It only takes one password
to make you vulnerable

Get a Demo

The realization of the need for a password-free future is global

That is why, in recent years authentication market has been filling out with new types of passwordless solutions in the likes of SMS, Biometrics, and QR codes. These solutions are improving the user experience, but they are far from supplying an enterprise ready solution that truly gets away with passwords.

If it’s not 100% Password-free, it’s NOT Password Free

Secret Double Octopus is the only solution offering a high assurance password-free authentication with:

Access to all applications, legacy and cloud

High frequency auto rotation for Active Directory passwords

Multi-factor authentication using quantum-safe algorithms

Learn more about Secret Double Octopus Authentication

  Secret Double
Octopus
OTP Tokens
(Hardware / Software)
PKI
Hardware Token
Mobile Push Out-of-Band
(SMS/email)
Biometrics
UX
Password-less
 

Providing uniform, password-free authentication to the enterprise network, remote access, SSO, and web/cloud services.

No passwords means delighted and productive users

Standards-based solution that supports enterprise network logon, remote access, SSO, and access to web/cloud services

Typically used as a second factor together with vulnerable passwords

Solutions generally support only remote access and access to web applications

Typically used as a second factor together with vulnerable passwords

No support for access to web/cloud services

No support for enterprise network logon

Typically used as a second factor with vulnerable passwords

No support for enterprise network logon

No support for enterprise network logon when using mobile device-based biometrics

 
Hardware free
 

No need to carry around (and occasionally misplace) a separate hardware authenticator.

Authenticator runs on the user’s mobile device

Hardware: Need to carry around a separate hardware token

Software: Authenticator runs on the user’s mobile device

Need to carry around a separate hardware token

Access is enabled only from hosts running device interface software

Authenticator runs on the user’s mobile device

No additional hardware required

No additional hardware required when using mobile device-based biometrics; dedicated hardware required otherwise

 
No OTP Typing
 

No need to enter one-time code-strings that leads to errors and delays logging in.

Authenticator communicates transparently with service backend –users don’t type in anything

User needs to enter OTP codes

Token middleware communicates with service backend

Authenticator communicates transparently with service backend

User needs to enter OTP codes

Frustrating user experience when code arrival is delayed

Sensor middleware communicates with service backend

Security
Resilient to key theft, MITM and phishing
 

Tightly securing secrets and authentication tokens against theft and/or interception.

Replaces vulnerable passwords with high-assurance, password-free authentication

Provably-secure authentication scheme protects against key/seed theft, phishing and man-in-the-middle attacks

Typically used as a second factor with vulnerable passwords

OTP codes are susceptible to phishing and man-in-the-middle attacks

Highly secure when properly implemented

Security tokens can be intercepted

Codes are susceptible to phishing and man-in-the-middle attacks

Mobile carrier and/or email accounts used for authentication can be easily compromised

Lost biometric credential can never be recovered

Compromised mobile devices and colluding hardware manufacturers can undermine biometric data

 
Windows domains / network assets protection

 

 

Securing access to the Windows domain and to networked resources from within the domain, to prevent lateral movement.

Support for enterprise network logon

Replaces static passwords used for lateral movement once in the network

Typically no support for enterprise network access

Static passwords remain a vulnerability once inside the network

PKI credential used to access network

Static passwords remain a vulnerability once inside the network

Typically no support for enterprise network access

Static passwords remain a vulnerability once inside the network

Typically no support for enterprise network access

Static passwords remain a vulnerability once inside the network

Typically no support for enterprise network access when using mobile device-based biometrics

Static passwords remain a vulnerability once inside the network

 
Password phishing, cracking, and pass-the- hash prevention

 

 

So long as passwords remain an authentication credential, alone or in conjunction with another factor of authentication, they can be phished, cracked, or stolen after being hashed (i.e. pass-the-hash).

Replaces vulnerable passwords with high-assurance, password-free authentication

Replaces static passwords used for lateral movement once in the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

Typically used as a second factor with vulnerable passwords

Static passwords and password hashes remain a vulnerability once inside the network

TCO
No password related support calls

 

 

So long as passwords continue to be used, password management costs continue to be incurred by the customer, irrespective of additional factors of authentication deployed.

No passwords means no costly resets and renewals

Used with passwords, which means customers will continue to incur all associated costs

Used with passwords, which means customers will continue to incur all associated costs

Typically used with passwords, which means customers will continue to incur all associated costs

Typically used with passwords, which means customers will continue to incur all associated costs

Typically used with passwords, which means customers will continue to incur all associated costs

 
Easy integration and maintenance

 

 

Standards-based (i.e. LDAP, RADIUS, etc.) integration with other systems and relying parties.

Standards-based solution that works well with 3rd party identity management/access management solutions, remote access and web/cloud access

Supports broadly adopted standards

Software: If part of an access management solution, then will likely not support 3rd parties

Requires client software which is hard to install and maintain

Supports broadly adopted standards

If part of an access management solution, then will likely not support 3rd parties

Supports broadly adopted standards

Varies by solution architecture and supported standards

 
Simple user enrollment

 

 

Straightforward, software-based user onboarding that requires no onerous logistics.

No hardware enrollment and logistics costs

No password enrollment

Hardware: Requires physical logistics to get the token to the user

Requires provisioning a password

Requires physical logistics to get the token to the user

Requires provisioning a password

No hardware enrollment and logistics costs

Typically requires provisioning a password

No hardware enrollment and logistics costs

Typically requires provisioning a password

Biometric enrollment is notoriously difficult and support-intensive

Typically requires provisioning a password

What They Say

“Not only match but exceed, the level of protection afforded by conventional cryptography”

“Extra-secure, but simple, keyless authentication services”

“Secret Double Octopus approach is unbreakable”