Counter question, how has Okta proven that they have integrity and are competent and can be trusted to run critical IT?
What quantitive evidence have they ever demonstrated that shows they can stop the attackers who would like access to the billions of dollars of assets whose access they authenticate? A criminal enterprise can literally hire tens to hundreds of skilled hackers full time for years to target these systems and still turn a profit.
The default assumption is that systems are easily hacked. Claiming protection against even small teams of moderately skilled attackers, let alone organized crime, is a extraordinary claim. Where is their extraordinary evidence?
It’s actually comical that Cloudflare is trying to blame Okta for this. A Cloudflare employee uploaded secrets to Okta’s support tool. That is what caused the breach.
Purely anecdotal but their systems are designed very poorly, they outsource their support to some really low quality vendor (read: you get 0 support). This is not a company I would trust if I had the choice.
I was at an org who started using Okta a few years ago (left a few months later, unrelated). Among the issues, it wasn't confidence inspiring that the policies that org set (like requiring the Okta app for 2FA rather than TOTP, or enforcing certain properties about the passwords you're allowed to use) were only enforced in the browser and could easily be circumvented by just sending an appropriate request. Maybe they're fine otherwise, but my rule of thumb is that every security-critical single-point-of-failure like Okta will have major problems, and they certainly haven't presented enough evidence to sway that opinion.
Veserv|2 years ago
What quantitive evidence have they ever demonstrated that shows they can stop the attackers who would like access to the billions of dollars of assets whose access they authenticate? A criminal enterprise can literally hire tens to hundreds of skilled hackers full time for years to target these systems and still turn a profit.
The default assumption is that systems are easily hacked. Claiming protection against even small teams of moderately skilled attackers, let alone organized crime, is a extraordinary claim. Where is their extraordinary evidence?
xyproto|2 years ago
One can prove that a vault has been secure for the N last years, but not that it will be secure for eternity.
darkerside|2 years ago
c420|2 years ago
https://blog.cloudflare.com/how-cloudflare-mitigated-yet-ano...
4death4|2 years ago
pm90|2 years ago
hansvm|2 years ago
unknown|2 years ago
[deleted]
madeofpalk|2 years ago
jbverschoor|2 years ago