Okta Patent Disrupts AI-Fueled Phishing Attacks

Hackers love to go phishing.

Okta wants to keep you from taking the bait. The company filed a patent application for “techniques for phishing-resistant enrollment and on-device authentication” that, to put it simply, fortifies a user’s enrollment into authentication apps such as Okta Verify against phishing attempts.

“Some enrollment channels may be susceptible to phishing attacks in which an attacker may intercept sensitive data,” said Okta. If a user’s enrollment into an authentication app is intercepted by a hacker, they may be able to register their device as a trusted one, intercepting multifactor authentication and quietly compromising a user’s account. 

Okta’s patent seeks to limit that: First, when a user signs up for an authentication service, Okta’s tech encrypts the “token,” or the special code used for verification of a device. That encryption ensures that a hacker can’t use that token if it’s stolen.

Additionally, the system relies on a secure encryption key stored on an “NFC device,” or a piece of hardware that needs to be physically close to the enrolling device to verify it. The physical  hardware element prevents a hacker from remotely compromising device enrollment. 

Okta’s patent highlights a growing trend in cybersecurity: Phishing attacks are getting more sophisticated. AI has offered an expanded tool chest that can help threat actors create convincing bait. While setting up multifactor authentication is vital in preventing phishing attacks, security professionals prefer certain methods of authentication to others. 

According to the 2025 Customer Identity Trends Report by Auth0, a subsidiary of Okta, biometric methods, like fingerprinting and face ID were ranked as the most secure means of login by professionals surveyed. Authenticator apps, meanwhile, ranked third. Okta’s patent could add an additional layer of safety to authentication apps as threat actors become smarter. 

“While legacy authentication techniques often imposed a tradeoff, modern approaches combine phishing-resistant security with the convenience of a fingerprint or facial scan, or the tap of a button on an authenticator app,” the report notes.