Secret Double Octopus (SDO) has unveiled the new phishing-resistant passwordless MFA capabilities for customers with password-centric directory infrastructure. Organizations using SDO’s Octopus Platform can achieve Presidential Executive Order M-22-09’s phishing-resistant MFA mandates and meet stringent cyber insurance criteria with new capabilities available to adopters of the company’s Octopus Authentication Platform.
The release comes as attackers have expanded phishing attacks against enterprises, leveraging man-in-the-middle (MiTM) tooling and push fatigue strategies to bypass traditional MFA. Despite this, enterprises have been slow to respond to this growing threat given the view that phishing resistance requires PKI-enabled authentication, such as through X.509 certificates or FIDO tokens, and requisite PKI infrastructure dedicated to endpoint clients.
This time-consuming and expensive view was partially suggested by the Presidential Executive Order M-22-09, and later amplified by CISA and other organizations.
SDO’s Octopus Authenticator offers phishing-resistant capabilities that enterprises can leverage immediately, without the need to re-architect applications or identity directory infrastructure. The release enables elimination of end user use of passwords with biometric mobile push, FIDO2, and legacy smart card certificates while working with password directories.
As a result, enterprise applications and services work as they did, but meeting passwordless and phishing-resistance requirements.
“We are excited to be unveiling these critical capabilities for our customers to fight back the phishing menace,” said Shimrit Tzur-David, Co-founder and CSO of Secret Double Octopus.
“Directory infrastructure changes can be disruptive. At SDO, we recognize these challenges. Our 1st step is to decouple the user from passwords, so IT can increase agility and control on the path to modernizing the identity infrastructure.”, Tzur-David added.