Password Alternatives

Learn all about password-alternatives on the Octopusblog. Read about how Octopus Authenticator tools are replacing traditional password based methods.

Your Complete Guide to FIDO, FIDO2 and WebAuthn

By Shimrit Tzur-David|September 11th, 2019|Categories: Articles|Tags: , |

In the past years, advances in technology, a growing number of horrifying data breaches, and increasing awareness on the need to protect online personal and corporate accounts have led to growing efforts in creating multi-factor authentication (MFA) technologies. But while the dream of creating authentication mechanisms that don’t rely on just memorizing and typing passwords dates back to many years, never [...]

The Verizon Breach Report – 4 Things Learned

By Shimrit Tzur-David|May 27th, 2019|Categories: Articles|Tags: , , , |

Telecom giant Verizon Wireless recently released their annual Data Breach Investigation Report for 2019. The Report lays out a data-driven assessment of threat trends and other stats on information-breach incidents over the previous year. Looking over the Report’s 78 pages, several important realities about the state of authentication security come to light. Stolen Passwords are Still #1 Threat The 2019 report [...]

Shared Account Authentication – Solved!

By Amit Rahav|May 7th, 2019|Categories: Articles|Tags: , , , |

While today’s tech world is fast developing individual accounts rights and privileges, many organizations are using shared credentials to access shared resources. Shared resources can be tied to pretty much any platform or network tool, from email accounts, to servers and databases. An organization may end up using shared accounts for a variety of reasons. Sometimes the particular online tool leaves [...]

What Passwordless Authentication Prevents?

By Shimrit Tzur-David|May 1st, 2019|Categories: Articles|Tags: , , , |

If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]

Password Mangers Vs. Passwordless Authentication

By Shimrit Tzur-David|April 24th, 2019|Categories: Articles|Tags: , , |

Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]

How Does Passwordless Authentication Work?

By Shimrit Tzur-David|April 8th, 2019|Categories: Articles|Tags: , , , |

What is Passwordless Authentication? Passwordless authentication is any method of verifying the identity of a user that does not require the user to provide a password. Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user (e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s [...]

Passwordless Authentication for the Real-world

By Amit Rahav|March 6th, 2019|Categories: Articles|Tags: , , |

Recently Microsoft rolled out support for a passwordless authentication option in Windows 10. As of build 18309, Windows 10 users can setup and sign in using a phone number account, without ever having to create, or deal with a password. Other capabilities previously rolled out to help eliminate passwords include replacing them with biometrics and PINs. Passwords are a security concern [...]

How stolen passwords are damaging the cybersecurity industry

By Secret Double Octopus Staff|February 21st, 2019|Categories: Articles|Tags: , , |

On February 14, dating site Coffee Meets Bagel sent an email to its users, informing them that an unauthorized party may have gained access to their data. This is not the kind of Valentine’s Day message you would expect from a website that is supposed to help you find love. Coffee Meets Bagel was part of bundle online services whose stolen [...]

Big Credential Breaches

By Shimrit Tzur-David|February 12th, 2019|Categories: Articles|Tags: , |

In today’s digital threat landscape, large-scale information compromise is no longer big news. Averaging one a month, hackers have consistently managed to execute major breaches against organizations the world over, resulting in millions of compromised identities But the sheer scale of the most recent mega breach makes it something unique. Dubbed Collection #1 by its discoverer Troy Hunt, the breach amounts [...]

Establishing strong authentication for PSD2

By Inbal Voitiz|January 31st, 2019|Categories: Articles|Tags: , , , , |

September 14, 2019 will mark a milestone date for the online payment industry. That’s when the Strong Customer Authentication (SCA) regulation will come into effect. As part of the Revised Payment Service Directive (PSD2), SCA imposes stricter security rules on payment service providers to protect customers and merchants against the mounting threat of online fraud. Whether you’re running a business that [...]

How to Evaluate Push Authentication Solutions

By Shimrit Tzur-David|January 21st, 2019|Categories: Articles|Tags: , , |

It should come as no surprise that the global market for multi-factor authentication (MFA) technology is expected to grow fourfold by 2025. On the one hand, software continues to eat the world and online services are becoming increasingly important in every aspect of daily life, business, health care, politics, military, etc. On the other hand, data breaches are also rising in [...]

Preventing Corporate Account Takeover (CATO)

By Inbal Voitiz|January 14th, 2019|Categories: Articles|Tags: , , |

Businesses of all types and sizes present attractive targets for today’s cybercriminals. This is due to the simple fact that user accounts attached to organizations tend to give access to more assets than private ones. As the sophistication of cyber criminals has increased, the threat of the Corporate Account Takeover (CATO) has grown in tandem. For years, incidents of CATO have, [...]

What will Authentication Look Like in 2019

By Amit Rahav|January 2nd, 2019|Categories: Articles|Tags: , , |

With 2019 starting, it’s a good time to look back at 2018 to remember the lessons learned from security incidents involving user authentication and examine how the landscape will look in the next year.   Poor passwords continue to take their toll Like every year, 2018 taught us that poor passwords haven’t gone away, and they continue to give hackers easy [...]