security

WebAuthn: Growth and challenges

In this article, we will cover some of the characteristics of FIDO2 WebAuthn, which give it an edge over other authenticators (factors). We will also dive into the usage and growth of WebAuthn from Okta’s perspective, along with some of the challenges we are trying to solve for customers here at Okta. WebAuthn (Web Authentication) is one of the…

Keys to high-quality service releases at Okta

Okta’s product release cadence At Okta, there are 12 monthly releases for General Availability of new features and there are weekly releases for Early Availability of new features, security patches, bug fixes, and non-customer-facing backend changes. Every release train spans a three-week window wherein the deployment to the Dev-Test…

A summary of Okta’s FIPS compliance

Federal Information Processing Standards (FIPS) are security standards developed by the National Institute of Standards and Technology (NIST). For organizations to adhere to FIPS compliance, the system or product must meet configuration standards and pass rigorous audits through regular third-party assessments. To demystify FIPS compliance in Okta…

Okta and AWS Identity Center enforce JIT-privileged access

One risk IAM administrators are very familiar with is having a lack of control over credentials. Once credentials that grant privileged operations are lost or shared without permissions, they can be used to give unauthorized people elevated access to resources. A reasonable prevention strategy is to use a Just-in-Time (JIT) access model to make…

Why we sunset the Okta Verify watch app

In the most recent version of Okta Verify for iOS (8.2), we decided to sunset the companion watch app. This blog aims to explain our thinking and share knowledge. Watch apps are cool. Pulling out your phone to accept an MFA push notification is not a great experience. Why would anyone sunset such great functionality? In a nutshell, you don’t need…

Enhanced security and phishing resistance for unmanaged iOS devices with Okta FastPass

In today's corporate landscape, bring-your-own-device (BYOD) policies have gained significant traction, with over 50% of computers, tablets, and smartphones being used as personal devices in the workplace, according to Okta’s Businesses at Work 2023 report. However, with the rise of personal devices owned by third-party contractors, vendors, and…

Okta to improve user experience through Apple Business Manager

Last week at Apple's Worldwide Developers Conference (WWDC), Apple announced its support for enterprise identity providers to be integrated with Apple Business Manager (ABM). Okta is proud to be one of the first identity providers to implement this new capability when it is available this fall. Apple Business Manager is a web-based portal for IT…

Cybersecurity for the world’s most vulnerable

As part of Okta’s social impact work, we have the privilege of working with some of the world’s largest nonprofit and humanitarian organizations. These groups are the first to jump to action when people around the world need support. Many of us intuitively understand the need for these organizations to focus on the physical safety of those they…

A leap forward in token security: Okta adds support for DPoP

Have you ever wondered how secure your tokens are when they are transmitted from a client to a server? As our digital footprints expand, the need for more stringent security measures in web applications and APIs has never been greater. In the wake of a recent GitHub security breach affecting dozens of organizations, the question of token security…

Desktop MFA from Okta — Its time has come

The password has been much maligned since its creation, and deservedly so. Even Fernando Corbató, the MIT computer scientist who created the password, said it had become “kind of a nightmare.” However, Corbató could not have conceived of the hundreds of passwords we now use and the proliferation of complex rules to overcome the weakness of the…

security

Tags

Archive