The State of Secure Identity Report 2023

Explore today’s most common attack patterns, and the broad trends that are shaping tomorrow’s threat landscape.

A man smiling while glancing down at his phone.

Promote your business growth.
Protect against bad actors.

AI is transforming the threat landscape and securing your Customer Identity has never been more challenging. How can you continue to engage your customers with minimal friction, while staying ahead of increasingly sophisticated attacks?

Here's a look at what we learned:

A login screen and percent of web application attacks involving use of compromised credentials.

The first target for threats? Your Customer Identity.

The login box is both the greeter and gatekeeper to your customer-facing applications and services, making it a target for attackers.

Bad actors are evolving their methods and are increasingly focused on breaking past your first line of defense.

Fraudulent registrations are interfering with real customers’ access to your products, services, or incentives, and creating openings for ATO attacks and synthetic identity fraud.

.css-1izpi9k.gbi-571120915-qLCKuAqHhRduWj8bQ5msyJ:before { opacity: 1; background-image: url('/_static/web/static/1e777091cfa124766e1954af42e7f186/869a6/Shiven_Ramji20%25286%2529.jpg'); }

.css-ekmg7i.gbi-571120915-s7qUuESr9eMNgRQPvegPjA:before { opacity: 1; background-image: url('/_static/web/static/1e777091cfa124766e1954af42e7f186/869a6/Shiven_Ramji20%25286%2529.jpg'); }

“As cybercriminals utilise AI to get past the login box...protecting it also requires sophisticated, AI-based, layered defenses.”

_{Shiven Ramji
President, Customer Identity Cloud, OKTA}

A chart displaying percents of fraudulent registration attempts from eCommerce, Financial Services, and Media.

Fraud starts before the login box

Bad actors are abusing the monetary incentives you’re hoping will grow your customer base.

1 in 7  

account registrations are fraudulent.

Attackers target the most valuable — or the most vulnerable

A chart displaying credential stuffing and MFA bypass attempts from eCommerce, Financial Services, and Media.

Especially in retail/ecommerce, media and financial services, attackers are developing high-quality lists of valid credentials, executing larger attacks, and then selling customer data on the dark web.

Businesses with less sophisticated defenses are more likely to be targeted with more elaborate attempts at MFA bypass.

A woman verifying her account to confirm she is not a robot.

The more resilient you are, the less likely you are to be attacked

AI-powered bot detection has proven capable of filtering nearly 80% of bots targeting authentication systems — some larger organisations even saw credential stuffing attempts and bot traffic drop by 90%.

With breached password detection, some customers saw credential stuffing traffic drop by over 90%.

Learn more

.css-1u8qly9.gbi-120746710-fa3Gp8KfAHNFCHWveTUPVo:before { opacity: 1; background-image: url('/_static/web/static/687a60ceb60b938a31c9e0c73322f350/544d3/SOSI-Module9-CTASection-Background402x.jpg'); }

What’s next for modern Identity?

Explore all the pioneering products, features, and capabilities

available in Okta’s Customer and Workforce Identity Clouds.