Frequently Ask Questions

Secret Double Octopus is the global leader in next-generation workforce authentication solutions. We help mid-market to Fortune 100 enterprises move to higher security, frictionless, and unified authentication platforms for MFA and passwordless authentication. We've been recognized as a Gartner "Cool Vendor" and named "Best-in-Class" passwordless solution by AITE Group in 2021.

We're one of the few vendors offering deep desktop integration for both Windows and Mac, with true passwordless capabilities that work across heterogeneous environments. Unlike solutions that only work in single-vendor ecosystems, we support multiple identity providers, cloud environments, and legacy systems.

We address critical business challenges including:

• Security risks from compromised passwords (61% of data breaches involve compromised credentials)
• High helpdesk costs from password resets (25-45% of helpdesk calls)
• Phishing and ransomware prevention
• Compliance requirements for MFA, especially on desktops

Yes! Passwordless is the next evolution of authentication. While traditional MFA adds a second factor to passwords, passwordless eliminates the password entirely - removing the primary target of most cyberattacks. It uses "something you have" (phone/FIDO key) and "something you are" (biometrics), making it much harder to compromise.

By removing passwords entirely, there's nothing for attackers to steal through phishing. For ransomware, we eliminate RDP brute force attacks (responsible for 47% of ransomware incidents) since there are no passwords to crack.

Absolutely! Our solution uses advanced cryptography including Shamir Secret Sharing, which splits encryption keys across multiple channels. Even if one channel is compromised, attackers can't reconstruct the key, making Man-in-the-Middle attacks virtually impossible.

Deployment is surprisingly quick! Our solution is designed for rapid implementation with minimal disruption to your existing infrastructure. Most organizations can be up and running within days, not months.

Enrollment is simple and fast! Users receive an email with:

• A download link for the Octopus app
• A QR code to scan
• They install the app, scan the code, and start using passwordless authentication immediately
• Alternatively, users can enroll with a manual code if QR scanning isn't possible

Not at all! Our solution works with your existing Active Directory, LDAP, and identity providers. We integrate seamlessly without requiring major infrastructure changes.

No, domain joining is optional and not required. Our solution works flexibly with both domain-joined and non-domain-joined machines.

We support:

• Windows 10 and many other Windows versions (including Windows 7)
• macOS 10.X and newer
• Windows Server environments via RDP
• Linux servers through LDAP and RADIUS integration

Yes! Our solution is fully compatible with FileVault encrypted Mac systems.

Absolutely! Our solution supports multiple user accounts on a single device, including domain users, administrators, and other account types.

Yes! We can deploy completely on-premises with FIDO-based authentication for air-gapped environments with no cloud component required. If phones are permitted, we also support offline authentication via Bluetooth between the mobile app and PC.

Yes! Our platform supports modern authentication protocols including OIDC, enabling seamless integration with cloud applications and identity providers.

Absolutely! We support these enterprise federation protocols, making integration with existing enterprise applications and legacy systems straightforward.

Federation provides single sign-on capabilities, centralized identity management, and simplified user experience across multiple applications. It reduces password fatigue and improves security by centralizing authentication policies.

Yes! Our solution can work with Office 365 in multiple ways - either through direct integration or by extending your existing identity provider's capabilities to provide passwordless authentication to Office 365.

Yes! We integrate with both Okta and Azure AD, as well as other major identity providers. We can extend their MFA capabilities to desktops and provide passwordless authentication across your entire environment.

Absolutely! Our solution supports SAML protocol integration and can act as a SAML Identity Provider, enabling SSO across your SAML-enabled applications.

Yes! We support RADIUS authentication, making it compatible with VPN solutions from Cisco, Checkpoint, SonicWall, Palo Alto Networks, and others.

Yes! We support both LDAP (port 389) and Secure LDAP (port 636). For passwordless authentication, we require LDAPS to ensure credentials are properly encrypted during our password management process.

It's incredibly simple! Users press Ctrl-Alt-Del, see their username with "Octopus App" in the dropdown, click the arrow, see "Check Your Phone for Authentication," approve on their phone with biometrics (FaceID/TouchID), and they're logged in!

On mobile, we provide an exceptional experience including support for iPhone's "long press" feature. Users can hold their finger on the password prompt for 2-3 seconds, get a popup asking to log in, and use FaceID for biometric authentication - no password typing required!

No problem! Administrators can issue a 12-hour FIDO key as a backup. Users can also enroll a new phone remotely using our self-service portal.

Our platform supports mobile account recovery for both iOS and Android. Users can request a new enrollment email or use our self-service portal to re-enroll their new device.

