Password-Free High-Assurance Authentication

Octopus Authenticator measured against other alternatives

  Secret Double Octopus OTP Tokens
(Hardware / Software)
PKI
Hardware Token
Mobile Push Out-of-Band (SMS/email) Biometrics
Examples   RSA SecureID, Vasco DigiPassGoogle Authenticator Gemalto USB Smartcard, Yubikey Smart Card Duo, Symantec VIP, Okta Verify    
UX
Password-less
 

Providing uniform, password-free authentication to the enterprise network, remote access, SSO, and web/cloud services.

No passwords means delighted and productive users

Standards-based solution that supports enterprise network logon, remote access, SSO, and access to web/cloud services

Typically used as a second factor together with vulnerable passwords

Solutions generally support only remote access and access to web applications

Typically used as a second factor together with vulnerable passwords

No support for access to web/cloud services

No support for enterprise network logon

Typically used as a second factor with vulnerable passwords

No support for enterprise network logon

No support for enterprise network logon when using mobile device-based biometrics

 
Hardware free
 

No need to carry around (and occasionally misplace) a separate hardware authenticator.

Authenticator runs on the user’s mobile device

Hardware: Need to carry around a separate hardware token

Software: Authenticator runs on the user’s mobile device

Need to carry around a separate hardware token

Access is enabled only from hosts running device interface software

Authenticator runs on the user’s mobile device

No additional hardware required

No additional hardware required when using mobile device-based biometrics; dedicated hardware required otherwise

 
No OTP Typing
 

No need to enter one-time code-strings that leads to errors and delays logging in.

Authenticator communicates transparently with service backend –users don’t type in anything

User needs to enter OTP codes

Token middleware communicates with service backend

Authenticator communicates transparently with service backend

User needs to enter OTP codes

Frustrating user experience when code arrival is delayed

Sensor middleware communicates with service backend

Security
Resilient to key theft, MITM and phishing
 

Tightly securing secrets and authentication tokens against theft and/or interception.

Replaces vulnerable passwords with high-assurance, password-free authentication

Provably-secure authentication scheme protects against key/seed theft, phishing and man-in-the-middle attacks

Typically used as a second factor with vulnerable passwords

OTP codes are susceptible to phishing and man-in-the-middle attacks

Highly secure when properly implemented

Security tokens can be intercepted

Codes are susceptible to phishing and man-in-the-middle attacks

Mobile carrier and/or email accounts used for authentication can be easily compromised

Lost biometric credential can never be recovered

Compromised mobile devices and colluding hardware manufacturers can undermine biometric data

 
Windows domains / network assets protection

 

 

Securing access to the Windows domain and to networked resources from within the domain, to prevent lateral movement.

Support for enterprise network logon

Replaces static passwords used for lateral movement once in the network

Typically no support for enterprise network access

Static passwords remain a vulnerability once inside the network

PKI credential used to access network

Static passwords remain a vulnerability once inside the network

Typically no support for enterprise network access

Static passwords remain a vulnerability once inside the network

Typically no support for enterprise network access

Static passwords remain a vulnerability once inside the network

Typically no support for enterprise network access when using mobile device-based biometrics

Static passwords remain a vulnerability once inside the network

 
Password phishing, cracking, and pass-the- hash prevention

 

 

So long as passwords remain an authentication credential, alone or in conjunction with another factor of authentication, they can be phished, cracked, or stolen after being hashed (i.e. pass-the-hash).

Replaces vulnerable passwords with high-assurance, password-free authentication

Replaces static passwords used for lateral movement once in the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

TCO
No password related support calls

 

 

So long as passwords continue to be used, password management costs continue to be incurred by the customer, irrespective of additional factors of authentication deployed.

No passwords means no costly resets and renewals

Used with passwords, which means customers will continue to incur all associated costs

Used with passwords, which means customers will continue to incur all associated costs

Typically used with passwords, which means customers will continue to incur all associated costs

Typically used with passwords, which means customers will continue to incur all associated costs

Typically used with passwords, which means customers will continue to incur all associated costs

 
Easy integration and maintenance

 

 

Standards-based (i.e. LDAP, RADIUS, etc.) integration with other systems and relying parties.

Standards-based solution that works well with 3rd party identity management/access management solutions, remote access and web/cloud access

Supports broadly adopted standards

Software: If part of an access management solution, then will likely not support 3rd parties

Requires client software which is hard to install and maintain

Supports broadly adopted standards

If part of an access management solution, then will likely not support 3rd parties

Supports broadly adopted standards

Varies by solution architecture and supported standards

 
Simple user enrollment

 

 

Straightforward, software-based user onboarding that requires no onerous logistics.

No hardware enrollment and logistics costs

No password enrollment

Hardware: Requires physical logistics to get the token to the user

Requires provisioning a password

Requires physical logistics to get the token to the user

Requires provisioning a password

No hardware enrollment and logistics costs

Typically requires provisioning a password

No hardware enrollment and logistics costs

Typically requires provisioning a password

Biometric enrollment is notoriously difficult and support-intensive

Typically requires provisioning a password

Secret Double Octopus replaces vulnerable and expensive passwords with high-assurance, password-free
authentication. As a result, security is enhanced, costs reduced and user experience improved.

Improve your security posture

Secret Double Octopus’s secure algorithm ensures that the authentication process is safe from phishing and man-in-the-middle attacks. Other MFA solutions that are based on one-time codes, whether generated by a hardware or software token, sent in-band or out-of-band, are susceptible to phishing and man-in-the-middle attacks.

Reduce your costs

With the Octopus Authenticator running on the user’s mobile device, there is no need for expensive hardware tokens. Eliminating passwords relieves a significant burden from the enterprise helpdesk and domain admins, as passwords never have to be refreshed, reset, or recovered.

Delight
your users

With passwords out of the equation, users are happier and more productive. No more multiple login attempts and helpdesk tickets that lead to lost productivity. Logging on to the domain is a simple, quick and error-free process that succeeds every time.

One
authenticator

Using the Octopus Authenticators, employees can access all their enterprise resources. Designed for the needs of the enterprise, the Octopus Authenticator is one solution for authenticating remote access users, access to web or cloud services, and logons to enterprise networks.

Works with
Active Directory

Octopus Domain Authentication works seamlessly with your existing Active
Directory service, allowing your domain to go password-free. Users are happier
and more productive logging on to the AD domain without passwords, and your
security posture is improved.

“Secret Double Octopus approach is unbreakable”

“Password-free authentication, including Windows PC, network login, and access to applications.”
“Extra-secure, but simple, keyless authentication services”

Learn more about Secret Double Octopus Authentication
by scheduling a demo or contact us.

Howdy,
Search exact
Search sentence
Buy Premium Version to add more powerful tools to this place. https://wpclever.net/downloads/wp-admin-smart-search