Identity access management company Okta Inc. today announced the release of passkeys that will allow customers to do away with passwords in the Okta Customer Identity Cloud as an early access feature.

The company also unveiled Okta AI, which will empower users with artificial intelligence to build identity policies and protect themselves against cyberattacks.

And it also announced that it has acquired the password management app Uno to help it more quickly launch its Okta Personal password manager. Uno launched earlier this year after raising $3 million from Andreessen Horowitz and others.

Passkeys are an alternative to passwords developed to allow a system to identify a device instead of requiring a user to recall and send a password. They allow users to associate login information with devices by using hardware keys. That means users don’t have passwords that can be easily forgotten or stolen by a third party, which could then be used to break into their accounts.

With a passkey, computers, phones or tablets can be used along with a personal identification number or biometric authentication method to unlock the device to prove that it’s in a user’s possession. This allows users to use a mobile device to log into their accounts and eliminates the need for passwords, captchas or two-factor authentication.

It also helps with reducing problems such as phishing, where an attacker attempts to trick a user in to giving up their password by having them log into a fake website by sending them a link via email or text. With a passkey, their attempted login would simply fail as their device would not work with the fake website.

According to a report from the Interisle Consulting Group, phishing attacks rose by 61% in the past year, putting them at the top of the most popular ways for attackers to get sensitive information out of networks. And new research from London-based Egress Software Technologies Ltd. has shown that tricksters have gotten more sophisticated to sneak emails past security teams’ defenses and even eagle eyed users more than half of malicious emails using obfuscation tactics at 55.2% in 2023.

“In the age of AI where we are seeing threats escalate, passwords and legacy forms of two factor authentication are as inconvenient as they are defenseless,” said Andrew Shikiar, executive director and chief marketing officer at the industry association FIDO Alliance. “By switching to phishing-resistant passkeys, organizations can protect both their customers and their bottom line.”

Support for passkeys is available now in early access and will become generally available in in the fourth quarter of 2023.

Okta announces Okta AI for identity

Okta AI, unveiled today, embeds artificial intelligence features across the company’s ecosystem of products and uses its large dataset of crowdsourced threat intelligence information and identity capabilities to power actions and provide recommendations for users.

Okta AI works around three different capabilities, or personas, for security, development and policy administration, Harish Peri, senior vice president of product marketing at Okta, told SiliconANGLE in an interview.

“Okta AI can look at the best practices of millions of other developers who work in our ecosystem and offer recommendations in how to reduce friction in the login process,” Peri said. “How can you make the login process better. Which actions or workflows should you embed into your code to make the code go faster. Essentially help developers focus on their day jobs, which is building apps, and leave identity stuff to us.”

This capability is part of the Customer Identity Cloud, which enables customers to build apps that embed the Okta identity services.

For information technology administrators, the Okta AI also lives in their dashboards as a chatbot that they can talk to for recommendations on their security and identity polices in Workforce Identity Cloud, which allows enterprise teams to manage users in their workforce.

Administrators can type in, “What kind of policy will work best for the type of company I work within?” and the AI will answer the question and provide recommendations. From there it will provide advice as well as allow admins to take action directly by clicking on the recommendations that will create policies. After they have been generated, the administrators can modify and customize them as they see fit.

“What we’re seeing at a macro level is IT departments are constantly being challenged to do more with less,” Peri said. “They’re being asked to manage more and more distributed complex workforces. If we can automate their job in a data-driven smart way, the better off they are.”

The same AI capabilities can also be used for security actions under the hood by watching out for and automating defenses. One example is “Universal Logout,” which watches over users and, if their risk profile increases – such as if they accidentally clicked on a malicious link in a Facebook post or an email – it would automatically log them out of all of their work accounts and prevent any potential data breach from happening.

“This is a really big deal because in order to make this happen, we need to listen to the risk signals from other security software like Palo Alto Networks or Zscaler and absorb them to decide in real time if the risk score has gone up and then take the action of logging the user out of everything,” said Peri. “And to take that action, we need to be integrated into everything in the ecosystem.”

Some of Okta AI’s capabilities are being built on Google LLC’s Vertex AI, a set of cloud services for building machine learning models for powerful AI, such as a new Log Investigator as part of Workforce Identity Cloud powered by an generative AI chatbot.

As a result, if a user were to trigger Universal Logout, a security professional could use Log Investigator to get a natural-language summary of the events and risk factors that caused the event. Normally doing this would require a tedious dredging through all of the logs, data and events that led up to triggering event, which would get compiled into a report. Log Investigator can be put it into a more human readable format.

Workforce Identity Cloud AI capabilities — including Log Investigator, Universal Logout, policy recommendations and more — will become available in 2024. Customer Identity Cloud AI capabilities will go into early access around the same time.

Photo: Okta