Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

> I really don’t understand why a big company would continue to trust Okta with the most critical parts of their security infrastructure (identity) after multiple huge security breaches

Who will they replace Okta with? Everyone in security space worth mentioning has been breached - including nation-state agencies.

> Why not just use Microsoft or Google for this...

Didn't Microsoft recently have an egregious security lapse on Azure?



Okta gets breached because they forget to harden chrome at all so somebody logs on with their personal account and then the password gets exfiltrated and their employees personal computer gets hacked so Okta gets hacked.

When I read through the details of Microsoft's hacks, it will be talking about some obscure exploit against the security professional that had a background check done of them who uses hardened locked down secure access workstation to do their tasks

https://arstechnica.com/security/2023/09/hack-of-a-microsoft...

There is a difference in the degree of egregiousness. I doubt the average business has better security practices than Microsoft, whereas I'd be pretty confident saying many businesses have better security practices than Okta. What shocks me about Okta's breaches is how easy they would be to prevent from happening if Okta cared just a little.


Wait what? Literally in the article it says a Microsoft engineer was hacked lol. Literally same thing that happened with okta


Not just one...

And Google is trying to push their identity products, but they are very far from being mature enough for enterprise needs.

I generally suspect folks making comments like this are really not familiar with the products and their uses.


Can you elaborate further on what some of the shortcomings of Google Identity Platform are? Cognito is abandonware, Auth0 and Okta are too expensive, and keycloak requires self-hosting. Google Identity Platform seemed like a decent option.


Disclosure: I work at FusionAuth, an auth provider.

Most of the folks we see are moving from Firebase rather than Google Identity Platform. Wait, I'm confused. Are they the same thing? https://cloud.google.com/identity-platform/docs/sign-in-user... uses them interchangeably.

Ah, another search turns up https://cloud.google.com/identity-platform/docs/product-comp...

So Firebase auth is built on Google Identity Platform.


I was referring from a technical perspective. I agree they have a branding/marketing issue.

I did consult other groups using Google Identity Platform at our company and some things came up:

    * SMS / email templates not customizable
    * Undocumented user auth rate limiting with hacky workarounds
Otherwise our devs have been quite happy with it. I've primarily settled on it because it already has approval at our org, it's simple, and fairly well documented - especially compared to something like Cognito.


Awesome, thanks for sharing that. Love real world feedback.

> I've primarily settled on it because it already has approval at our org, it's simple, and fairly well documented

Those are great reasons to select a product. If it works for you, it works for you!

> especially compared to something like Cognito.

I was half expecting a new CIAM solution from AWS at Re:Invent. I don't understand why they don't invest more in Cognito. Such an own-goal.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: