How Okta RUINED My Life For 2 Years...
Вставка
- Опубліковано 25 чер 2024
- Don't use Okta. Wait, you want to know more? How about the utter mishandling of user information and complete disregard for transparency?
Even funnier, it was revealed that the September/October breach was actually much more serious than was originally believed and leaked everyone's information. All while I was editing this video.
Website: trafotin.com
Donate:
✨ Patreon: / trafotin
▶️ UA-cam Membership: / @trafotin
Links:
📒 Odysee: odysee.com/@Trafotin:4?r=H3rc...
🐘 Mastodon: vt.social/@trafotin
𝕏 Twitter: / trafotin
📁 Gitlab: gitlab.com/trafotin
🪙 Crypto:
XMR: 84ZpcYxjfkT7uFGXgmi2jH2wyhUBMx8hGBJ3sAp478rKSShMAJHR3DhVVPSwCAskReRBPifzpA5Vu7HPpzAxHUux3SFS4bh
🎵BGM: [フリーBGM DOVA-SYNDROME / FREE BGM DOVA-SYNDROME]
dova-s.jp/
👋 Outro: Khaim - Neon Lamp
khaimmusic.com
🛡️ Learn more about protecting yourself from Okta:
trafotin.com/v/okta
Chapters:
0:00 Hey, how's your work life?
2:11 Story Time
5:34 Phone (Number) Requirement
7:54 Okta & the Lapsus$ Hackers
9:04 Pulling the Plug & Pricing
11:20 Don't wait for the next Okta failure.
14:35 Outro - Наука та технологія
Honestly, it sounds a lot like your IT team just royally messed up the implementation. I’ve used Okta before and it was fine, just like any other SSO. Obviously the hack is a problem and worth keeping in mind when making a choice, but the bulk of the other issues sound like it’s your IT teams fault
This was my first thought as well. We implemented it last year and while it was chaos at first, now people barely notice its there. For a user its little more than a redirect page that automatically logs you in. I'm not sure why that would be safer but I'll take it.
No amount of money/services would help those people that are tech illiterate. I am a bit annoyed that because 1 person does not know how to use the web, 99 people must change their way of work.
imagine paying $6k for something that could've been free *and better*
I mean, who would pay those prices if not people who don't know what they're doing? 😅
If software costs that much, all scam alarms should normally go off. Not even well known and proven professional software costs that much. (not even autodesk stuff costs that much)
Its $5 per user per month, so it's $5 x 100 users x 12 months. So it's $6000 BEFORE they start adding on any extra services they need, meaning that's probably a low estimate.
We're using Okta products all over the place, not gonna say where. I have to login in 3 TIMES, my laptop login, immediately to okta login in macos, then login to okta AGAIN, IN THE BROWSER for VPN access, cuz everything is tied to okta ...
Logging into my work machine is so slow 🐌
As I said in the video, this is a misconfiguration from your admin. There is apparently some switch in Okta to waive the passwords or authentication for certain devices. The primary reason I made this video is Okta is not forthright about the security of the customers and the ridiculous price to small/medium-sized businesses is a waste of money when Microsoft and Google are sufficient for those usecases and now introduce passkeys.
Log into my Microsoft account? Don't have that, so will have to log into my Linux account. Except - you don't need an account with Linux - you just use it (and own your computer rather than renting it).
7:50 okay that one made me laugh 😂 but it's actual good advice for once
Microsoft Auth with extensive authentication policies costs money too but it's included in the better license packages.
It does offer a ton of controls, I am very with it as a sysadmin.
What? I will always be your friend. I am your friend till the end.
Yours
Chucky
As someone who's working in this field, man, your IT department was very incompetent 😅 everything was configured in a way that made the IT team's life easier but the end users' very hard. Okta can be configured so seamlessly than users don't even think too much about what programs they're using. Okta is ranked #2 in IAM, this is not an unknown company. The issue is that it's pretty complex and the IT team needs to actually put some effort in learning the system and it looks like they're very lazy in your company 😅
OK why don't you hope that simple logins implement their own sso
auth0 FTW
I have to install its stupid SSO app because of my company. I lol'd when I joined this company
SSO is a single point of failure
No, it's just a different method than passwords. Passwords are just outdated and weaker than more other forms of SSO.
I know a lot of Companies still waiting for a Microsoft Statement for the Keys that have been hacked and stolen and you are recommending them? I really doubt your intention and professionalism .
I really doubt your comment when you don't know the difference between Azure keys and Microsoft Authenticator. These aren't even remotely the same products. Maybe you should come back with better intentions rather than bad mouthing me without basic research.
If you joined DistroHacking more often we could be friends.