Amanda Khoury

Amanda Khoury

Yubico and Okta

Secure authentication made simple

19th december 2018

Keeping our information safe is something we all strive to do personally and professionally, however are we really doing ALL that we can to secure our information on all platforms?

But do we really want to have to put in different passwords, new user names and answer questions we made up years ago to make sure we’re not vulnerable to cyber-attacks?

The average person has 150 online accounts and remembering ALL those passwords would be impossible, which is why we reuse the same password or very similar passwords. However, doing this opens us up to hackers that use techniques like Credential stuffing, password spraying attacks and phishing emails. Once a hacker has this information, they potentially have access to multiple accounts that had the same password.

Using Okta and Yubico together gives you the ability to secure and simplify your login in experience but also giving you the highest level of protection using three simple things.

What you know, what you have and what you are!

  • What you know is simple – keep your user name and password
  • What you have this could be SMS or email and physical token
  • Lastly what you are which is Biometric based solutions.

Ensuring strong authentication using both Okta and Yubico gives you layered protection by using Okta‘s authentication and Yubico gives you a hardware- backed FIDO U2F to close any gaps. Assuring you that you have the best defence against man-in-the-middle attacks and phishing all while keeping the experience simple.

Utilising Okta’s adaptive policy engine, various contextual options can be layered to allow/deny access or prompt for additional sequential factors.

Okta currently supports the following contextual options:

  • Who the user is? – Specially by the user or groups they belong to (which can be automated via rules).
  • What device are they connecting on?  – Is it a trusted company issued device or not.
  • What type of device are they connecting from? – User Agent Context.
  • Where are they connecting from? – IP and/or Geo-Location Based
  • Is this usual behaviour for this user? – Compare request against past known behaviour for the user.
  • What are they trying to access?  – What application/system are they trying to reach?

By providing this capability, Okta can provide an always-on, zero-trust defined security model to always ensure only the right people have access to the right resources under the right conditions. With traditional IT fading to the background and SaaS ever growing, being able to control access empowers organisations.

When combining Okta’s adaptive multi-factor authentication engine with Yubico’s FIDO U2F key, the user journey can be further enriched by providing a seamless secondary factor that be used within the sequential flow or even becoming exclusive primary authentication.

With no downtime you can rest assured having both in place you are now really doing all you can to secure yourself, your data and give yourself the ability to sign into your apps with just a touch of a key!