There was a time when two-factor identification (2FA) was nice to have, but times have changed as hackers get ever more sophisticated and users need whatever edge they can get. Perhaps that’s why Okta, the cloud identity company that went public earlier this year, announced that it’s making 2FA the standard for all its customers.
They made the announcement at their annual Oktane customer conference today.
Research suggests that a large number of breaches are related to stolen or weak passwords. There is actually a black market on the so-called Dark Web where hackers can buy stolen credentials. This point is exacerbated by the fact that too many people tend to use the same password across sites, so if you get caught up in one high-profile hack — and given the sheer number of them, it’s entirely likely — chances are, that password is out there waiting to be used on your company’s network.
Okta recognizes that, so it’s implementing 2FA as a standard, presenting every user with a one-time passcode to add another layer of protection that will be harder for hackers to surface. What’s more, the company also sees the password reuse problem so it’s adding a compromised password detection tool, which can find commonly-used passwords from large, publicly-known data breaches and warn users if they are using them.
It’s certainly a big step forward, and while 2FA isn’t a panacea, Joe Diamond, who runs security for Okta says it’s still better than just a username and password because it’s adding that additional layer of protection.
The company is also announcing a new set of APIs to make it easier to build Okta identity management into apps. The APIs provide a way to extend the market for the service without explicitly signing up to use it.
In this case Okta becomes the identity layer in an app in the same way that Twilio lets you add communications capabilities or Stripe enables you to add payments. This takes the complexity of implementing identity management, something every app should have, out of the hands of a developer, who probably lacks the expertise to build in identity well.
Developers win because they greatly simplify identity management, while Okta gains a new revenue stream. Pricing is based on how many active monthly users you have.
Okta went public in April. The stock price closed at $23.51 on the first day of trading. Today, as of publication, it sits at $24.30, which is rather steady and undramatic.