Connect with us

Hi, what are you looking for?


Passwordless Authentication Provider ‘Secret Double Octopus’ Upgrades $15 Million

Tel Aviv, Israel-based Secret Double Octopus has raised $15 million in a Series B funding round from Sony Financial Ventures, KDDI, and Global Brain as well as prior investors. The firm provides passwordless authentication for enterprises, and is eyeing the growing WFH market.

“As many workers use unsecured Wi-Fi networks and personal devices to connect to their corporate networks and assets, organizations must quickly maneuver to enable access to corporate applications and workstations in a highly secure method,” says the company announcement. “Removing passwords prevents credentials theft, Man-in-the-middle attacks, identity theft, phishing and other forms of popular attack vectors. Furthermore, moving to Passwordless Authentication reduces Helpdesk and password management costs and minimizes IT operations.”

Secret Double Octopus was founded in 2015 by Chen Tetelman (VP, R&D), Raz Rafaeli (CEO), Shimrit Tzur-David (CTO), and Shlomi Dolev (CSO). It uses a biometrically protected mobile phone to eliminate the need for passwords. When users seek to logon to their workstation or VPN service, a mobile phone authenticator app receives a pushed authentication request notice via the Octopus Cloud Service. These notices are delivered using what the firm describes as its “unique secret sharing technology”, described elsewhere as being “originally developed to protect nuclear launch codes.”

The user then provides the app with biometric proof of identity — usually a fingerprint via the phone’s fingerprint sensor — and taps an ‘approve’ button on the app. The authentication attestation is then relayed from the app through the cloud service to the Octopus Authentication Server and on to the relying system — which grants access on receipt of proof of identity.

Octopus also supports FIDO2-compliant authenticators where the user has no phone or is reluctant to install company apps on a personal device. Here the FIDO device is plugged into one of the workstation’s USB ports. A challenge generated by the FIDO server is relayed via the Octopus Credential Provider on the workstation. The user’s response — typically by tapping the authenticator or providing a fingerprint — is relayed back to the FIDO server which sends an authentication approve or reject notice to the relying system.

Finding an alternative to the use of passwords for user authentication is considered a priority. Passwords are too easily stolen or forgotten — and the sheer number of different passwords users now need to manage is a problem. For the user, managing multiple strong passwords is now a high friction issue, while for the business the malicious use of stolen credentials is a primary cause of network breaches.

Secret Double Octopus believes it has found a solution primarily through the use of mobile phones. User passwords are eliminated while security is increased by the built-in multi-factor nature of the solution.

Total funding for the firm has now reached $22.5 million, following a Series A round of $6 million in January 2017, and initial seed funding of $1.5 million in January 2016.

Related: Silicon Valley Legends Launch Beyond Identity in Quest to Eliminate Passwords

Related: ZenKey: How Major Mobile Carriers Are Teaming Up to Eliminate Passwords

Related: The Human Element and Beyond: Why Static Passwords Aren’t Enough

Related: From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt

Passwordless Authentication Provider ‘Secret Double Octopus’ Upgrades $15 Million

Passwordless Authentication Provider ‘Secret Double Octopus’ Upgrades $15 Million

Passwordless Authentication Provider ‘Secret Double Octopus’ Upgrades $15 Million

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Previous Columns by Kevin Townsend:

Passwordless Authentication Provider ‘Secret Double Octopus’ Upgrades $15 MillionTags:

You May Also Like


Introduction In previous articles we have talked about images of dockers, the origin and functioning of dockers and the dockers’ hub. In this document...


Linux desktops are good in many ways, but like Windows they are not known as the most efficient battery. This does not mean that...


The United States Supreme Court has indicated that it will finally solve a problem that has been causing legal problems for almost two decades:...


Website hosting is similar to renting a virtual property, but the information about each website is also stored in a physical location (data center)....