Passwords, huh? The bane of everyone’s existence. Make them secure and you assign yourself to a life of trying to manage a gazillion complex and different passwords. Do the easy thing, and reuse, reuse, reuse and you run the risk that all those holiday snaps you took last year in Vegas goanna end up pwned and doing the rounds of the interwebs. What’s a modern net citizen to do?

Well, Okta would like to suggest it has an answer, and at its annual shindig in Vegas, this week, is telling everyone about it. The fact is that I’m sure that many of the attendees at Okta’s event will be particularly interested in this news since they will undoubtedly be waking up this morning wondering about those strange pictures they took with the scantily clad Vegas characters. Oh, how apropos…

Anyway, Vegas snaps aside, what Okta is announcing is a new offering that is guaranteed to appeal to the hordes of IT practitioners how no doubt grew up watching war movies and dreaming of being able to say “We’re now at DEFCON 4.” The new offering allows organizations to replace the use of passwords with stronger authentication for individuals thanks to a new set of contextual access management features. The features, available in both Okta’s new Adaptive Single Sign-On (SSO) and enhanced Adaptive Multi-Factor Authentication (MFA) products, make decisions based on signals such as device, IP and geolocation context for smarter, more identity and access management that should result in less of those aforementioned DEFCON 4 situations.

Let’s face it, passwords are a sub-optimal tool and the sooner we find better ways of authenticating user access, the better. Todd McKinnon, the CEO of Okta puts it plainly when he points out that:

The best password is no password at all. Today’s threat actors are targeting the weakest point of your company’s security – your people – and too many are successfully compromising their accounts due to poor or stolen passwords. Over the past few years, we’ve invested heavily in new security and authorization technologies that provide the right level of protection for the many apps and services an organization uses today, which can vary by company, by app, by user, and by scenario. Now we’re using those signals across a user’s login context to improve an organization’s ability to set stronger access controls and make faster, more intelligent decisions when there may be a concern – and allow companies to replace the password with stronger, simpler authentication.

To put some metrics around the issues with passwords, studies have found that 81% of hacking related-breaches are caused by stolen or compromised credentials. And all vendors in the identity management space have been investing in technologies that, at least some of the time, obviate the need for those pesky passwords. In Okta’s case, it is a convergence of device-based access control, adaptive multi factor authentication approaches, and technologies that signal potential identity issues that are delivering a more dynamic access control approach.

How it can work in practice

Okta customers can now set contextual access policies both for people in their enterprise ecosystem and in their digital products for customers. Examples of how this can work in action could include:

  • If a user attempts to authenticate from a recognized IP address, on a known device, and on the company’s corporate network, the user would be considered ‘high assurance’ – and the user would not be required to enter a password in order to log in. Instead, the user would be prompted for an alternate factor, such as Okta Verify Push
  • If the user attempts to authenticate from an unmanaged (though known) device but in a new location, the user would be considered ‘moderate assurance’ and be prompted both for a security question and a second factor, such as Okta Verify
  • If the user attempts to authenticate from an unmanaged and unknown device and from a connection with a high threat level, the user would be considered ‘low assurance’ and Okta would disallow access

So essentially organizations can go from the password being a primary authentication mechanism, to it being the exception – all powered by a dynamic assessment of actual risk. This also applies to customer authentication. Indeed the National Bank of Canada is leveraging this approach to make things easier for its customers. Says Alain Goffi, vice president, IT Infrastructures at the bank:

National Bank of Canada services millions of clients in hundreds of branches across Canada. As an organization, we have clear objectives, one of which is to simplify the customer experience. Okta’s smarter authentication and contextual capabilities enable us to give our clients a seamless, secure online experience.”

All of this is enabled by a highly dynamic and granular threat prediction and assessment toolkit that covers user activity, device context, and location – all inputs that, until recently, were outside the visibility of these authentication management systems.

MyPOV

Having a more dynamic approach towards security will do much to ease the security burden for users and, by extension, help make the organization more secure overall. It’s great to see Okta rolling this stuff out and I’m sure conference attendees will be more relaxed when snapping those dodgy pics on the streets of Vegas tonight.

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

1 Comment

Leave a Reply