Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Try Okta
Sign In

Andrew Lee

Security Engineer

Andrew Lee is a security engineer on Okta’s Research and Exploitation (REX) team, where he works with developers to create secure solutions by employing a mix of manual and automated techniques. He is curious about the evolution of all complex systems—from the living to the artificial—and how they develop defenses against exploitation. With a focus on automated reasoning and cryptography, Andrew’s research explores methods that distinguish between the benign and the malicious.

Follow Andrew Lee

A Tool to Strengthen Your Password Manager

Password managers, such as Okta’s SWA plugin can defend against phishing attacks. However, to prevent the compromise of passwords, password managers need to be hardened against attacks that confuse them into misidentifying websites. To help achieve this, the Okta Research and Exploitation team (REX) has created a tool, ...

Using hack_url_re to Auto Detect Website Spoofing Vulnerabilities

Phishing attacks often spoof websites in order to steal passwords, tricking users into entering credentials to a website that looks identical to the one they routinetly access. To avoid such trickery, account holders can trust their passwords to password managers like Okta’s SWA plugin, which are not fooled by visual...

Multi-Factor Mixup: Who Were You Again?

Summary: A weakness in the Microsoft ADFS protocol for integration with MFA products allows a second factor for one account to be used for second-factor authentication to all other accounts in an organization. After being notified about the vulnerability and independently validating it, Microsoft produced a patch to address it...