Engineering

In this article, we will cover some of the characteristics of FIDO2 WebAuthn, which give it an edge over other authenticators (factors). We will also dive into the usage and growth of WebAuthn from Okta’s perspective, along with some of the challenges we are trying to solve for customers here at Okta. WebAuthn (Web Authentication) is one of the…

Deploying phishing-resistant multi-factor authentication helps prevent unauthorized access to your company’s sensitive resources. But what if the process to enroll in that factor is not phishing-resistant? At Okta, we recognize the phishing resistance of a factor traces all the way back to enrollment, and that’s why we have now built into Okta…

Okta’s product release cadence At Okta, there are 12 monthly releases for General Availability of new features and there are weekly releases for Early Availability of new features, security patches, bug fixes, and non-customer-facing backend changes.      Every release train spans a three-week window wherein the deployment to the Dev-Test…

The rise of Zero Trust architecture has brought new challenges to the table. With a Zero Trust approach, it's no longer sufficient to simply trust that a user's credentials are valid. Organizations must also verify the device itself to ensure that it meets their security standards. One key way to address this challenge is by enabling device login…

In the most recent version of Okta Verify for iOS (8.2), we decided to sunset the companion watch app. This blog aims to explain our thinking and share knowledge. Watch apps are cool. Pulling out your phone to accept an MFA push notification is not a great experience. Why would anyone sunset such great functionality? In a nutshell, you don’t need…

  International revenue share fraud (IRSF), also known as toll fraud, is a type of fraud where fraudsters artificially generate a high volume of international calls/SMS on expensive routes. Here’s how it works. Fraudsters exploit Okta’s authentication flow and make expensive phone calls and/or texts as part of the MFA flow where phone/text is used…

Driving rapid innovation and doing it efficiently–without risking security or impacting our user experience — has always been a key priority for me.  In my 20+ years of experience leading teams of engineers in transforming and scaling tech for global user bases, from driving global expansion of products to scaling systems from 0 to 100 million…

Okta FastPass is a cryptographic, multi-factor authenticator that provides a frictionless, passwordless authentication experience to end users and peace of mind to IT and security administrators. Check out  A Deep Dive Into Okta FastPass to learn more about how FastPass works. Step-up authentication with security signals from CrowdStrike  Okta…

At Okta, we take pride in ensuring our product features are developed with testability in mind, thoroughly tested, and continuous monitoring is implemented before reaching our customers. This blog post will describe some of the quality signals we use to ensure features are ready for customer adoption. Internal testing  Upon every approved pull…

This blog post is the second in a series focusing on credential phishing. Previously, in the blog The Need for Phishing-Resistant Multi-Factor Authentication, Mukul Hinge explained how threat actors are becoming more sophisticated, using various tools to overcome mitigations. Today’s post digs into the inner workings of Okta FastPass, explaining…