Amid an industry migration away from passwords, Okta has launched Okta Device Access, part of its suite of Workforce Identity Cloud products and an effort to offer a unified login experience across all devices under a single identity and access management platform. With the new feature, Okta aims to appeal to organizations dealing with security headaches caused by a hybrid workforce using devices outside of the security perimeter.
Designed to extend identity access management to the point of device login, the Okta Device Access service is also meant to reduce the likelihood that users, faced with the aggravation of having to wrangle repeatedly with logins for each device, will jettison security protocols.
“It’s important to note that the traditional perimeter-driven security model doesn’t fit today’s business environment,” said Arnab Bose is the Chief Product Officer for all of Okta’s Workforce Identity solutions. “Today’s workforce has become boundary-less in the sense that it no longer consists of just full-time employees, but also contractors, partners, and third-party vendors all requiring access to a range of cloud-based applications. This means that there are more devices accessing company resources from more locations than ever before. As a result, Identity has become the new security perimeter and the heart of the remote work security challenge.”
The new capabilities include desktop-based multi-factor authentication for both Mac iOS and Windows, as well as a desktop password sync for MacOS.
Authentication through FastPass, MFA, Privileged Access
The overarching Workforce Identity Cloud portfolio includes passwordless authentication and access management through Okta’s FastPass, Device Assurance, Multi-Factor Authentication, and Privileged Access products.
According to Okta:
- For organizations requiring passwords, the new system lets users log in with an Okta password.
- The new product includes automatic enrollment in the Okta Verify mobile app.
The product allows MFA for Windows and macOS, including for desktop devices, to enable zero trust in order to put a wall around locally cached data, apps and non-internet-facing services that are stored on desktops.
It also enables desktop password sync for macOS, which Okta developed with Jamf and built on top of Apple’s Platform Single Sign-On Extension. The company said the feature securely provisions local macOS user accounts with Okta credentials while enrolling users into Okta Verify and its phishing-resistant authenticator FastPass.
The company said organizations can incorporate relevant device context into their authentication flows and gain higher security assurance through its Device Assurance capabilities in Okta Verify.
The new feature includes a user interface that appears native to the device (Figure A).
The user interface of Okta UX for Okta Device Access. Image: Okta.
Verizon’s 2023 Data Breach Investigation Report found that 49% of breaches involved stolen credentials. The report also found that 74% of all breaches include the human element, with people being involved via either error, privilege misuse, use of stolen credentials or social engineering. Also, Verizon’s study noted 2,091 incidents of lost or stolen devices, with 159 of these resulting in data breaches.
“Most enterprise devices are still solely reliant on passwords, despite the device login being the first vulnerable touchpoint for cyberattacks,” said Bose. “Okta Device Access adds another layer of security by requiring additional MFA factors at the point of device login. This makes it more challenging for threat actors to gain access to the laptop and, in turn, the organization’s data.”
SEE: Verizon also noted (and presaged) the huge increase in DDoS attacks. (TechRepublic)
Last month, Google, Apple and other web services introduced passkey authentication. Identity authentication manager 1Password this month began enabling a raft of passkey capabilities that will continue to roll out next month and later this year.
The FIDO Alliance, which helped usher in the use of passkeys through the standardization of authentication cryptographic key protocols, articulates three key benefits conferred by passkeys:
- Consistency of user experience across devices, particularly when paired with biometric authentication.
- Passkeys are based on FIDO Authentication, which is proven to be resistant to the threats of phishing, credential stuffing and other remote attacks.
- Users do not need to enroll a new FIDO credential on each service or each new device (which would typically be with a password for that first sign-in).
Availability begins Q3 of 2023
The company provided more details about Okta Workforce Identity Cloud’s release.
- Desktop MFA for Windows is planned to be in early access in Q3 of 2023 and generally available in Q4 of 2023.
- Desktop Password Sync for macOS is planned to be in early access in Q3 of 2023 and generally available in Q4 of 2023.
- Desktop MFA for macOS is planned to be in early access in Q4 of 2023 and generally available in Q1 of 2024.