Secret Double Octopus believes in the power of partnerships and works closely with its partners to ensure their success. Our partner program features three tracks:
Selling Partners for distributors, resellers, and most systems integrators.
Resell our high-assurance, password-free authentication solution to help your customers achieve better security and compliance with user authentication requirements – all without compromising on user experience
Managed Service Partners for MSP/MSSPs offering the Octopus solution as a managed service.
Expand your service offering with our high-assurance, password-free authentication solution to help your customers achieve better security and compliance – all without compromising on user experience.
Technology Partners for product/solution vendors that would like to integrate with the Octopus solution.
Integrate and bundle with your solution our high-assurance, password-free authentication to achieve better security and compliance – all without compromising on user experience.
Help your customers prevent password-based attacks by getting rid of passwords. Deploy a strong authentication solution that will improve user experience and comply with requirements and regulations. Lower operational costs by reducing password-related helpdesk tickets and user downtime
 Secret Double Octopus |
 OTP Tokens(Hardware / Software) |
 PKI Hardware Token |
 Mobile Push |
 Out-of-Band (SMS/email) |
 Biometrics |
||
|---|---|---|---|---|---|---|---|
| Examples | RSA SecureID, Vasco DigiPassGoogle Authenticator | Gemalto USB Smartcard, Yubikey Smart Card | Duo, Symantec VIP, Okta Verify | ||||
| UX |
Password-less
|
|
|
|
|
|
|
|
Providing uniform, password-free authentication to the enterprise network, remote access, SSO, and web/cloud services. |
No passwords means delighted and productive users Standards-based solution that supports enterprise network logon, remote access, SSO, and access to web/cloud services |
Typically used as a second factor together with vulnerable passwords Solutions generally support only remote access and access to web applications |
Typically used as a second factor together with vulnerable passwords No support for access to web/cloud services |
No support for enterprise network logon |
Typically used as a second factor with vulnerable passwords No support for enterprise network logon |
No support for enterprise network logon when using mobile device-based biometrics |
|
|
Hardware free
|
|
 |
|
|
|
|
|
|
No need to carry around (and occasionally misplace) a separate hardware authenticator. |
Authenticator runs on the user’s mobile device |
Hardware: Need to carry around a separate hardware token Software: Authenticator runs on the user’s mobile device |
Need to carry around a separate hardware token Access is enabled only from hosts running device interface software |
Authenticator runs on the user’s mobile device |
No additional hardware required |
No additional hardware required when using mobile device-based biometrics; dedicated hardware required otherwise |
|
|
No OTP Typing
|
|
|
|
|
|
|
|
|
No need to enter one-time code-strings that leads to errors and delays logging in. |
Authenticator communicates transparently with service backend –users don’t type in anything |
User needs to enter OTP codes |
Token middleware communicates with service backend |
Authenticator communicates transparently with service backend |
User needs to enter OTP codes Frustrating user experience when code arrival is delayed |
Sensor middleware communicates with service backend |
|
| Security |
Resilient to key theft, MITM and phishing
|
|
|
|
|
|
|
|
Tightly securing secrets and authentication tokens against theft and/or interception. |
Replaces vulnerable passwords with high-assurance, password-free authentication Provably-secure authentication scheme protects against key/seed theft, phishing and man-in-the-middle attacks |
Typically used as a second factor with vulnerable passwords OTP codes are susceptible to phishing and man-in-the-middle attacks |
Highly secure when properly implemented |
Security tokens can be intercepted |
Codes are susceptible to phishing and man-in-the-middle attacks Mobile carrier and/or email accounts used for authentication can be easily compromised |
Lost biometric credential can never be recovered Compromised mobile devices and colluding hardware manufacturers can undermine biometric data |
|
|
Windows domains / network assets protection
|
|
|
|
|
|
|
|
|
Securing access to the Windows domain and to networked resources from within the domain, to prevent lateral movement. |
Support for enterprise network logon Replaces static passwords used for lateral movement once in the network |
Typically no support for enterprise network access Static passwords remain a vulnerability once inside the network |
PKI credential used to access network Static passwords remain a vulnerability once inside the network |
