Phishing 101
Explore our extensive collection of phishing knowledge.
Phishing Exploits
Explore our collection of phishing exploits on legacy MFA. We regularly check these exploits to ensure they are up to date.
Okta SSO + SMS
Explore a session hijack scenario where Okta SSO with Okta Verify SMS as a second factor is exploited.
Okta SSO + TOTP
Explore a session hijack scenario where Okta SSO with Okta Verify TOTP as a second factor is exploited.
Okta SSO + Push
Explore a session hijack scenario where Okta SSO with Okta Verify Push as a second factor is exploited.
Okta SSO + Duo + Yubikey
Explore a session hijack scenario where Okta SSO with Duo + Yubikey as a second factor is exploited.
Okta SSO + Duo Biometrics
Explore a session hijack scenario where Okta SSO with Duo Biometrics as a second factor is exploited.
Okta Fastpass Insecure Launch
Explore a session hijack where Okta Fastpass is launched with an insecure launch mechanism.
Office 365 + Number Matching
Explore a session hijack where Office 365 SSO with number matching as a second factor is exploited.
Ping One + PingFed Push
Explore a session hijack where Ping One SSO with PingFed 2FA push as a second factor is exploited.
Failed Phishing attempt against Beyond Identity
Explore a thwarted session hijack when attempting to exploit Beyond Identity MFA.
Phishable Factors
Are you using any of these factors during login? Learn why these factors are phishable and common attacks on them.
Phish-resistant Factors
The factors below are considered phish-resistant. Learn more about how they secure your authentication.
What is "phish-resistant"?
Explore what the definition of "phish-resistant" is.
Biometrics
Explore why biometrics are phish-resistant.
Hardware Security Key
Explore why Hardware Security Keys are phish-resistant.
FIDO Passkey
Explore why FIDO Passkeys are phish-resistant.
Beyond Identity MFA
Explore how Beyond Identity MFA is phish-resistant.
Advanced Topics
Advanced topics relevant to phishing, identity, and authentication.
Device Trust
A security concept that assesses the integrity and security posture of a device, used to determine access.
Continuous Authentication
Explore why it's necessary to monitor and verify users and devices beyond the initial login.
Zero Trust
A framework centered around direct protection of resources through continuous analysis of users and devices.
Authenticator Assurance Levels
NIST standards on assessing the degree of confidence and trust in an authentication.
Agent on the Endpoint
Explore why an agent on the endpoint is necessary for true phish-resistance.
Verifier Impersonation Resistance
Explore traits that prevent adversaries from impersonating as an authentication verifier.
Secure Launch Mechanisms
Explore why the start of an authentication must be just as secure as the rest of the auth.
Don't see a topic or want to recommend one? Contact us.