P5lUU0cEsFy424iV8sNJD",[],{"data":2010,"content":2011,"nodeType":1294},{},[2012],{"data":2013,"marks":2014,"value":37,"nodeType":1293},{},[],{"data":2016,"content":2017,"nodeType":1358},{},[2018],{"data":2019,"marks":2020,"value":2021,"nodeType":1293},{},[],"MFA prevents the most common attacks against SMEs",{"data":2023,"content":2024,"nodeType":1294},{},[2025],{"data":2026,"marks":2027,"value":2028,"nodeType":1293},{},[],"To understand why MFA is a good idea, it helps to understand what you are defending your business against. A number of the most common attacks SMEs will face, including business email compromise and ransomware attacks typically start with the compromise of a single employee’s password. This can happen in many ways - but most often because an employee has used the same password on another website (which got compromised) or because they have been tricked by a phishing attack.",{"data":2030,"content":2031,"nodeType":1294},{},[2032],{"data":2033,"marks":2034,"value":2035,"nodeType":1293},{},[],"It’s easy to blame employees, or imagine that employee training is the answer. This is probably a mistake because if the last few decades have taught us anything it is that 1) humans are bad at passwords, and 2) they have near boundless creativity when it comes to tricking people.",{"data":2037,"content":2038,"nodeType":1294},{},[2039],{"data":2040,"marks":2041,"value":2042,"nodeType":1293},{},[],"Instead the data shows you should not rely on passwords for your security. This takes users off the hook, and closes the door on the most common starting point for the most common attacks.",{"data":2044,"content":2045,"nodeType":1358},{},[2046],{"data":2047,"marks":2048,"value":2049,"nodeType":1293},{},[],"MFA isn’t perfect (but it’s very good)",{"data":2051,"content":2052,"nodeType":1294},{},[2053],{"data":2054,"marks":2055,"value":2056,"nodeType":1293},{},[],"You might come across nay-sayers that will point out reasons MFA could be bypassed, or why it won’t stop certain attacks - and it’s true, MFA isn't a silver bullet and doesn’t protect against everything, but don’t let this dissuade you! As you can see from all the references at the top of this page, MFA is really good at stopping some of the most common, and consequential attacks out there today. Arguing that it isn’t worth doing because it isn’t perfect is like arguing that there is no point putting a lock on your front door because someone might drive a tank through it - it’s not wrong, it just misses the point.",{"data":2058,"content":2059,"nodeType":1358},{},[2060],{"data":2061,"marks":2062,"value":2063,"nodeType":1293},{},[],"Start with cloud services",{"data":2065,"content":2066,"nodeType":1294},{},[2067],{"data":2068,"marks":2069,"value":2070,"nodeType":1293},{},[],"It’s possible to protect almost any type of system using MFA, but the cost and effort might differ wildly. We recommend that you start with cloud services because they are accessible from anywhere in the world, making password compromise a one-step affair for attackers. ",{"data":2072,"content":2073,"nodeType":1294},{},[2074],{"data":2075,"marks":2076,"value":2077,"nodeType":1293},{},[],"Also, most cloud services make it easy to adopt MFA without buying any third-party software or devices - it’s a bit of a no-brainer. This is where you will get the greatest bang-for-buck (although MFA is often free or already included in your license - so the buck here is your time). ",{"data":2079,"content":2080,"nodeType":1294},{},[2081,2085,2094],{"data":2082,"marks":2083,"value":2084,"nodeType":1293},{},[],"You can check out ",{"data":2086,"content":2088,"nodeType":1423},{"uri":2087},"https://2fa.directory/",[2089],{"data":2090,"marks":2091,"value":2093,"nodeType":1293},{},[2092],{"type":1893},"Two Factor Auth (2FA)",{"data":2095,"marks":2096,"value":2097,"nodeType":1293},{},[]," to see which services support