Password

The future of authentication is passwordless, and we know everything about passwordless solutions.

Passwordless Authentication is BOOMING

By Inbal Voitiz|January 1st, 2020|Categories: Articles|Tags: , , , , |

We’ve always understood security and usability to have an inverse relationship. Passwords are fundamentally flawed. They offer the worst of both worlds – poor usability and poor security. But what if I told you that by letting go of passwords we can finally make usability and security work together, not against each other?

State Sponsored Identity Breaches

By Shimrit Tzur-David|November 27th, 2019|Categories: Uncategorized|Tags: , , |

Cybersecurity officials in Bulgaria revealed news of a massive hack that hit government databases. According to reports, records of more than five million Bulgarians were stolen by hackers from the country's tax revenue office. In a country with a population of just seven million, the scale of the hack means that basically, every Bulgarian adult has had their personal information compromised. [...]

Bypassing 2FA

By Amit Rahav|November 4th, 2019|Categories: Articles|Tags: , , , |

Two factor authentication is all the rage right now. Consumers and business users alike are encouraged to use 2FA. It is often heralded as the ultimate solution to protect us against the dangers of identity theft and corporate data breaches.   Don’t get me wrong, 2FA is immensely better than a primitive login, but it is still not all that it is made out to be. Here is the deal: passwords are fundamentally unsafe. As long as passwords stay in the mix, defending accounts with additional layers of security (no matter how robust ) is a band-aid solution at best. 

True Cost of Password Based Authentication

By Amit Rahav|October 3rd, 2019|Categories: Articles|Tags: , , , |

Just because you don’t have to pay anything extra to buy this common form of authentication, it doesn’t mean that passwords are free.  Far from it, quite often passwords end up costing enterprises much more than what they have bargained for. Although the cost of passwords rarely comes up in management meetings, authenticating identity using passwords is a significant expense for [...]

The Ultimate Solution For Credential Stuffing Attacks

By Inbal Voitiz|September 19th, 2019|Categories: Articles|Tags: , , |

At the recent Usenix Security Conference, researchers at Google and Stanford revealed new statistics and insights that show the poor state of password security, and how credential stuffing remains an ever-present threat to the current account security landscape.  While the researches provide good information on password insecurity, their guidelines fall short of providing a permanent solution to protect individuals and organizations [...]

On-Premise Plus Cloud = The Hybrid Approach

By Inbal Voitiz|August 26th, 2019|Categories: Articles|Tags: , , , , |

A quick look at the headlines of tech blogs and publications will give the impression that all companies and organizations are transferring their IT infrastructure and digital assets to public cloud services. The transition to the cloud is happening at a gradually accelerating pace. The future of online businesses, small and large, resides in the cloud. It sounds like a fair [...]

14 British Cybersecurity Influencers That You Need to Follow

By Inbal Voitiz|August 8th, 2019|Categories: Uncategorized|Tags: , , |

The UK is known for the XFactor and Brexit, but it also boasts incredibly talented, funny, and entertaining cybersecurity experts. Each of the experts listed below excels in their field, and their online content is enlightening and educational — check them out! Dave Whitelegg (@SecurityExpert) Although Whitelegg has been writing about IT and security since 2007, his cybersecurity journey began in [...]

Astaroth – The Great Duke of Hell

By Shimrit Tzur-David|July 31st, 2019|Categories: Articles|Tags: , |

On the Octopus Blog, we’ve dedicated ourselves to tracking the evolution of credential-targeting threats endangering networks today. One of the more nefarious pieces of malware to be identified in recent time highlights both the risks posed to systems from Password-based authentication, as well as exemplifying why the industry’s approach to defense is misdirected.   Enter The Great Duke of Hell Recently, [...]

How Poor Passwords Turned 50,000 Servers Into Cryptocurrency Miners

By Shimrit Tzur-David|June 26th, 2019|Categories: Articles|Tags: , , , |

In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]

How Phishing Can Overcome 2FA

By Amit Rahav|June 17th, 2019|Categories: Articles|Tags: , , |

Phishing is a serious and ever-present threat to businesses and individuals The development of increasingly sophisticated methods coupled with high success rates has caused phishing attacks to double over the past year. While phishing comes in many forms, all phishing methods are in essence an attempt to extract credentials from an unsuspecting user through some form of trickery or outright manipulation. [...]

Authenticating Humans While Removing the Human Factor

By Inbal Voitiz|May 16th, 2019|Categories: Articles|Tags: , |

We’ve all seen the classic hacker movie set-up. A master cyber criminal breaks into a network using his superior skills and top notch equipment. This is the type of story that’s really fun to watch. But it’s also science fiction. In the real world hackers usually don’t orchestrate elaborate hacks to penetrate systems. They aim to steal credentials. Why hack when [...]

What Passwordless Authentication Prevents?

By Shimrit Tzur-David|May 1st, 2019|Categories: Articles|Tags: , , , |

If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]

Password Mangers Vs. Passwordless Authentication

By Shimrit Tzur-David|April 24th, 2019|Categories: Articles|Tags: , , |

Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]