Typically no support for enterprise network access Static passwords remain a vulnerability once inside the network |
Typically no support for enterprise network access Static passwords remain a vulnerability once inside the network |
Typically no support for enterprise network access when using mobile device-based biometrics Static passwords remain a vulnerability once inside the network |
|
|
Password phishing, cracking, and pass-the- hash prevention
|
|
|
|
|
|
|
|
|
So long as passwords remain an authentication credential, alone or in conjunction with another factor of authentication, they can be phished, cracked, or stolen after being hashed (i.e. pass-the-hash). |
Replaces vulnerable passwords with high-assurance, password-free authentication Replaces static passwords used for lateral movement once in the network |
Typically used as a second factor with vulnerable passwords Static passwords and password hashes remain a vulnerability once inside the network |
Typically used as a second factor with vulnerable passwords Static passwords and password hashes remain a vulnerability once inside the network |
Typically used as a second factor with vulnerable passwords Static passwords and password hashes remain a vulnerability once inside the network |
Typically used as a second factor with vulnerable passwords Static passwords and password hashes remain a vulnerability once inside the network |
Typically used as a second factor with vulnerable passwords Static passwords and password hashes remain a vulnerability once inside the network |
|
| TCO |
No password related support calls
|
|
|
|
|
|
|
|
So long as passwords continue to be used, password management costs continue to be incurred by the customer, irrespective of additional factors of authentication deployed. |
No passwords means no costly resets and renewals |
Used with passwords, which means customers will continue to incur all associated costs |
Used with passwords, which means customers will continue to incur all associated costs |
Typically used with passwords, which means customers will continue to incur all associated costs |
Typically used with passwords, which means customers will continue to incur all associated costs |
Typically used with passwords, which means customers will continue to incur all associated costs |
|
|
Easy integration and maintenance
|
|
|
|
|
|
|
|
|
Standards-based (i.e. LDAP, RADIUS, etc.) integration with other systems and relying parties. |
Standards-based solution that works well with 3rd party identity management/access management solutions, remote access and web/cloud access |
Supports broadly adopted standards Software: If part of an access management solution, then will likely not support 3rd parties |
Requires client software which is hard to install and maintain |
Supports broadly adopted standards If part of an access management solution, then will likely not support 3rd parties |
Supports broadly adopted standards |
Varies by solution architecture and supported standards |
|
|
Simple user enrollment
|
|
|
|
|
|
|
|
|
Straightforward, software-based user onboarding that requires no onerous logistics. |
No hardware enrollment and logistics costs No password enrollment |
Hardware: Requires physical logistics to get the token to the user Requires provisioning a password |
Requires physical logistics to get the token to the user Requires provisioning a password |
No hardware enrollment and logistics costs Typically requires provisioning a password |
No hardware enrollment and logistics costs Typically requires provisioning a password |
Biometric enrollment is notoriously difficult and support-intensive Typically requires provisioning a password |
|
Partnering with Secret Double Octopus gives Okta customers the ability to remove the need for passwords for Active Directory and other legacy directories, creating a better user experience for end users and better security for an enterprise
Chuck Fontana, Vice President of Okta Integrations and Strategic Partnerships
“Secret Double Octopus is an innovative partner, enabling us to offer clients the best of breed authentication solutions to a broad range of critical use cases”
Abraham Wu. Head of Partnership Programs, IISI
“With our rich understanding of current market needs, we were excited to learn about Secret Double Octopus’ unique technology, which eliminates the need for keys and passwords, while offering stronger authentication.”
Rafael Maman, Partner, PwC
“By bringing Secret Double Octopus into our vendor portfolio, Azlan enriches its security offering with an innovative solution that addresses customers’ authentication challenges. The solution is scalable, easy to deploy, and helps provide cost-effective security.”
David Harvey, Business Development Director Europe, Tech Data
“Secret Double Octopus’ password-free security approach is a game changer, and we are excited to put it at the service of BDO clients.”
Jason Gottschalk, Partner and Cyber Security Consultant, BDO UK