Multi-Factor Authentication

Your end users already carry multiple devices. Why not put them to use? That’s the thought behind multi-factor authentication (MFA), a solution leveraging multiple devices and factors to provide extra security: texting an authentication code to a user’s smartphone, for instance. Here’s what Okta has to say about this innovative authentication method.

What is Credential Stuffing?

Malware often gets top billing in mainstream news reporting of cyber-threats. It makes for snappy headlines and a compelling narrative—–but it’s not the whole story. Increasingly, organizations are finding customers exposed to malware-free account takeover attacks, which could result in serious data theft. There are several ways hackers can…
By Swaroop Sham
April 8, 2019

Okta Auth API: We roll auth so you don’t have to

Secure authentication is crucial for customers using your app. But building an authentication model for your application from the ground up is not easy for your developers. From dealing with conflicting user schemas to easing the flow of data between components, managing and protecting user accounts is probably not your team’s favorite part of…
By Jason Jung
March 29, 2019

Password spraying detection: Where do I start?

Password spraying has been one of the hottest topics in cyber security in the last few years. Right off the heels of multiple high-profile breaches, it’s been getting a lot of attention from security vendors, reporters, and the security community as a whole. In this post, we’ll discuss why password spraying is increasing in prevalence, and steps…
By Cameron Ero Yassir Abousselham
March 25, 2019

Navigating your Identity and Access Management Journey

The benefits of implementing identity and access management (IAM) speak for themselves. Having a centralized IAM solution means fewer passwords, a better end user experience, and a centralized solution for managing access to both cloud and on-prem apps and services. Despite this, investing in identity and access management is not top of mind for…
By Teju Shyamsundar
March 1, 2019

5 Ways to Continuously Mitigate Risk at Your Organization

We’re living in a landscape where risks are prolific, diverse, and often unanticipated. Organizations are under immense pressure to implement strong security measures and avoid cyber attacks from highly specialized threat actors looking to capitalize on the smallest oversight. In this post, we’ll look at some strategies you can leverage to manage…
By Jack Shepherd
February 28, 2019

4 Tools to Keep in your Risk-Assessment Toolbox

As more companies move to support cloud-based environments to work with better mobility and flexibility, their number of vulnerability points also increase. A thriving underground economy that trades in hacking tools, cyber crime services, stolen data, and credentials is estimated to be worth $600 billion annually—that’s more than the film, gaming…
By Jack Shepherd
February 7, 2019

The Ultimate Authentication Playbook

With the rise of of credential stuffing and similar attack methods, simple username and password authentication is not enough to deter bad actors. According to the Verizon Data Breach Investigations Report, there were over 55,000 security incidents and 2,200 confirmed data breaches in 2018, with a whopping 81% of those incidents being tied to…
By Jack Shepherd
February 5, 2019

3 Ways to Stop Account Takeovers Before They Begin

To put it bluntly, 2018 was a bad year for data security. Major consumer-facing corporations like Marriott and Facebook experienced some of the largest data breaches in history, exposing the data of millions of consumers. In total, 2018 saw an overall increase in compromised company records of 133% YoY, with an average of 291 records stolen every…
By Jason Jung
January 29, 2019

Investigating Modlishka Credential Attacks: Old Dog, New Tricks

You may have heard about a new phishing tool called Modlishka, and have questions about its potential impact on multi-factor authentication or single sign-on. To be clear, Modlishka is not a vulnerability in MFA or SSO. Rather, it is an automation tool designed to make it easier for attackers to phish your employees. In this post, I will outline…
By Matias Brutti
January 14, 2019

WebAuthn, the Road to Passwordless, and Other Considerations

Passwords. Most of us have a love-hate relationship with them. Security best practices and common sense tells us to pick unique, hard-to-guess passwords for every account, which makes management of them a pain, or leads to bad password habits like reusing them. Then there’s the inherent security of passwords, or rather, the insecurity of them. As…
By Krystal Wang
November 28, 2018

Tags

MFA
sso

Archive