Okta FastPass: The modern authenticator the public sector deserves
“Nothing happens until someone tries to log in to something”
- Ancient Authentication Proverb
For as long as we can remember, users have had to choose between strong, secure authentication and a great, friction-free user experience. Now, you don’t have to. Okta’s FastPass is a first-of-its-kind, robust, secure-by-design authentication mechanism possessing the “ease of use” our forefathers could only dream about. While U.S. government agencies have long relied on smartcards (CAC and PIV) to log in to their applications, this infrastructure has become increasingly difficult to support in the modern world of cloud computing and mobile device access.
However, it’s not only about “strong authentication” or “top-notch user experiences.” Staying ahead of attackers requires a dynamic security model built directly into the authentication flow. Things like Okta’s Identity Threat Protection will, over time, change the game in modern authentication.
Why FastPass?
By securing at the first point of authentication and continuing along the lifespan of an active single sign-on (SSO) session – FastPass can mitigate the impact of phishing attacks, session theft, and unauthorized local activity. Enabling passwordless, cryptographically secure access to trusted applications only, FastPass provides an intuitive user experience consistently across major platforms and devices, managed or unmanaged. FastPass strengthens your organization’s Zero Trust security with optional silent context evaluations of browsers and devices at every app login and signals from your broader security solution ecosystem.
U.S. government agencies turn to NIST for guidance on which authenticators meet the security and compliance requirements for use within the government workforce. The next version of NIST 800-63B (v4), currently in draft, extends the definition of phishing resistance to include more than smartcards or hardware security keys (e.g., YubiKeys). With the passage of OMB M-22-09 and the draft guidance around NIST 800-63 v4, the U.S. government has a clear path forward. As such, agencies can now offer users a choice of phishing-resistant authenticators that best suit their needs – including FastPass – resulting in greater accessibility and ease of use for their workforce.
Third-party phishing-resistance assessment of Okta FastPass
In June of 2024, a globally recognized cybersecurity and audit firm completed an assessment of Okta FastPass based on various Identity, security, and privacy frameworks.
In the course of the assessment, the firm evaluated FastPass on a wide range of critical features, including:
- Organizational controls, policies, and procedures
- Data and information security and privacy policies
- Data flows, user journeys, and the overall FastPass technical architecture and platform
As a result, Okta received reasonable assurance that we designed and implemented FastPass appropriate safeguards and controls to make FastPass phishing resistant and align with NIST SP 800-63-3 AAL-2 and 3 and the draft guidance around NIST SP 800-63-4. For a copy of the assessment, please contact your Okta sales representative.
Balance security and user convenience for today's modern workforce
FastPass offers users one of the safest ways to log in as a strong, phishing-resistant, multi-factor authenticator. Designed for defense-in-depth, FastPass enables phishing-resistant authentication that continues protection long after the initial access request. By leveraging passwordless, phishing-resistant flows and device posture checks, FastPass can help achieve secure access to U.S. government resources while minimizing end-user friction.
With Okta FastPass, U.S. government agencies can:
- Enable phishing-resistant authentication: Mitigate the most common phishing attacks for managed and unmanaged devices on all supported platforms.
- Evaluate device context: Verify the device and browser used during authentication as signals from first-party and third-party sources are collected to make more informed authentication and authorization decisions.
- Allow passwordless logins: Offer passwordless authentication to all FastPass-protected resources, improving employee experience and reducing friction due to multiple passwords (and password resets) and out-of-band factors like push, time-based one-time passwords, and SMS.
With its comprehensive features and focus on security, Okta FastPass is the ideal solution for agencies aiming to balance security with an improved user experience, meeting the needs of today's modern workforce.
Find out how you can improve employee experience and security at your organization with Okta FastPass.