MFA.",{"data":2099,"content":2100,"nodeType":1358},{},[2101],{"data":2102,"marks":2103,"value":2104,"nodeType":1293},{},[],"Success is all about user experience - and users might even thank you for it (no, really)",{"data":2106,"content":2107,"nodeType":1294},{},[2108],{"data":2109,"marks":2110,"value":2111,"nodeType":1293},{},[],"Being mindful that MFA has a direct impact on the user experience is key to making it a success. Thankfully, the MFA user experience on cloud services is better today than it’s ever been, and with most users already using MFA somewhere in their personal lives it's less of an ask than it used to be. That said, here are some things you can do to make it a success:",{"data":2113,"content":2114,"nodeType":1323},{},[2115,2142,2157,2187,2202],{"data":2116,"content":2117,"nodeType":1327},{},[2118],{"data":2119,"content":2120,"nodeType":1294},{},[2121,2126,2130,2138],{"data":2122,"marks":2123,"value":2125,"nodeType":1293},{},[2124],{"type":1879},"Sweeten the pot for users",{"data":2127,"marks":2128,"value":2129,"nodeType":1293},{},[]," - once you have MFA in place you might disable some of the most hated password policies like regular password expiry. This is actually recommended by modern password policies anyway. (Don't believe us? ",{"data":2131,"content":2133,"nodeType":1423},{"uri":2132},"https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry",[2134],{"data":2135,"marks":2136,"value":2137,"nodeType":1293},{},[],"Read this password guidance",{"data":2139,"marks":2140,"value":2141,"nodeType":1293},{},[]," from NCSC).",{"data":2143,"content":2144,"nodeType":1327},{},[2145],{"data":2146,"content":2147,"nodeType":1294},{},[2148,2153],{"data":2149,"marks":2150,"value":2152,"nodeType":1293},{},[2151],{"type":1879},"Minimise MFA prompts",{"data":2154,"marks":2155,"value":2156,"nodeType":1293},{},[]," - these days most platforms allow you to ask for MFA prompts only when users login from new systems or browsers. This provides a much better user experience and has almost no impact on security.",{"data":2158,"content":2159,"nodeType":1327},{},[2160],{"data":2161,"content":2162,"nodeType":1294},{},[2163,2168,2172,2183],{"data":2164,"marks":2165,"value":2167,"nodeType":1293},{},[2166],{"type":1879},"Choose an easy to use MFA method",{"data":2169,"marks":2170,"value":2171,"nodeType":1293},{},[]," - getting MFA codes from a phone call isn’t very easy to use, where clicking a button on your mobile, or pressing the fingerprint reader on your laptop is far less irritating. A bit of thought here goes a long way. ",{"data":2173,"content":2177,"nodeType":2182},{"target":2174},{"sys":2175},{"id":2176,"type":1842,"linkType":1843},"73JjdrO5GKRzYum97MqJ9q",[2178],{"data":2179,"marks":2180,"value":2181,"nodeType":1293},{},[],"See our blog post","entry-hyperlink",{"data":2184,"marks":2185,"value":2186,"nodeType":1293},{},[]," on which MFA methods you should use.",{"data":2188,"content":2189,"nodeType":1327},{},[2190],{"data":2191,"content":2192,"nodeType":1294},{},[2193,2198],{"data":2194,"marks":2195,"value":2197,"nodeType":1293},{},[2196],{"type":1879},"Make sure your IT support team is ready for all scenarios",{"data":2199,"marks":2200,"value":2201,"nodeType":1293},{},[]," - ensuring that IT support knows exactly what to do in emergencies or when users are locked out is critical to a good user experience. This is not hard to do, but you definitely don’t want to do it for the first time when the user in question is the CEO, and it’s 20 minutes before his big presentation in a country half way across the world - this is how good security dies!",{"data":2203,"content":2204,"nodeType":1327},{},[2205],{"data":2206,"content":2207,"nodeType":1294},{},[2208,2213],{"data":2209,"marks":2210,"value":2212,"nodeType":1293},{},[2211],{"type":1879},"Nothing wrong with taking it slow",{"data":2214,"marks":2215,"value":2216,"nodeType":1293},{},[]," - too much change too fast