While our mobile app provides the best experience, we also support FIDO2 security keys for users who prefer not to use their phone. We offer multiple authentication options to fit different preferences.

We use state-of-the-art encryption with multiple layers:

• Standard TLS encryption for all communications
• Advanced Shamir Secret Sharing to create symmetric keys
• AES256 encryption for additional protection
• All channels are quantum-safe encrypted

No! All biometrics are stored locally on the user's device in its secure enclave. We never store biometric data centrally, making a centralized breach of biometric information impossible.

For offline scenarios, our mobile app stores encrypted passwords locally in the device's secure element. Authentication happens via Bluetooth between the phone and computer, ensuring users can log in even without internet connectivity.

Yes! Secret Double Octopus is FIPS 140-2 certified, meeting federal security requirements for cryptographic modules.

Yes! We provide MFA for privileged access to Windows servers via RDP, Linux servers through PAM modules, and can protect both shared admin accounts and local accounts with proper auditing capabilities.

Absolutely! Administrators can revoke credentials at any time for online access. The system integrates with Active Directory status changes and supports automated policies for account lifecycle management.

We support all CMMC levels (1-5) with comprehensive policies, annual risk assessments, ISO 27001 certification, and documented process optimization across the organization.

Yes! Our solution maintains comprehensive audit trails of all user and admin activities, supporting forensic investigations and compliance requirements.

Yes! Users can access our self-service portal to request new enrollments, manage their authenticators, and access SSO-enabled applications. The portal supports both end-user and administrative functions.

We provide four configurable roles: Admin, Helpdesk, Auditor, and User. Each role has different access levels that can be customized based on your organization's needs.

Our helpdesk functionality allows support staff to issue emergency tokens, provide temporary access, enroll new authenticators, and manage user accounts - all with proper authorization and time-based controls.

The default language is English, but messages on PC agents can be configured for any language based on your global requirements.

Yes! We have no known country limitations and can support organizations conducting business anywhere in the world.

Secret Double Octopus is designed as an on-premises solution. We have an optional cloud component only for push notifications, which doesn't store any personally identifiable information (PII) or sensitive data.

Yes! Upon request, our on-premises server can be deployed in private clouds including AWS, Microsoft Azure, and Google Cloud Platform.

No! Since our optional cloud component only acts as a pass-through for push notifications without storing PII or sensitive data, FedRAMP certification is not required.

If you prefer not to use push notifications, you can leverage OTP or FIDO tokens instead, eliminating the need for any cloud component entirely.

A recent Ponemon Institute study found that passwordless authentication provides average cost savings of $1.8M over two years through attack prevention, reduced helpdesk needs, fewer MFA solutions to manage, and lower employee downtime.

We use per-user-per-month subscription pricing. List pricing tops out at $6/user/month but typically costs less due to volume discounts and other available discounts.

Unlike other providers, we charge per user, not per device. A user with multiple phones, tablets, or FIDO keys still only counts as one license, providing excellent value for users with multiple devices.

Yes! We provide comprehensive REST APIs that allow complete system control, including scripting, bulk updates, and integration with identity management solutions like SailPoint.

While Windows Hello for Business works well in Microsoft environments, our platform provides a unified solution for heterogeneous environments including Mac endpoints and multiple identity providers that Windows Hello cannot address.

It can! Our solution can extend existing MFA solutions like Okta and ForgeRock to desktops with Octopus Lite, run in hybrid mode alongside existing solutions, or completely replace traditional MFA solutions when moving to passwordless.

We support any FIDO2-certified authenticator including Yubico YubiKeys, Feitian keys, and other certified hardware tokens. Our platform is FIDO2 certified, ensuring broad compatibility.

The system fully integrates with Active Directory and supports automated enrollment groups. We provide REST APIs for integration with IDM solutions and support configurable policies for account lifecycle management including automatic blocking after inactivity periods.

We're one of the few vendors providing true desktop passwordless authentication through deep Windows and Mac integration, while supporting heterogeneous environments that include multiple cloud providers and identity systems.

While Microsoft provides good passwordless capabilities for Microsoft environments, we provide comprehensive solutions for mixed environments including Mac endpoints, multiple identity providers (Okta, Google, etc.), and legacy systems that Microsoft cannot address.

We offer multiple options! Besides our mobile app, we support FIDO2 security keys (including ones with built-in fingerprint readers), soft OTP tokens, integrated biometric sensors, and even phone call services for landlines to accommodate any user preference or policy requirement.