Okta rolls out new tools aimed at eliminating passwords

With new contextual access management capabilities, as well as a browser plugin to identify compromised passwords, Okta is trying to reduce the security risk that comes with passwords.
Written by Stephanie Condon, Senior Writer

Video: Open source: Companies skipping security update face big risk

It's easy for individuals to get lazy about cybersecurity -- just ask Donald Trump. That's why the identity and device management company Okta is rolling out a set of new security features that put less responsibility for authentication on the end user.

The new tools include a contextual access management feature -- available for organizations using either single sign-on authentication or multi-factor authentication from Okta.

Read also: What is malware? Everything you need to know about viruses, trojans and malicious software | VPN services 2018: The ultimate guide to protecting your data on the internet | Security 101: Here's how to keep your data private, step by step | Google Chrome: Beware these malicious extensions that record everything you do

Using contextual access management effectively lets organizations do away with passwords. Instead of using a password to log in, the end user would simply go to the webpage or application where they want to log in and type in their email address. With contextual access management, Okta's tools check multiple signals to evaluate whether the request for access is legitimate. For instance, is the user logging in from a recognized device? Are they at a familiar location?

Once Okta determines the end user is making a legitimate login request, that user will see a prompt they can click to gain access -- no password needed. If Okta determines the login request looks risky, the user could then be required to go through different verification steps, such as answering a security question or using Okta Verify.

Authentication tools, according to Okta's Joe Diamond, are "moving way from active factors in which the customer has to physically do things in order to trigger security events."

There's plenty of reason to stop relying on end users for security. According to Verizon's 2017 data breach investigations report, 81 percent of hacking related-breaches are caused by stolen or compromised credentials. The preferable option is using passive factors -- checks happening in the background, said Diamond, Okta's director of security product marketing management. The vision, he told ZDNet, is "introducing as little friction as possible for the end user."

Okta's not the only company moving in this direction. For instance, Google's custom-built security system BeyondCorp also uses contextual access management.

As part of its efforts to encourage contextual access, Okta is also introducing a new tool called ThreatInsight.

This product uses all of the authentication events that Okta sees -- across its ecosystem of more than 4,250 customers and 5,000 partners -- to tell an organization whether an incoming request looks like a potential threat. For instance, if an organization gets a request for access from an IP address that Okta has identified as potentially malicious, ThreatInsight would offer a warning.

Using toggles in the administrative console, an organization can enable a simple call state to determine what should actually happen when that request goes through. For instance, they may want to deny access to potentially malicious IP addresses, or they may want to force another verification layer.

While ThreatInsight and contextual access management can help organizations move away from using passwords, that isn't always entirely possible. Individuals, for example, are probably going to be using passwords to log into consumer applications like social media for a long time.

To address that reality, Okta is introducing PassProtect, a browser plugin that gives a user visibility into when they're using a password that has been previously exposed or compromised in a breach.

13 technologies that are safer than passwords

Editorial standards