tends to ruffle feathers, and rolling out MFA over months rather than weeks can give your IT support team time to scale up their experience and iron out issues before you roll-out to everyone. You might even choose to enable it only for critical most-attacked users such as administrators or finance teams at first. Make sure your security team doesn’t lose focus and never quite gets it finished!",{"data":2218,"content":2219,"nodeType":1294},{},[2220,2224,2232],{"data":2221,"marks":2222,"value":2223,"nodeType":1293},{},[],"If you found this useful and are thinking about rolling out MFA, you might consider taking a look at ",{"data":2225,"content":2227,"nodeType":1423},{"uri":2226},"https://pushsecurity.com",[2228],{"data":2229,"marks":2230,"value":2231,"nodeType":1293},{},[],"Push Security",{"data":2233,"marks":2234,"value":2235,"nodeType":1293},{},[]," - our entire reason for being is to take the grunt work out of doing this kind of thing.","Multi-Factor Authentication is the top security control for most small and medium-sized businesses","Why Multi-Factor Authentication (MFA aka 2FA) is so useful for small and medium-sized businesses, and how to deploy it successfully.",[1300,2239],"Guidance","multi-factor-authentication-is-the-top-security-control-for-most-small-and",{"items":2242},[2243,2245],{"sys":2244,"name":1809},{"id":1808},{"sys":2246,"name":1813},{"id":1812},{"items":2248},[2249],{"fullName":2250,"firstName":2251,"jobTitle":2252,"profilePicture":2253},"Jacques Louw","Jacques","Co-founder / CRO",{"url":2254},"https://images.ctfassets.net/y1cdw1ablpvd/39m8bektV23lnCRcEq0G8h/2a08f6276a50744f1a4b499b273f6bb2/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-21.jpg",{"__typename":1817,"sys":2256,"content":2257,"title":2993,"synopsis":2994,"hashTags":2995,"publishedDate":1302,"slug":2996,"tagsCollection":2997,"authorsCollection":3003},{"id":2176},{"json":2258},{"data":2259,"content":2260,"nodeType":1295},{},[2261,2277,2284,2327,2334,2379,2386,2749,2755,2761,2768,2775,2782,2788,2795,2802,2809,2816,2823,2830,2837,2844,2863,2870,2877,2884,2891,2898,2928,2935,2942,2949,2956,2963,2970,2974,2981,2987],{"data":2262,"content":2263,"nodeType":1294},{},[2264,2268,2273],{"data":2265,"marks":2266,"value":2267,"nodeType":1293},{},[],"Before we start, ",{"data":2269,"marks":2270,"value":2272,"nodeType":1293},{},[2271],{"type":1879},"MFA with any method is better than no MFA at all",{"data":2274,"marks":2275,"value":2276,"nodeType":1293},{},[],". Although some methods are better than others, they're all leagues ahead of passwords alone. If, for whatever reason, you can only implement MFA using a weaker second factor, you should still do it. You can always improve later and you'll have made a significant improvement even with the weaker second factor.",{"data":2278,"content":2279,"nodeType":1294},{},[2280],{"data":2281,"marks":2282,"value":2283,"nodeType":1293},{},[],"So, how can one factor be better than others? Here's how we think about it:",{"data":2285,"content":2286,"nodeType":1323},{},[2287,2297,2307,2317],{"data":2288,"content":2289,"nodeType":1327},{},[2290],{"data":2291,"content":2292,"nodeType":1294},{},[2293],{"data":2294,"marks":2295,"value":2296,"nodeType":1293},{},[],"User experience: how easy is it to use?",{"data":2298,"content":2299,"nodeType":1327},{},[2300],{"data":2301,"content":2302,"nodeType":1294},{},[2303],{"data":2304,"marks":2305,"value":2306,"nodeType":1293},{},[],"Security: how easy is it for someone to compromise?",{"data":2308,"content":2309,"nodeType":1327},{},[2310],{"data":2311,"content":2312,"nodeType":1294},{},[2313],{"data":2314,"marks":2315,"value":2316,"nodeType":1293},{},[],"Cost: do you need to upgrade your SaaS license, or buy physical bits?",{"data":2318,"content":2319,"nodeType":1327},{},[2320],{"data":2321,"content":2322,"nodeType":1294},{},[2323],{"data":2324,"marks":2325,"value":2326,"nodeType":1293},{},[],"Support: how widely can it be used?",{"data":2328,"content":2329,"nodeType":1366},{},[2330],{"data":2331,"marks":2332,"value":2333,"nodeType":1293},{},[],"Just want the answers? ",{"data":2335,"content":2336,"nodeType":1323},{},[2337,2347,2369],{"data":2338,"content":2339,"nodeType":1327},{},[2340],{"data":2341,"content":2342,"nodeType":1294},{},[2343],{"data":2344,"marks":2345,"value":2346,"nodeType":1293},{},[],"Using an app on your phone, like Microsoft or Google Authenticator, to receive notifications or use a one-time password are the top all-round options today - they're free, intuitive for users, relatively easy to set up, and widely supported. ",{"data":2348,"content":2349,"nodeType":1327},{},[2350],{"data":2351,"content":2352,"nodeType":1294},{},[2353,2357,2365],{"data":2354,"marks":2355,"value":2356,"nodeType":1293},{},[],"The gold standard is a FIDO2-capable security key, like the ",{"data":2358,"content":2360,"nodeType":1423},{"uri":2359},"https://www.yubico.com/products/yubikey-5-overview/",[2361],{"data":2362,"marks":2363,"value":2364,"nodeType":1293},{},[],"YubiKey 5 series",{"data":2366,"marks":2367,"value":2368,"nodeType":1293},{},[],", or a security key built-in to your device, like Touch ID  - it's the most secure, provides the best user experience, but has an upfront cost as each user will need a key or a compatible device. The main drawback today is they aren't supported on all platforms yet so might not be an option everywhere.",{"data":2370,"content":2371,"nodeType":1327},{},[2372],{"data":2373,"content":2374,"nodeType":1294},{},[2375],{"data":2376,"marks":2377,"value":2378,"nodeType":1293},{},[],"Factors that rely on your phone number, such as SMS and phone calls should be avoided if possible as they are the least secure and provide the worst user experience.",{"data":2380,"content":2381,"nodeType":1294},{},[2382],{"data":2383,"marks":2384,"value":2385,"nodeType":1293},{},[],"Here's a summary:",{"data":2387,"content":2388,"nodeType":2748},{},[2389,2444,2497,2547,2599,2648,2699],{"data":2390,"content":2391,"nodeType":2443},{},[2392,2403,2413,2423,2433],{"data":2393,"content":2394,"nodeType":2402},{},[2395],{"data":2396,"content":2397,"nodeType":1294},{},[2398],{"data":2399,"marks":2400,"value":2401,"nodeType":1293},{},[],"Method","table-header-cell",{"data":2404,"content":2405,"nodeType":2402},{},[2406],{"data":2407,"content":2408,"nodeType":1294},{},[2409],{"data":2410,"marks":2411,"value":2412,"nodeType":1293},{},[],"User experience",{"data":2414,"content":2415,"nodeType":2402},{},[2416],{"data":2417,"content":2418,"nodeType":1294},{},[2419],{"data":2420,"marks":2421,"value":2422,"nodeType":1293},{},[],"Security",{"data":2424,"content":2425,"nodeType":2402},{},[2426],{"data":2427,"content":2428,"nodeType":1294},{},[2429],{"data":2430,"marks":2431,"value":2432,"nodeType":1293},{},[],"Cost",{"data":2434,"content":2435,"nodeType":2402},{},[2436],{"data":2437,"content":2438,"nodeType":1294},{},[2439],{"data":2440,"marks":2441,"value":2442,"nodeType":1293},{},[],"Support","table-row",{"data":2445,"content":2446,"nodeType":2443},{},[2447,2458,2468,2477,2487],{"data":2448,"content":2449,"nodeType":2457},{},[2450],{"data":2451,"content":2452,"nodeType":1294},{},[2453],{"data":2454,"marks":2455,"value":2456,"nodeType":1293},{},[],"App Notification","table-cell",{"data":2459,"content":2460,"nodeType":2457},{},[2461],{"data":2462,"content":2463,"nodeType":1294},{},[2464],{"data":2465,"marks":2466,"value":2467,"nodeType":1293},{},[],"Good",{"data":2469,"content":2470,"nodeType":2457},{},[2471],{"data":2472,"content":2473,"nodeType":1294},{},[2474],{"data":2475,"marks":2476,"value":2467,"nodeType":1293},{},[],{"data":2478,"content":2479,"nodeType":2457},{},[2480],{"data":2481,"content":2482,"nodeType":1294},{},[2483],{"data":2484,"marks":2485,"value":2486,"nodeType":1293},{},[],"Free",{"data":2488,"content":2489,"nodeType":2457},{},[2490],{"data":2491,"content":2492,"nodeType":1294},{},[2493],{"data":2494,"marks":2495,"value":2496,"nodeType":1293},{},[],"Widely