/
What is Identity Management and why the Okta Hack Matters

What is Identity Management and why the Okta Hack Matters

Even if you aren't familiar with Okta, you've probably used it. The digital login system is used by thousands of companies across the world to manage employee and customer logins to various services. Which makes it a real problem when that system, and all that login info, gets hacked. Okta is the most popular identity management system in the world. 

While Bethel doesn’t use Okta, we do have an identity management system and a single-sign on solution, similar to what Okta provides. Identity management is what gives a person a Bethel email account, access to log-on to computers around campus and manages access to our file storage (NAS). Single-sign on is what allows you to log into my.Bethel and your email and Banner and Moodle…well you get the point. You use your Bethel Community Account (BCA) credentials to log into it all. It’s convenient for you, cause its just one set of credentials (user name and password) to remember, but it’s also an area we pay a lot of attention to from a security perspective. If your BCA is compromised, then a lot of things can be accessed. 

Recently the Lapsus$ digital extortion gang published a series of increasingly shocking posts in its Telegram channel. First, the group dumped what it claims is extensive source code from Microsoft's Bing search engine, Bing Maps, and Cortana virtual assistant software. A potential breach of an organization as big and security-conscious as Microsoft would be significant in itself, but the group followed the post with something even more alarming: screenshots apparently taken on January 21 that seem to show Lapsus$ in control of an Okta administrative or “super user” account. 

At Bethel, we keep our “super user” accounts behind multi-factor authentication. We also make sure that people have what’s referred to as “least privileged access” - in other words you only get the bare minimum access for your needs. This helps ensure that if an account is hacked, its less likely to give access to administrative things and its also hard to do what’s called “elevating privileges” - meaning a hacker compromises an account and then seeks to get more access on that account once they are in the system. 

Identity management is one of the most complex and costly things that IT does, completely in the background - unbeknownst to most users and when it works, the idea is you don’t recognize it at all. When it breaks (or in the case of Okta is hacked) its painful. 

As a reminder, we recommend setting up multi-factor authentication on as many log-ins as you can. We also recommend using a password manager to keep all of your various personal (or even professional) account log-ins completely individualized (don’t re-use passwords in other words). Lastpass and 1password are two great services that we recommend. 

Related content