Telecom giant Verizon Wireless recently released their annual Data Breach Investigation Report for 2019. The Report lays out a data-driven assessment of threat trends and other stats on information-breach incidents over the previous year. Looking over the Report’s 78 pages, several important realities about the state of authentication security come to light. Stolen Passwords are Still #1 Threat The 2019 report [...]
We’ve all seen the classic hacker movie set-up. A master cyber criminal breaks into a network using his superior skills and top notch equipment. This is the type of story that’s really fun to watch. But it’s also science fiction. In the real world hackers usually don’t orchestrate elaborate hacks to penetrate systems. They aim to steal credentials. Why hack when [...]
While today’s tech world is fast developing individual accounts rights and privileges, many organizations are using shared credentials to access shared resources. Shared resources can be tied to pretty much any platform or network tool, from email accounts, to servers and databases. An organization may end up using shared accounts for a variety of reasons. Sometimes the particular online tool leaves [...]
If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]
Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]
What is Passwordless Authentication? Passwordless authentication is any method of verifying the identity of a user that does not require the user to provide a password. Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user (e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s [...]
Spear phishing. It’s one of the more vicious methods used by today’s cyber criminals to compromise networks. Phishing related attacks have been a favorite of the hackers tool kit for years. And these kinds of attacks are becoming more common and more sophisticated over time. What is Spear Phishing? In its most basic definition, phishing is an attempt to illicitly obtain [...]
TEL AVIV, Israel, April 2, 2019 - Secret Double Octopus, the pioneer of Password-Free Enterprise Authentication, announced today a partnership with Okta, the leading independent provider of identity for the enterprise, to deliver an all-encompassing passwordless experience for global customers and service providers. The new generation of workforce authentication is passwordless. According to Gartner, 60%-90% of large to midsize enterprises will implement passwordless methods by [...]
In January 2019 The Ponemon Institute published a report on the State of Password and Authentication Security Behaviors - a report sponsored by authentication hardware manufacturer Yubico. The report offers additional proof for how passwords continue to compromise privacy and security for both users and businesses. The Rundown From our perspective at Secret Double Octopus, the Ponemon report echos a lot [...]
Howdy,