supported",{"data":2498,"content":2499,"nodeType":2443},{},[2500,2510,2520,2529,2538],{"data":2501,"content":2502,"nodeType":2457},{},[2503],{"data":2504,"content":2505,"nodeType":1294},{},[2506],{"data":2507,"marks":2508,"value":2509,"nodeType":1293},{},[],"App code",{"data":2511,"content":2512,"nodeType":2457},{},[2513],{"data":2514,"content":2515,"nodeType":1294},{},[2516],{"data":2517,"marks":2518,"value":2519,"nodeType":1293},{},[],"Moderate",{"data":2521,"content":2522,"nodeType":2457},{},[2523],{"data":2524,"content":2525,"nodeType":1294},{},[2526],{"data":2527,"marks":2528,"value":2467,"nodeType":1293},{},[],{"data":2530,"content":2531,"nodeType":2457},{},[2532],{"data":2533,"content":2534,"nodeType":1294},{},[2535],{"data":2536,"marks":2537,"value":2486,"nodeType":1293},{},[],{"data":2539,"content":2540,"nodeType":2457},{},[2541],{"data":2542,"content":2543,"nodeType":1294},{},[2544],{"data":2545,"marks":2546,"value":2496,"nodeType":1293},{},[],{"data":2548,"content":2549,"nodeType":2443},{},[2550,2560,2570,2579,2589],{"data":2551,"content":2552,"nodeType":2457},{},[2553],{"data":2554,"content":2555,"nodeType":1294},{},[2556],{"data":2557,"marks":2558,"value":2559,"nodeType":1293},{},[],"Security key (external)",{"data":2561,"content":2562,"nodeType":2457},{},[2563],{"data":2564,"content":2565,"nodeType":1294},{},[2566],{"data":2567,"marks":2568,"value":2569,"nodeType":1293},{},[],"Best",{"data":2571,"content":2572,"nodeType":2457},{},[2573],{"data":2574,"content":2575,"nodeType":1294},{},[2576],{"data":2577,"marks":2578,"value":2569,"nodeType":1293},{},[],{"data":2580,"content":2581,"nodeType":2457},{},[2582],{"data":2583,"content":2584,"nodeType":1294},{},[2585],{"data":2586,"marks":2587,"value":2588,"nodeType":1293},{},[],"Expensive",{"data":2590,"content":2591,"nodeType":2457},{},[2592],{"data":2593,"content":2594,"nodeType":1294},{},[2595],{"data":2596,"marks":2597,"value":2598,"nodeType":1293},{},[],"Some platforms",{"data":2600,"content":2601,"nodeType":2443},{},[2602,2612,2621,2630,2639],{"data":2603,"content":2604,"nodeType":2457},{},[2605],{"data":2606,"content":2607,"nodeType":1294},{},[2608],{"data":2609,"marks":2610,"value":2611,"nodeType":1293},{},[],"Security key (internal)",{"data":2613,"content":2614,"nodeType":2457},{},[2615],{"data":2616,"content":2617,"nodeType":1294},{},[2618],{"data":2619,"marks":2620,"value":2569,"nodeType":1293},{},[],{"data":2622,"content":2623,"nodeType":2457},{},[2624],{"data":2625,"content":2626,"nodeType":1294},{},[2627],{"data":2628,"marks":2629,"value":2569,"nodeType":1293},{},[],{"data":2631,"content":2632,"nodeType":2457},{},[2633],{"data":2634,"content":2635,"nodeType":1294},{},[2636],{"data":2637,"marks":2638,"value":2486,"nodeType":1293},{},[],{"data":2640,"content":2641,"nodeType":2457},{},[2642],{"data":2643,"content":2644,"nodeType":1294},{},[2645],{"data":2646,"marks":2647,"value":2598,"nodeType":1293},{},[],{"data":2649,"content":2650,"nodeType":2443},{},[2651,2661,2671,2680,2690],{"data":2652,"content":2653,"nodeType":2457},{},[2654],{"data":2655,"content":2656,"nodeType":1294},{},[2657],{"data":2658,"marks":2659,"value":2660,"nodeType":1293},{},[],"SMS",{"data":2662,"content":2663,"nodeType":2457},{},[2664],{"data":2665,"content":2666,"nodeType":1294},{},[2667],{"data":2668,"marks":2669,"value":2670,"nodeType":1293},{},[],"Poor",{"data":2672,"content":2673,"nodeType":2457},{},[2674],{"data":2675,"content":2676,"nodeType":1294},{},[2677],{"data":2678,"marks":2679,"value":2670,"nodeType":1293},{},[],{"data":2681,"content":2682,"nodeType":2457},{},[2683],{"data":2684,"content":2685,"nodeType":1294},{},[2686],{"data":2687,"marks":2688,"value":2689,"nodeType":1293},{},[],"Cheap",{"data":2691,"content":2692,"nodeType":2457},{},[2693],{"data":2694,"content":2695,"nodeType":1294},{},[2696],{"data":2697,"marks":2698,"value":2496,"nodeType":1293},{},[],{"data":2700,"content":2701,"nodeType":2443},{},[2702,2712,2721,2730,2739],{"data":2703,"content":2704,"nodeType":2457},{},[2705],{"data":2706,"content":2707,"nodeType":1294},{},[2708],{"data":2709,"marks":2710,"value":2711,"nodeType":1293},{},[],"Phone