Security insights from the IDEE team

Deep-dives on phishing, credential attacks, MFA 2.0 architecture, and how to secure every type of worker.

MFA 2.0 15 min read

What is MFA 2.0? Why traditional multi-factor authentication is broken — and how to fix it.

Every phishing attack, SIM swap, and push-bombing incident has the same root cause: authentication built on shared secrets. MFA 2.0 eliminates the secret entirely.

Read Article
The phishing-proof authentication model
Risk Calculator

The 2026 IAM Risk Calculator

Assess your organisations' or projects' current IAM risk and get actionable insight using this comprehensive threat model based on the Center for Internet Security (CIS) Risk Assessment Method that conforms to and extends established risk assessment standards, such as ISO/IEC 27005, NIST SP 800-30, and RISK IT.

Calculate Risk

Latest from the blog

Whitepaper Identity & Access 15 min read

Preventing Privileged Account Takeover

Addressing the threats of Privileged Identity Management (PIM) and Privileged Access Management (PAM) — and how MFA 2.0 eliminates the attack surface entirely.

Read full article →

Compromised credentials are the most common initial attack vector, responsible for more than 31% of all breaches over the past decade. This whitepaper explores how PIM and PAM strategies, strengthened by phish-proof MFA 2.0, provide comprehensive protection against privileged account takeover.

Whitepaper Phishing & MFA 20 min read

MFA 2.0

Why MFA 1.0 is no longer fit for purpose — and how MFA 2.0 delivers phish-proof authentication that protects the complete user identity lifecycle.

Read full article →

Credential phishing and AiTM attacks have made MFA 1.0 obsolete. This whitepaper explains the five key phishing methods attackers use today, why phishing-resistant MFA still falls short, and what makes MFA 2.0 the only approach that is truly phish-proof.

Honest comparisons — because you deserve the full picture

We believe trust is built with transparency. Here's how IDEE compares to the alternatives, including the cases where a competitor might genuinely be a better fit for you.

Microsoft Authenticator

No one ever got fired for choosing Microsoft.

Microsoft is the world's largest productivity company — not a security company. Authenticator is adequate for low-risk environments. But if you need genuine phishing-proof MFA, you're not buying a security product. You're buying a feature built alongside PowerPoint.

What it takes to get near IDEE-level security with Microsoft
Requires: M365 Business Premium, E3, or E5 — no BYOD
Licenses
  • + Entra ID P2 Suite Add-on
  • + Intune Suite Add-on
  • + Smartphone or USB key / user
Processes
  • TAP setup for each user's first device
  • Authentication method: Passkeys only
  • Additional devices: Passkeys via BLE

With the full stack above, you can get close. But you're paying for multiple add-ons, managing a complex rollout, and still relying on a company whose core business is Office documents — not stopping account takeover.

Beyond Identity

A genuinely strong product — with one architectural choice we disagree with.

Beyond Identity builds serious security software and we respect their approach. They have solved real problems in the passwordless space. Where we part ways is a fundamental design decision: they require an agent installed on every device.

The agent problem

CrowdStrike took down 8.5 million Windows machines in July 2024 with a single faulty content update. The vector was a kernel-level agent. Supply chain attacks increasingly target endpoint software with privileged access — exactly what device agents require. We believe security software should never be a new attack surface.

AuthN by IDEE requires no agent, no software install, and no device management enrollment to function. It works on any device made since 2016 using hardware already built into the machine. That's a deliberate architectural choice — not a limitation.

Okta Verify, Duo & others

Traditional MFA: better than a password. Not better than phishing.

Push notifications, TOTP codes, and SMS OTPs are all improvements over passwords alone. But they share the same fundamental flaw: the second factor travels over a channel that attackers can intercept, manipulate, or social-engineer.

The second-device assumption

Every provider in this category assumes your users have a personal smartphone and are willing to install a corporate app on it. For frontline workers, factory floor employees, and organisations where BYOD is not an option, this assumption simply fails. The phone becomes both a cost and a liability.

Where the real weakness lies — registration & device onboarding

Even when day-to-day authentication looks secure, these providers rely on a second factor to verify identity during initial enrolment and when adding a new device. That moment — before the strong credential exists — is exactly when an attacker strikes. A phished OTP, an intercepted push approval, or a social-engineered IT helpdesk call during onboarding hands the attacker a legitimate credential from day one. The authentication chain is only as strong as its weakest link, and that link is registration.

AuthN requires no second device. Authentication happens on the device the user is already working on — using the same TPM chip that makes the device trustworthy in the first place. No app to install. No phone to register. No second factor to intercept — including at enrolment.

Want to see a side-by-side technical comparison?
We'll walk you through the architecture differences on a short call — no sales pressure.
Book a comparison call