Okta makes basic two-factor authentication standard across product line

The company is also announcing a new compromised password detection feature, as well as expanded application support for their Adaptive Multi-Factor Authentication solution.

Today, San Francisco-based identity provider Okta is making several related announcements at their Oktane17 customer event in Las Vegas.  They are expanding application support for their cloud-based Okta Adaptive Multi-Factor Authentication (AMFA) solution. They are also making basic two-factor authentication standard for every Okta user, and providing a new compromised password detection feature.

“Part of our mission is to bring multifactor authentication to everyone,” said Joe Diamond, Director of Product Marketing at Okta. “As part of that, you now get two-factor authentication as part of your deployment.”

Okta provides secure connections between people and applications, while giving IT teams the access they need to protect the organization’s information.

“We have a multi-tenant cloud based model, and a delivery model designed to eliminate complexity,” Diamond said. “We have over 5,000 integrations to applications, IT infrastructure and devices in the Okta Identity Cloud, and to on-prem ones as well as cloud. We also have wizards a company can leverage to build a configuration on the fly, providing a lot of flexibility to add new connections to Okta.”

Okta’s true sweet spot is the enterprise and the upper midmarket, but they are sold more broadly than that.

“Our market includes everything from the Fortune 500 to mom and pops that are security conscious, and cuts across all verticals,” Diamond said. “Our primary competition today is Microsoft Azure’s cloud-based Identity Store, as well as some traditional security players like RSA and Symantec.”

Their go-to-market is a hybrid one.

“We have a healthy balance between the direct and channel sides,” Diamond indicated. “We have lots of partners – resellers and SIs as well as technology partners, with the latter including integrations with companies like Palo Alto and F5.”

Diamond said that multi-factor authentication is less common today than you might think.

“Most companies have legacy solutions in place, and if bringing in two-factor authentication was difficult, they tended to put them in in just the mission-critical applications. They can have dozens of applications that don’t have multi-factor authentication at all. But the sensitive data is in all those applications, not just the mission-critical ones.”

Diamond also pointed out that 81 per cent of breaches come from lost or stolen devices.

“It’s the user and their credentials that are the weak link,” he said. “Realization of this is changing the whole approach in the market. It means not only having multi-factor authentication, but to also have a security strategy that includes identity.”

Accordingly, Okta Single Sign-On now includes a simple one-time passcode strong authentication for all users. This makes two-factor authentication now the standard for Okta users.

“This multi-factor authentication with a one-time password is free to all users,” Diamond said. “It comes with the service. If you want additional authentication factors, that’s getting into buying more advanced packages.”

Diamond also stressed that in addition to no additional cost, the new two-factor authentication capability won’t add new complexity.

“That’s part of the beauty of this,” he said. “A lot of the complexity in two-factor authentication historically has been the deployment model. Ours provides end-to-end usability. The portal also has a very consumer look and feel.

Okta is also introducing a new compromised password detection feature which will prevent all Okta users from using commonly used passwords, as well as passwords that were exposed as part of publicly-known data breaches.

“People aren’t that great at passwords,” Diamond said. “Their personal password is usually their corporate one. When, they create a password, we scour the web to see if it has been used in a breach.”

If employees want to be allowed to keep their passwords to a minimum by reusing common ones, the company can allow them to do.

“The company will determine if they want to enable this,” Diamond said.

New application support is also being announced for Okta AMFA, a more advanced solution that supports contextual access management and adaptive, risk-based authentication. This includes RDP, LDAP, other SSO products, ADFS, custom web apps and RADIUS, so that all applications in the Okta Integration Network are covered.

“People have overestimated the notion of the death of the password,” Diamond concluded. “It’s not going away, and it shouldn’t. The changes around it are more about adding additional signals to improve identity assurance.”