Password-Free, High Assurance Authentication for Active Directory Domains

SDO Marketing Staff | January 17, 2018

With the release of this new solution, Secret Double Octopus has delivered the first authentication tool for AD that completely unburdens users from passwords while offering a more secure model.  

Get a demo here 

Seamless Authentication for Users, No Compromise on Security

Administrators of an organization’s AD access their control of resources through passwords. This means that a just one compromised password gains an attacker access to all resources of the account.

So what are the solutions?

The natural tendency for users to secure their passwords is to make them more complex. While this addresses some of the more simple methods of password theft, such as guessing and brute-force cracking, it fails to address other common methods such phishing scams. Furthermore, making passwords longer and more complicated, makes the experience of password implementation more difficult for users, and easier to forget. Attempts by users to address this issue such as making hard copies of their passwords, only exacerbate the security risk by increasing the likelihood passwords will be stolen or copied by attackers.

Another commonly used option is to deploy a second factor of authentication. While this solution does raise the level a system’s security posture, multi-factor authentication also comes with significant drawbacks. First of all, requiring additional factors also puts a strain on user experience and in turn, inhibits ease of access and productivity. From a security perspective, many of the most common multi-factor methods have been shown to be depreciated and even downright flawed.  Furthermore, all multi-factor solutions are lacking in that they only protect the end-points of data transfers, while leaving other critical assets across the domain exposed.

Simply put, demanding both a password-based system and strong authentication adversely impact user productivity and opens the door to vulnerabilities.  

A New Paradigm 

The new Octopus Domain Authentication replaces the passwords of the AD system altogether, providing a slew of beneficial business outcomes for users:

1) Eliminates password-based attacks on the domain by disposing  of passwords altogether

The Octopus Authenticator circumvents all of the security pitfalls of passwords such phishing, cracking and hacking. By replacing passwords with a high-assurance, password-free authenticator, the AD domain becomes immune to these password-based attacks. Authentication is done out-of-band, making attacks dramatically harder to carry out, as a successful attack would require an adversary to gain control over multiple devices simultaneously.

2) Improve user experience and productivity

By eliminating cumbersome authentication tools such as passwords and tokens, authentication becomes a seamless experience, which means more efficient workflow. Multiple login attempts and helpdesk tickets that lead to lost productivity are a thing of the past. Logging on to the domain is a simple, error-free process.

3) Reduce help desk costs associated with password management

The maintenance of a password-based system is demanding and expensive. Resetting expired, forgotten or compromised passwords is a routine job for domain admins. Password resets are one of the top reasons workers call company help desks, accounting for about one in four help desk tickets. Removing the need for passwords, therefore, relieves a significant burden from the enterprise helpdesk and domain admins, and increases worker productivity.

Because many of the common hacks on a system are attempts to exploit password vulnerabilities, eliminating passwords also frees up resources dedicated to preventing these attacks.  

Best of Both Worlds

The Octopus Authenticator gives users the best of both worlds. The solution frees individual users and organizations from the all of the burdens associated with passwords, and makes the authentication process hassle-free. At the same time, organizations can achieve the highest levels of protection for their Active Directory network, without any of the security pitfalls of password-based systems.

Get a demo here