call",{"data":2713,"content":2714,"nodeType":2457},{},[2715],{"data":2716,"content":2717,"nodeType":1294},{},[2718],{"data":2719,"marks":2720,"value":2670,"nodeType":1293},{},[],{"data":2722,"content":2723,"nodeType":2457},{},[2724],{"data":2725,"content":2726,"nodeType":1294},{},[2727],{"data":2728,"marks":2729,"value":2670,"nodeType":1293},{},[],{"data":2731,"content":2732,"nodeType":2457},{},[2733],{"data":2734,"content":2735,"nodeType":1294},{},[2736],{"data":2737,"marks":2738,"value":2689,"nodeType":1293},{},[],{"data":2740,"content":2741,"nodeType":2457},{},[2742],{"data":2743,"content":2744,"nodeType":1294},{},[2745],{"data":2746,"marks":2747,"value":2496,"nodeType":1293},{},[],"table",{"data":2750,"content":2754,"nodeType":1845},{"target":2751},{"sys":2752},{"id":2753,"type":1842,"linkType":1843},"7rgrP5FFAKG63lscwhAsW1",[],{"data":2756,"content":2757,"nodeType":1366},{},[2758],{"data":2759,"marks":2760,"value":2456,"nodeType":1293},{},[],{"data":2762,"content":2763,"nodeType":1294},{},[2764],{"data":2765,"marks":2766,"value":2767,"nodeType":1293},{},[],"One of the most common methods today is the app notification. Using an app on your phone, like Microsoft Authenticator, to receive a push notification when you login.",{"data":2769,"content":2770,"nodeType":1294},{},[2771],{"data":2772,"marks":2773,"value":2774,"nodeType":1293},{},[],"Free, easy to use, and secure - this is a good choice if your users all have devices to install the app on and will reliably have a network connection to receive the notification.",{"data":2776,"content":2777,"nodeType":1294},{},[2778],{"data":2779,"marks":2780,"value":2781,"nodeType":1293},{},[],"Your challenges with using this method will be getting the app setup on everyone's device, getting everyone enrolled, and making sure users understand to only hit approve when they actually performed a login (seriously).",{"data":2783,"content":2787,"nodeType":1845},{"target":2784},{"sys":2785},{"id":2786,"type":1842,"linkType":1843},"4ybLnYAdHltdWCluLbr4di",[],{"data":2789,"content":2790,"nodeType":1366},{},[2791],{"data":2792,"marks":2793,"value":2794,"nodeType":1293},{},[],"App Code",{"data":2796,"content":2797,"nodeType":1294},{},[2798],{"data":2799,"marks":2800,"value":2801,"nodeType":1293},{},[],"The early days of MFA looked like RSA tokens; those devices you used to have to carry on a key chain with a code that changed every minute. Those devices worked by having a \"seed\" value that both the device and the server knew which changed predictably. So long as that seed value stayed safe, this provided a convenient second factor for users that was difficult to compromise.",{"data":2803,"content":2804,"nodeType":1294},{},[2805],{"data":2806,"marks":2807,"value":2808,"nodeType":1293},{},[],"Today, this approach is more common via an app, where the app provides a code that changes every minute, but the concept is exactly the same.",{"data":2810,"content":2811,"nodeType":1294},{},[2812],{"data":2813,"marks":2814,"value":2815,"nodeType":1293},{},[],"This approach uses what is officially called One Time Passwords (OTP) but is often just referred to as an app code. It has some advantages, such as not needing signal after setup which can be handy if that's a concern. ",{"data":2817,"content":2818,"nodeType":1294},{},[2819],{"data":2820,"marks":2821,"value":2822,"nodeType":1293},{},[],"However, as was true of the RSA tokens of the past, if the seed value is compromised all future values can be predicted. The odds of this happening in practice are exceptionally