For those not familiar with FIDO2, it is an improved version of the FIDO standard – popularly known for the U2F USB tokens provided by Google and Yubico. Now that we've explored what Webauthn is and reviewed critical Webauthn building blocks and protocols, I’ll use this post to break down how you can leverage WebAuthn with FIDO2 to enhance both…

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In a previous blog post we went through some examples of how…

Malware often gets top billing in mainstream news reporting of cyber-threats. It makes for snappy headlines and a compelling narrative—–but it’s not the whole story. Increasingly, organisations are finding customers exposed to malware-free account takeover attacks, which could result in serious data theft. There are several ways hackers can…

Organisations are increasingly leveraging the benefits of the cloud to support employee productivity and IT efficiencies, while also delivering more compelling user experiences to their external customers and partners. Yet migrating these various users to new cloud systems can be fraught with challenges, particularly when it comes to securing…

Balancing security with usability is a challenge that countless organisations face—both for their customers and for their workforces. We know that making both IT teams and end users happy is no easy task, which is why we are excited to announce that Risk-Based Authentication is now Generally Available for all Okta customers. The Ongoing Struggle:…

Password spraying has been one of the hottest topics in cyber security in the last few years. Right off the heels of multiple high-profile breaches, it’s been getting a lot of attention from security vendors, reporters, and the security community as a whole. In this post, we’ll discuss why password spraying is increasing in prevalence, and steps…

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In this post, we will explore the shortcomings of current…

As more companies move to support cloud-based environments to work with better mobility and flexibility, their number of vulnerability points also increase. A thriving underground economy that trades in hacking tools, cyber crime services, stolen data, and credentials is estimated to be worth $600 billion annually—that’s more than the film, gaming…

If you’re upgrading to new company software, a new operating system, or even moving from on-premises systems to the cloud, you’re thinking about user migration. User migration projects are rarely quick, nor easy, as they demand meticulous planning and attention to detail. However, with proper foresight and preparation, user migrations don’t need…

With the rise of of credential stuffing and similar attack methods, simple username and password authentication is not enough to deter bad actors. According to the Verizon Data Breach Investigations Report, there were over 55,000 security incidents and 2,200 confirmed data breaches in 2018, with a whopping 81% of those incidents being tied to…