Passwordless MFA in An Hour

Don Shin | April 19, 2023

Passwordless MFA slashes the attack surface, makes IT and users happier and more productive, and pays measurable dividends within the first year. You might think achieving all that has to be a massive, complicated project.

We will show you that, with the Octopus approach absorbing the complexity, it can take just an hour to connect Octopus Cloud to your directories, configure the system, and start onboarding users. Of course, in the real world, your mileage may vary.

Skepticism is warranted, especially if you’ve had a bad experience with rolling out government-issued PIV and CAC smartcards or if your company took a shot at Windows Hello for Business. From what we’ve seen and heard from customers, even the most successful of these programs typically require you to:

  • Re-code applications to get complete service coverage
  • Rearchitect directories
  • Build out client-side PKI infrastructure before onboarding a single user
  • Spend more than expected

And in many cases, these programs ultimately don’t eliminate the user password anyway (read: Why passwordless can’t eliminate passwords). Many Octopus customers had a horrible time bringing up traditional MFA and as a result, were initially suspicious about taking the passwordless MFA plunge. But what else can an IT leader do after getting phished and suffering the lateral movement consequences? 

Passwordless MFA offers a path to phishing resistance, and it doesn’t need to be hard.

Pleasantly Surprised by Less

Customers find that Octopus passwordless MFA is, as the name says, “less”: less risk, less helpdesk calls, less frustrated users. And as the saying goes, sometimes ‘less is more: more security, more time, and more control for your IT leaders. 

How Is Octopus Different from Other Passwordless? 

Conventional wisdom says crypto techniques are the pathway to eliminating passwords and that statement is mostly true. However, the industry has evolved following the bad lessons from the government PIV and CAC dependence on X.509 certificates. 

As mentioned, the problem with that passwordless strategy is forcing application and directory rearchitecting to transition from passwords to PKI. Adopting client-side PKI infrastructure is not bad, but it is a significant effort.

Octopus passwordless MFA works with password directories. The Octopus eliminates users’ use of passwords which takes away attackers’ ability to exploit passwords or phish users, preventing the downstream lateral consequences. Octopus passwordless MFA separates the user side of the passwordless workflow from the infrastructure, specifically by working with password applications and password directories. 

Working with password directories and FIDO2 might not be a big deal for unicorn greenfield SaaS-only startups. But for the rest of us, with complex networks and critical applications already driving our businesses, yeah, a big deal.

Watch Passwordless MFA in an Hour

The details of how it works are out of the scope of this blog but you can get a sense of how easy it can be to get started on your journey to a future without users creating, remembering, and exposing passwords. Watch this brief eye-opening video and then schedule a demo with our passwordless MFA experts for a deeper dive.