Password

The future of authentication is passwordless, and we know everything about passwordless solutions.

Bypassing 2FA

By Amit Rahav|November 4th, 2019|Categories: Articles|Tags: , , , |

Two factor authentication is all the rage right now. Consumers and business users alike are encouraged to use 2FA. It is often heralded as the ultimate solution to protect us against the dangers of identity theft and corporate data breaches.   Don’t get me wrong, 2FA is immensely better than a primitive login, but it is still not all that it is made out to be. Here is the deal: passwords are fundamentally unsafe. As long as passwords stay in the mix, defending accounts with additional layers of security (no matter how robust ) is a band-aid solution at best. 

True Cost of Password Based Authentication

By Amit Rahav|October 3rd, 2019|Categories: Articles|Tags: , , , |

Just because you don’t have to pay anything extra to buy this common form of authentication, it doesn’t mean that passwords are free.  Far from it, quite often passwords end up costing enterprises much more than what they have bargained for. Although the cost of passwords rarely comes up in management meetings, authenticating identity using passwords is a significant expense for [...]

The Ultimate Solution For Credential Stuffing Attacks

By Inbal Voitiz|September 19th, 2019|Categories: Articles|Tags: , , |

At the recent Usenix Security Conference, researchers at Google and Stanford revealed new statistics and insights that show the poor state of password security, and how credential stuffing remains an ever-present threat to the current account security landscape.  While the researches provide good information on password insecurity, their guidelines fall short of providing a permanent solution to protect individuals and organizations [...]

On-Premise Plus Cloud = The Hybrid Approach

By Inbal Voitiz|August 26th, 2019|Categories: Articles|Tags: , , , , |

A quick look at the headlines of tech blogs and publications will give the impression that all companies and organizations are transferring their IT infrastructure and digital assets to public cloud services. The transition to the cloud is happening at a gradually accelerating pace. The future of online businesses, small and large, resides in the cloud. It sounds like a fair [...]

14 British Cybersecurity Influencers That You Need to Follow

By Inbal Voitiz|August 8th, 2019|Categories: Uncategorized|Tags: , , |

The UK is known for the XFactor and Brexit, but it also boasts incredibly talented, funny, and entertaining cybersecurity experts. Each of the experts listed below excels in their field, and their online content is enlightening and educational — check them out! Dave Whitelegg (@SecurityExpert) Although Whitelegg has been writing about IT and security since 2007, his cybersecurity journey began in [...]

Astaroth – The Great Duke of Hell

By Shimrit Tzur-David|July 31st, 2019|Categories: Articles|Tags: , |

On the Octopus Blog, we’ve dedicated ourselves to tracking the evolution of credential-targeting threats endangering networks today. One of the more nefarious pieces of malware to be identified in recent time highlights both the risks posed to systems from Password-based authentication, as well as exemplifying why the industry’s approach to defense is misdirected.   Enter The Great Duke of Hell Recently, [...]

How Poor Passwords Turned 50,000 Servers Into Cryptocurrency Miners

By Shimrit Tzur-David|June 26th, 2019|Categories: Articles|Tags: , , , |

In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]

How Phishing Can Overcome 2FA

By Amit Rahav|June 17th, 2019|Categories: Articles|Tags: , , |

Phishing is a serious and ever-present threat to businesses and individuals The development of increasingly sophisticated methods coupled with high success rates has caused phishing attacks to double over the past year. While phishing comes in many forms, all phishing methods are in essence an attempt to extract credentials from an unsuspecting user through some form of trickery or outright manipulation. [...]

Authenticating Humans While Removing the Human Factor

By Inbal Voitiz|May 16th, 2019|Categories: Articles|Tags: , |

We’ve all seen the classic hacker movie set-up. A master cyber criminal breaks into a network using his superior skills and top notch equipment. This is the type of story that’s really fun to watch. But it’s also science fiction. In the real world hackers usually don’t orchestrate elaborate hacks to penetrate systems. They aim to steal credentials. Why hack when [...]

What Passwordless Authentication Prevents?

By Shimrit Tzur-David|May 1st, 2019|Categories: Articles|Tags: , , , |

If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]

Password Mangers Vs. Passwordless Authentication

By Shimrit Tzur-David|April 24th, 2019|Categories: Articles|Tags: , , |

Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]

How Does Passwordless Authentication Work?

By Shimrit Tzur-David|April 8th, 2019|Categories: Articles|Tags: , , , |

What is Passwordless Authentication? Passwordless authentication is any method of verifying the identity of a user that does not require the user to provide a password. Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user (e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s [...]

Solving Phishing from the Root

By Amit Rahav|April 3rd, 2019|Categories: Articles|Tags: , , |

Spear phishing. It’s one of the more vicious methods used by today’s cyber criminals to compromise networks. Phishing related attacks have been a favorite of the hackers tool kit for years. And these kinds of attacks are becoming more common and more sophisticated over time. What is Spear Phishing? In its most basic definition, phishing is an attempt to illicitly obtain [...]