惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recorded Future
Recorded Future
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
WordPress大学
WordPress大学
博客园 - 聂微东
L
LINUX DO - 最新话题
月光博客
月光博客
小众软件
小众软件
T
Troy Hunt's Blog
A
Arctic Wolf
量子位
I
Intezer
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
有赞技术团队
有赞技术团队
N
News and Events Feed by Topic
美团技术团队
The Cloudflare Blog
P
Privacy International News Feed
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
N
News | PayPal Newsroom
Apple Machine Learning Research
Apple Machine Learning Research
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
雷峰网
雷峰网

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
How Okta Embraces Identity Verification Using Persona
Liam Dermody · 2025-02-05 · via Okta Security RSS Feed

With remote work becoming the norm, today’s organizations face a critical challenge: ensuring that users accessing their systems and data are in fact who they claim to be. Given our highly distributed workforce here at Okta, we leverage Persona for Identity verification.

The threat landscape

Given the current geopolitical environment, it is concerningly common for individuals to use fraudulent, or stolen Identities to apply for employment with highly targeted companies, especially in the cybersecurity industry.  At best, these individuals do not have the purported skills and capabilities required for the role and can drain company resources. In the most extreme cases, the individuals may be from sanctioned countries and operate for malicious threat actors with the aim of generating income via ransomware attacks or acquiring sensitive, proprietary information with ill-natured intent.

As part of the Okta Secure Identity Commitment (OSIC), our long-term initiative to lead the industry in the fight against Identity attacks, we’re tackling this issue head-on with the introduction of Identity verification using Persona’s trusted technology. Internally, ID verification has been introduced as a compulsory component of our evolving onboarding process and secure account recovery activities.

What is Persona? 

Persona’s technology offers a unified Identity platform that provides businesses the building blocks they need to securely collect, verify, manage, and make informed decisions about individuals' and businesses' Identities. Okta leverages Persona’s industry-leading technology to securely protect access to online accounts by verifying government-issued identification and comparing it to live, attention-aware photographs to provide greater assurance that the person behind the access attempt is in fact who they're claiming to be.

In practice, Identity verification inquiries with Persona involve up-to-date, live photography capturing varying angles in addition to government-issued photo identification, where a series of validation activities are then performed to assess the veracity of the access attempt. Only once both the photographs and identification have passed a series of secure checks, will the individual have been deemed to “pass” the verification process and subsequently gain access to the controlled environment. 

Positioned highest for Ability to Execute in the 2024 Gartner Magic Quadrant for Identity Verification, Persona offers the following capabilities:

  • Collection, verification, enrichment and analysis of user information;

  • Enablement of decision-making based on user information analysis; 

  • Integration of third-party data for additional insights; and 

  • Evaluation of behavioral risk signals and automation of decisions using customizable workflows.

Okta’s Use Case

Persona’s technology offers use case customization, allowing configuration for required or non-required validation. In Okta’s case, we’ve customized our Identity verification process to include country verification to ensure legal alignment to relevant restrictions, limiting the access of Okta’s products in jurisdictions where US import controls or economic sanctions laws are in effect.

Persona’s customizable options include enabling indicators of particular interest during an Identity challenge. This is a key capability for insider threat security teams who can for example, flag the face likeness of known malicious threat actors which can provide increased assurance to prevent repeated attempts to gain unauthorized access to critical company resources. 

During initial testing of Persona’s capabilities, we found it to be both very effective at flagging a variety of identity-based attacks, while being nuanced enough to allow for benign inconsistencies which often occur with identifications and selfies, such as variation in the name order e.g. given names and surnames may be interchangeable. This means teams responsible spend less time working through false positives. Our ID proofing implementation journey has been one of ease, with Persona seamlessly integrating with our existing infrastructure and technology stack.  Okta has fully-embedded the Persona widget into our workflows, enabling users to verify their identity without ending their Okta session. 

At 2024’s annual Oktane conference, we announced a new ID proofing feature that allows customers to create Identity verification challenges during a workflow, as governed by their Okta Account Management Policy (OAMP). Through the introduction of this new feature, Okta is leveraging Persona’s technology to address two high-risk  use cases where Identity verification is essential: employee onboarding and self-service account recovery.

In line with our efforts to free everyone to safely use any technology, the introduction of mandatory ID proofing during onboarding increases the integrity, robustness and security of Okta’s new hire process. ID proofing aims to ensure the new hire is who they say they are, and that they are the same individual who has participated throughout the recruiting process.

Post-onboarding, using ID proofing for self-service account recovery offers higher assurance that a legitimate, authorized user is the one unlocking the user account in question. This in turn mitigates and reduces the risk of an impersonation attack. It also allows Okta’s technical support teams to spend less time manually performing account unlock activities for employees who find themselves locked out of their accounts.

What’s next? 

Persona is the first ID proofing vendor we’ve integrated with, here at Okta. We continue to prioritize Identity verification and validation for our workforce in addition to prioritized phishing-resistant authentication.

We’re looking forward to exploring additional ID proofing integrations to tackle evolving Identity theft trends in our continued fight against Identity threats. Stay tuned as we continue to evolve our Identity verification capabilities, partnering with industry leaders to prioritize securing your systems and data.

Liam is the Director of Insider Threat at Okta, where he works across the company to reduce insider-related risk. A security specialist with over 15 years of diverse experience spanning analytical, technical, and leadership roles, Liam is dedicated to safeguarding critical assets. Working in both public and private sectors, he has successfully defended Government and industry against a broad range of national security threats, including malicious cyber actors, foreign interference, espionage, and politically-motivated violence.