Connect with us

Hi, what are you looking for?


Cybersecurity Funding

Passwordless Authentication Provider ‘Secret Double Octopus’ Raises $15 Million

Tel Aviv, Israel-based Secret Double Octopus has raised $15 million in a Series B funding round from Sony Financial Ventures, KDDI, and Global Brain as well as prior investors. The firm provides passwordless authentication for enterprises, and is eyeing the growing WFH market.

Tel Aviv, Israel-based Secret Double Octopus has raised $15 million in a Series B funding round from Sony Financial Ventures, KDDI, and Global Brain as well as prior investors. The firm provides passwordless authentication for enterprises, and is eyeing the growing WFH market.

“As many workers use unsecured Wi-Fi networks and personal devices to connect to their corporate networks and assets, organizations must quickly maneuver to enable access to corporate applications and workstations in a highly secure method,” says the company announcement. “Removing passwords prevents credentials theft, Man-in-the-middle attacks, identity theft, phishing and other forms of popular attack vectors. Furthermore, moving to Passwordless Authentication reduces Helpdesk and password management costs and minimizes IT operations.”

Secret Double Octopus was founded in 2015 by Chen Tetelman (VP, R&D), Raz Rafaeli (CEO), Shimrit Tzur-David (CTO), and Shlomi Dolev (CSO). It uses a biometrically protected mobile phone to eliminate the need for passwords. When users seek to logon to their workstation or VPN service, a mobile phone authenticator app receives a pushed authentication request notice via the Octopus Cloud Service. These notices are delivered using what the firm describes as its “unique secret sharing technology”, described elsewhere as being “originally developed to protect nuclear launch codes.”

The user then provides the app with biometric proof of identity — usually a fingerprint via the phone’s fingerprint sensor — and taps an ‘approve’ button on the app. The authentication attestation is then relayed from the app through the cloud service to the Octopus Authentication Server and on to the relying system — which grants access on receipt of proof of identity.

Octopus also supports FIDO2-compliant authenticators where the user has no phone or is reluctant to install company apps on a personal device. Here the FIDO device is plugged into one of the workstation’s USB ports. A challenge generated by the FIDO server is relayed via the Octopus Credential Provider on the workstation. The user’s response — typically by tapping the authenticator or providing a fingerprint — is relayed back to the FIDO server which sends an authentication approve or reject notice to the relying system.

Finding an alternative to the use of passwords for user authentication is considered a priority. Passwords are too easily stolen or forgotten — and the sheer number of different passwords users now need to manage is a problem. For the user, managing multiple strong passwords is now a high friction issue, while for the business the malicious use of stolen credentials is a primary cause of network breaches.

Secret Double Octopus believes it has found a solution primarily through the use of mobile phones. User passwords are eliminated while security is increased by the built-in multi-factor nature of the solution.

Advertisement. Scroll to continue reading.

Total funding for the firm has now reached $22.5 million, following a Series A round of $6 million in January 2017, and initial seed funding of $1.5 million in January 2016.

Related: Silicon Valley Legends Launch Beyond Identity in Quest to Eliminate Passwords 

Related: ZenKey: How Major Mobile Carriers Are Teaming Up to Eliminate Passwords 

Related: The Human Element and Beyond: Why Static Passwords Aren’t Enough 

Related: From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.