low so this remains a good choice.",{"data":2824,"content":2825,"nodeType":1294},{},[2826],{"data":2827,"marks":2828,"value":2829,"nodeType":1293},{},[],"Your challenges with using this method will again be mostly in rolling it out to all users and getting everyone setup.",{"data":2831,"content":2832,"nodeType":1366},{},[2833],{"data":2834,"marks":2835,"value":2836,"nodeType":1293},{},[],"Text message / phone call",{"data":2838,"content":2839,"nodeType":1294},{},[2840],{"data":2841,"marks":2842,"value":2843,"nodeType":1293},{},[],"As MFA gained popularity, receiving a code via text message (SMS), or sometimes a phone call, quickly became the de-facto method. Before everyone had smartphones and therefore the ability to install apps, using text messages or phone calls was the only way to implement MFA without having to provision RSA tokens for everyone in the team.",{"data":2845,"content":2846,"nodeType":1294},{},[2847,2851,2859],{"data":2848,"marks":2849,"value":2850,"nodeType":1293},{},[],"The major downside to using these methods is their reliance on the security of the phone number. If attackers really want to target an account, and they know the phone number used for MFA, they can try something called ",{"data":2852,"content":2854,"nodeType":1423},{"uri":2853},"https://en.wikipedia.org/wiki/SIM_swap_scam",[2855],{"data":2856,"marks":2857,"value":2858,"nodeType":1293},{},[],"SIM-swapping",{"data":2860,"marks":2861,"value":2862,"nodeType":1293},{},[]," to hijack the phone number, and hence nullify the MFA.",{"data":2864,"content":2865,"nodeType":1294},{},[2866],{"data":2867,"marks":2868,"value":2869,"nodeType":1293},{},[],"The most important thing to note in that scenario is how targeted it is. With no MFA, any attacker on the Internet can simply guess passwords on an account - the cost is extremely low. To bypass SMS or phone call MFA using SIM swapping has a significantly higher cost. The attack is definitely practical, but would only happen when you're specifically targeted.",{"data":2871,"content":2872,"nodeType":1294},{},[2873],{"data":2874,"marks":2875,"value":2876,"nodeType":1293},{},[],"Additionally, the user experience isn't as good. Firstly, the user must have mobile signal to receive the SMS or call. Secondly, there can often be a delay in delivery, due to the less-reliable mobile network. Finally, there is almost always a usage cost associated with these methods, since it costs money to send SMSs or make phone calls.",{"data":2878,"content":2879,"nodeType":1294},{},[2880],{"data":2881,"marks":2882,"value":2883,"nodeType":1293},{},[],"Because of this, SMS or phone calls are often considered least desirable MFA methods today.",{"data":2885,"content":2886,"nodeType":1366},{},[2887],{"data":2888,"marks":2889,"value":2890,"nodeType":1293},{},[],"Security keys",{"data":2892,"content":2893,"nodeType":1294},{},[2894],{"data":2895,"marks":2896,"value":2897,"nodeType":1293},{},[],"FIDO2 is the name for a set of authentication protocols and standards developed by a consortium of tech companies to be the future of authentication. FIDO2 solves a lot of the problems we've dealt with in the past: it's secure, usable, impossible to spoof.",{"data":2899,"content":2900,"nodeType":1294},{},[2901,2905,2913,2917,2924],{"data":2902,"marks":2903,"value":2904,"nodeType":1293},{},[],"Without digging into the weeds of how that works (",{"data":2906,"content":2908,"nodeType":1423},{"uri":2907},"https://fidoalliance.org/fido2/",[2909],{"data":2910,"marks":2911,"value":2912,"nodeType":1293},{},[],"the official page from the FIDO alliance is worth a read if you're interested",{"data":2914,"marks":2915,"value":2916,"nodeType":1293},{},[],"), you will need what's commonly referred to as a \"security key\" to make use of it. This is a small physical device, often plugged into your USB port - modern devices that understand FIDO2, like the ",{"data":2918,"content":2919,"nodeType":1423},{"uri":2359},[2920],{"data":2921,"marks":2922,"value":2923,"nodeType":1293},{},[],"YubiKey 5 Series",{"data":2925,"marks":2926,"value":2927,"nodeType":1293},{},[],", are preferable. Once setup, you simply touch the key on login and the magic of cryptography ensures a high degree of security.",{"data":2929,"content":2930,"nodeType":1294},{},[2931],{"data":2932,"marks":2933,"value":2934,"nodeType":1293},{},[],"In fact, this approach is so secure, it is the basis of a \"passwordless\" revolution, where this strong factor of authentication can feasibly be used as a single-factor of authentication, and users don't even need to remember passwords anymore. Though in its infancy at the moment, expect to hear more about that in the coming years.",{"data":2936,"content":2937,"nodeType":1294},{},[2938],{"data":2939,"marks":2940,"value":2941,"nodeType":1293},{},[],"The primary drawback of this method is the cost, with devices typically costing around $50 each. Also, although you can expect them to be supported on major platforms, they aren't supported as widely as other methods just yet.",{"data":2943,"content":2944,"nodeType":1294},{},[2945],{"data":2946,"marks":2947,"value":2948,"nodeType":1293},{},[],"If you are unable to justify their cost for all users, a common implementation is to use security keys for high privilege accounts.",{"data":2950,"content":2951,"nodeType":1366},{},[2952],{"data":2953,"marks":2954,"value":2955,"nodeType":1293},{},[],"Built-in security keys",{"data":2957,"content":2958,"nodeType":1294},{},[2959],{"data":2960,"marks":2961,"value":2962,"nodeType":1293},{},[],"Many modern mobile devices like laptops, tablets and phones have built-in security keys (e.g. Apple TouchId,  Android phones, and Windows Hello). These have many of the advantages of stand-alone security keys, but without the cost!",{"data":2964,"content":2965,"nodeType":1294},{},[2966],{"data":2967,"marks":2968,"value":2969,"nodeType":1293},{},[],"Support for these keys is a fairly recent development and is still ongoing but opens up an exciting future where users will increasingly be able to very easily add a second factor, or even go passwordless, in a secure way, without much effort or thought.",{"data":2971,"content":2972,"nodeType":2973},{},[],"hr",{"data":2975,"content":2976,"nodeType":1294},{},[2977],{"data":2978,"marks":2979,"value":2980,"nodeType":1293},{},[],"In conclusion there are multiple options you can choose from to fit almost any scenario you have. While some options are better than others, even the worst option is still a massive improvement on passwords alone. In the end, the best MFA method is the one you can start rolling out today, you can always improve down the line.",{"data":2982,"content":2986,"nodeType":1845},{"target":2983},{"sys":2984},{"id":2985,"type":1842,"linkType":1843},"2y0INxqAi594O7rCAVKhTI",[],{"data":2988,"content":2989,"nodeType":1294},{},[2990],{"data":2991,"marks":2992,"value":37,"nodeType":1293},{},[],"Which MFA methods should you use?","SMS, Authenticator apps, Security Keys, and more! We compare them from a user experience, security, cost, and security aspect.",[1300],"which-mfa-methods-should-you-use",{"items":2998},[2999,3001],{"sys":3000,"name":1809},{"id":1808},{"sys":3002,"name":1813},{"id":1812},{"items":3004},[3005],{"fullName":3006,"firstName":3007,"jobTitle":3008,"profilePicture":3009},"Andy Waugh","Andy","VP Product",{"url":3010},"https://images.ctfassets.net/y1cdw1ablpvd/3Rf76rJn6S9inMb4dUnAIJ/0a787f8141d05b95300e2fe77c4493fa/DSC_6868.jpg",{"items":3012},[3013],{"fullName":3006,"firstName":3007,"jobTitle":3008,"profilePicture":3014},{"url":3010},"content:blog:how-to-set-up-multi-factor-authentication-for-microsoft-365.json","json","content","blog/how-to-set-up-multi-factor-authentication-for-microsoft-365.json","blog/how-to-set-up-multi-factor-authentication-for-microsoft-365",1776359968708]