Secret Double Octopus Enables Phishing-Resistant Passwordless MFA for Password-Centric Environments

Platform meets federal mandates and stringent cyber insurance criteria for all workforce applications

MENLO PARK, Calif.--()--Secret Double Octopus (SDO) today announced the release of new phishing-resistant passwordless MFA capabilities for customers with password-centric directory infrastructure. Organizations using SDO’s Octopus Platform can achieve Presidential Executive Order M-22-09’s phishing-resistant MFA mandates and meet stringent cyber insurance criteria with new capabilities available to adopters of the company’s Octopus Authentication Platform.

The release comes as attackers have expanded phishing attacks against enterprises, leveraging man-in-the-middle (MiTM) tooling and push fatigue strategies to bypass traditional MFA. Despite this, enterprises have been slow to respond to this growing threat given the view that phishing resistance requires PKI-enabled authentication, such as through X.509 certificates or FIDO tokens, and requisite PKI infrastructure dedicated to endpoint clients. This time-consuming and expensive view was partially suggested by the Presidential Executive Order M-22-09, and later amplified by CISA and other organizations.

How it Works

SDO’s Octopus Authenticator offers phishing-resistant capabilities that enterprises can leverage immediately, without the need to re-architect applications or identity directory infrastructure. The release enables elimination of end user use of passwords with biometric mobile push, FIDO2, and legacy smart card certificates while working with password directories. As a result, enterprise applications and services work as they did, but meeting passwordless and phishing-resistance requirements.

“We are excited to be unveiling these critical capabilities for our customers to fight back the phishing menace,” said Shimrit Tzur-David, Co-founder and CSO of Secret Double Octopus. “Directory infrastructure changes can be disruptive. At SDO, we recognize these challenges. Our 1st step is to decouple the user from passwords, so IT can increase agility and control on the path to modernizing the identity infrastructure.”

For More Information

SDO’s phishing-resistance features are available immediately. Register for our webinar 5 Ways Passwordless MFA Stops Modern Phishing and MFA Attacks on December 13 and read the blog on How You Become Phishing-resistant Matters to learn more.

About Secret Double Octopus

Secret Double Octopus is the global leader in next-generation workforce authentication solutions. Its industry-leading Octopus platform offers mid-market to Fortune 100 enterprises the ability to move to a higher security, frictionless and unified authentication platform for MFA and passwordless authentication. From leveraging existing MFA authenticators to supporting legacy on premise applications, no other desktop MFA and enterprise passwordless platform offers as much robustness and flexibility as the Octopus solution. The company has been designated a Gartner "Cool Vendor" and more recently named “Best-in-Class" passwordless solution by AITE Group in 2021. Learn more at


Melissa Howell, 214-536-3835


Melissa Howell, 214-536-3835