Read the results of the largest US-based study focused on workforce passwordless authentication with Ponemon Institute
The State of Workforce Passwordless Authentication report

Octopus Blog | Threats and Alerts

Bypassing 2FA

Blog

Monday November 4, 2019

Bypassing 2FA

Two factor authentication is all the rage right now. Consumers and business users alike are encouraged to use 2FA. It is often heralded as the ultimate solution to protect us against the dangers of identity theft and corporate data breaches.   Don’t get me wrong, 2FA is immensely better than a primitive login, but it is still not all that it is made out to be. Here is the deal: passwords are fundamentally unsafe. As long as passwords stay in the mix, defending accounts with additional layers of security (no matter how robust ) is a band-aid solution at best. 
Read more

About Octopus

Secret Double Octopus is the passwordless authentication solution for the enterprise. We liberate end-users and security teams from the burden of passwords with the simplicity and security of strong passwordless authentication.

True Real Cost of Passwords

Blog

Thursday October 3, 2019

True Cost of Password Based Authentication

Just because you don’t have to pay anything extra to buy this common form of authentication, it doesn’t mean that passwords are free.  Far from it, quite often passwords end up costing enterprises much more than what they have bargained for. Although the cost of passwords rarely comes up in management meetings, authenticating identity using...
Read more

Solving Credential Stuffing Attacks

Blog

Thursday September 19, 2019

The Ultimate Solution For Credential Stuffing Attacks

At the recent Usenix Security Conference, researchers at Google and Stanford revealed new statistics and insights that show the poor state of password security, and how credential stuffing remains an ever-present threat to the current account security landscape.  While the researches provide good information on password insecurity, their guidelines fall short of providing a permanent...
Read more

Air Gap Networks & MFA

Blog

Tuesday August 20, 2019

Air Gap Network Multi Factor Authentication

Air gaping. It’s the ‘nuclear option’ of network security. By separating a machine from any other computer, managers can all but guarantee that it cannot be penetrated remotely. Air gaping, or network separation as it is often known, is the step taken by the serious neurotics among users or because the regulatory body you report...
Read more

The Astaroth Malware

Blog

Wednesday July 31, 2019

Astaroth – The Great Duke of Hell

On the Octopus Blog, we’ve dedicated ourselves to tracking the evolution of credential-targeting threats endangering networks today. One of the more nefarious pieces of malware to be identified in recent time highlights both the risks posed to systems from Password-based authentication, as well as exemplifying why the industry’s approach to defense is misdirected. Enter The...
Read more

The PCM Breach

Blog

Monday July 22, 2019

Every Password Matters – The PCM Case

Large tech companies like Microsoft and Google go to great lengths to secure their services and protect their customers’ accounts and identities. But what about the security of the partners and third parties that provide services on their behalf? A recent article on famous cybersecurity blog KrebsOnSecurity blog post unveiled a breach at PCM, a...
Read more

Visit the OctoCampus

Get a crash course in passwordless authentication at our campus to learn all about modern workforce authentication technologies and standrads!

The GoldBrute BotNet

Blog

Tuesday July 2, 2019

GoldBrute – The Enemy of RDP

Hardly a month goes by without new reports on attacks exploiting vulnerable password-based authentication systems. Earlier this month, analysts at Morhus Labs discovered a malicious bot campaign they named GoldBrute. Mode of Attack GoldBrute is a botnet that aims to hack Remote Desktop Protocols (RDP) that have weak credentials. The bot scans through IPs from...
Read more