Engineering

WebAuthn: Growth and challenges

In this article, we will cover some of the characteristics of FIDO2 WebAuthn, which give it an edge over other authenticators (factors). We will also dive into the usage and growth of WebAuthn from Okta’s perspective, along with some of the challenges we are trying to solve for customers here at Okta. WebAuthn (Web Authentication) is one of the…

Bootstrapping Okta FastPass enrollment in a phishing-resistant manner

Deploying phishing-resistant multi-factor authentication helps prevent unauthorized access to your company’s sensitive resources. But what if the process to enroll in that factor is not phishing-resistant? At Okta, we recognize the phishing resistance of a factor traces all the way back to enrollment, and that’s why we have now built into Okta…

Keys to high-quality service releases at Okta

Okta’s product release cadence At Okta, there are 12 monthly releases for General Availability of new features and there are weekly releases for Early Availability of new features, security patches, bug fixes, and non-customer-facing backend changes.      Every release train spans a three-week window wherein the deployment to the Dev-Test…

Why we sunset the Okta Verify watch app

In the most recent version of Okta Verify for iOS (8.2), we decided to sunset the companion watch app. This blog aims to explain our thinking and share knowledge. Watch apps are cool. Pulling out your phone to accept an MFA push notification is not a great experience. Why would anyone sunset such great functionality? In a nutshell, you don’t need…

How Okta uses machine learning to automatically detect and mitigate toll fraud

  International revenue share fraud (IRSF), also known as toll fraud, is a type of fraud where fraudsters artificially generate a high volume of international calls/SMS on expensive routes. Here’s how it works. Fraudsters exploit Okta’s authentication flow and make expensive phone calls and/or texts as part of the MFA flow where phone/text is used…

Buy v. Build: Advice from a CTO

Driving rapid innovation and doing it efficiently–without risking security or impacting our user experience — has always been a key priority for me.  In my 20+ years of experience leading teams of engineers in transforming and scaling tech for global user bases, from driving global expansion of products to scaling systems from 0 to 100 million…

Achieve Enhanced Secure Authentication with Okta FastPass and CrowdStrike

Okta FastPass is a cryptographic, multi-factor authenticator that provides a frictionless, passwordless authentication experience to end users and peace of mind to IT and security administrators. Check out  A Deep Dive Into Okta FastPass to learn more about how FastPass works. Step-up authentication with security signals from CrowdStrike  Okta…

A Brief Overview of Testing at Okta

At Okta, we take pride in ensuring our product features are developed with testability in mind, thoroughly tested, and continuous monitoring is implemented before reaching our customers. This blog post will describe some of the quality signals we use to ensure features are ready for customer adoption. Internal testing  Upon every approved pull…

A Deep Dive Into Okta FastPass

This blog post is the second in a series focusing on credential phishing. Previously, in the blog The Need for Phishing-Resistant Multi-Factor Authentication, Mukul Hinge explained how threat actors are becoming more sophisticated, using various tools to overcome mitigations. Today’s post digs into the inner workings of Okta FastPass, explaining…

Archive