security

How FIDO2 + WebAuthn Offer a Seamless, Secure Login

For those not familiar with FIDO2, it is an improved version of the FIDO standard – popularly known for the U2F USB tokens provided by Google and Yubico. Now that we've explored what Webauthn is and reviewed critical Webauthn building blocks and protocols, I’ll use this post to break down how you can leverage WebAuthn with FIDO2 to enhance both…

The Ultimate Guide to FIDO2 and WebAuthn Terminology

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In a previous blog post we went through some examples of how…

How Okta Can Help Confirm User Consent to Comply with Data Privacy Laws

With the proliferation of massive security breaches like Panera Bread and many others in 2018, new data privacy regulations like the GDPR are being enforced to protect individuals’ personal data. As awareness of these breaches rises, loss of individual trust is tied directly to customer sentiment, which, in turn, impacts revenue. In this post, we…

What is Credential Stuffing?

Malware often gets top billing in mainstream news reporting of cyber-threats. It makes for snappy headlines and a compelling narrative—–but it’s not the whole story. Increasingly, organizations are finding customers exposed to malware-free account takeover attacks, which could result in serious data theft. There are several ways hackers can…

How to Keep PII Secure while Migrating Users to the Cloud

Organizations are increasingly leveraging the benefits of the cloud to support employee productivity and IT efficiencies, while also delivering more compelling user experiences to their external customers and partners. Yet migrating these various users to new cloud systems can be fraught with challenges, particularly when it comes to securing…

Okta Auth API: We roll auth so you don’t have to

Secure authentication is crucial for customers using your app. But building an authentication model for your application from the ground up is not easy for your developers. From dealing with conflicting user schemas to easing the flow of data between components, managing and protecting user accounts is probably not your team’s favorite part of…

CSA Summit Panelists Talk Disruptive Technologies at RSA19

At RSAC19, The Cloud Security Alliance hosted a discussion titled, “The Approaching Decade of Disruptive Technologies,” featuring security leaders from Duo, Centrify, Onapsis, and Okta’s own Executive Director of Cybersecurity Strategy, Marc Rogers. IOActive CEO Jennifer Steffens led the session with the intent of discussing what disruptive…

Password spraying detection: Where do I start?

Password spraying has been one of the hottest topics in cyber security in the last few years. Right off the heels of multiple high-profile breaches, it’s been getting a lot of attention from security vendors, reporters, and the security community as a whole. In this post, we’ll discuss why password spraying is increasing in prevalence, and steps…

What is WebAuthn?

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In this post, we will explore the shortcomings of current…

Navigating your Identity and Access Management Journey

The benefits of implementing identity and access management (IAM) speak for themselves. Having a centralized IAM solution means fewer passwords, a better end user experience, and a centralized solution for managing access to both cloud and on-prem apps and services. Despite this, investing in identity and access management is not top of mind for…

Archive