BREAKING: Secret Double Octopus wants to make the enterprise password extinct $36M raised across seed to Series C 750M+ passwordless authentications a year Tech roots trace to nuclear-launch-code cryptography FIDO2 certified · Gartner Cool Vendor · SINET 16 Founded 2015 · Menlo Park + Tel Aviv Serving mid-market to Fortune 50 BREAKING: Secret Double Octopus wants to make the enterprise password extinct $36M raised across seed to Series C 750M+ passwordless authentications a year Tech roots trace to nuclear-launch-code cryptography FIDO2 certified · Gartner Cool Vendor · SINET 16 Founded 2015 · Menlo Park + Tel Aviv Serving mid-market to Fortune 50
Secret Double Octopus logo
Company Profile · Cybersecurity

Secret Double Octopus

The enterprise that decided the safest password is the one that doesn't exist - phishing-resistant, passwordless authentication for the whole messy, hybrid workforce.

A logo, a mark, a promise: the octopus spreads a secret across many arms so no single one can give it away. The cryptography behind it was built for nuclear codes. Now it just gets people into work.

Passwordless MFAFIDO2Phishing-ResistantEnterpriseFounded 2015
2015
Founded
$36M
Total Raised
750M+
Logins / Year
4
Co-Founders
The Pitch

A company built on subtraction

The password is the most-attacked object in enterprise security. Secret Double Octopus's answer is not a stronger password. It is no password.

Here is a slightly uncomfortable fact about corporate security spending: an enormous amount of it goes toward protecting a technology - the password - that most experts agree should not exist. You buy tools to make passwords longer, tools to rotate them, tools to detect when they leak, tools to help employees who forgot them. It is a large, profitable industry organized around a known bad idea. Secret Double Octopus, a cybersecurity company founded in Israel in 2015, looked at that arrangement and made an argument that is either obvious or radical depending on how much of your budget depends on the status quo: what if you just removed the password entirely?

This is harder than it sounds, which is the whole business. Removing passwords for a consumer app is a solved problem - Face ID, a tap, done. Removing them for an enterprise means dealing with Windows and Mac laptops, cloud apps, Active Directory, VPNs, shared workstations, privileged admin accounts, industrial controllers, and legacy systems built in an era when "passwordless" would have sounded like science fiction. Most of a company's real risk lives in exactly those awkward corners. Secret Double Octopus built its platform - marketed as the Octopus Authentication Platform and, more recently, ZeroPassword - to cover them.

The mechanism is roughly this: instead of a secret you type, your login becomes something you have and are - your phone, a FIDO2 hardware key, a biometric. There is no password sitting in a database to steal, no reusable string to phish, no sticky note under the keyboard. When an employee logs in, the system verifies them through a distributed, cryptographic handshake rather than a shared secret. And because there is nothing to phish, the entire category of "employee got tricked into typing their password into a fake page" quietly disappears.

Time to eliminate passwords entirely. - Secret Double Octopus company tagline
Origin

From nuclear codes to the office login

The company's name is not decoration. In cryptography there is a family of techniques called secret sharing, where you split a secret into many pieces so that no single piece - and no single point of failure - reveals anything on its own. You need several arms working together to reconstruct the whole. An octopus, distributing intelligence across its limbs, is a reasonable mascot for that idea. The "double" and "secret" are the security team's sense of humor showing through.

The genuinely interesting part is the lineage. Secret-sharing algorithms of this kind were originally developed for extremely high-stakes uses - the canonical example being the protection of nuclear launch codes, where you very much do not want any single person or single compromised component to be able to act alone. Secret Double Octopus took that same mathematical backbone and pointed it at a decidedly less dramatic but far more common problem: getting a few hundred thousand employees into their systems every morning without handing attackers an easy way in.

The four co-founders reflect that research-first DNA. Raz Rafaeli serves as CEO, Shimrit Tzur-David as CTO, Shlomi Dolev as chief scientist, and Chen Tetelman leading R&D. It is a founding team weighted toward cryptography and security research rather than pure sales - the kind of group that starts a company because they think the underlying math is right, and then spends a decade making it survive contact with real corporate IT.

The core cryptography was originally designed to protect nuclear launch codes. Now it protects your Monday-morning login. - On the company's secret-sharing origins
Product

What you can actually do with it

A single passwordless layer stretched across the systems a real workforce touches - new and old.

CORE · 2015

Octopus Authentication Platform

A unified passwordless layer for workstations, remote services, cloud apps and on-prem systems - one consistent way in, no matter what's behind the door.

FLAGSHIP · 2022

ZeroPassword Enterprise

The turnkey offering that removes passwords across an entire workforce, including the hybrid and legacy environments most tools skip.

SERVER · 2019

Octopus Authentication Server

FIDO2-certified, integrates with on-prem Active Directory, and supports FIDO2 keys from Yubico, Feitian and Google Titan.

DESKTOP · 2021

Octopus Pro / Desktop MFA

Adds phishing-resistant desktop MFA and FIDO2 login to Windows, Mac and corporate apps - across mixed environments, not just Windows.

Who it's for: the platform is aimed squarely at organizations where a login failure is expensive - financial services, government, defense and aerospace, higher education, and critical infrastructure. These are the places carrying compliance mandates, privileged-access risk and decades-old systems all at once, and they're where Secret Double Octopus concentrates. By the company's own account, the platform handles more than 750 million authentications a year - on the order of two million logins a day - for hundreds of thousands of employees.

The Money

Funding, quietly and steadily

Roughly $36 million raised across four rounds, from Israeli, Japanese and Silicon Valley investors. Notably, the Series C closed in January 2024 - a moment when a lot of cybersecurity funding had gone cold. The bet investors kept making is unglamorous: passwords will not fix themselves, and someone has to replace them.

RoundAmountDateLead / Notable Investors
Seed$1.5MJan 2016Jerusalem Venture Partners
Series A$6MJan 2017Jerusalem Venture Partners
Series B$15MApr 2020Sony Financial Ventures, KDDI, Global Brain
Series C$15M*Jan 2024Benhamou Global Ventures, JVP, SBI/SCV, KDDI

*Cumulative capital raised since 2022, including the equity round led by BGV.

2016 Seed
$1.5M
2017 A
$6M
2020 B
$15M
2024 C
$15M
The People

Four founders, one idea

RR

Raz Rafaeli

CEO & Co-Founder
ST

Shimrit Tzur-David

CTO & Co-Founder
SD

Shlomi Dolev

Chief Scientist & Co-Founder
CT

Chen Tetelman

VP R&D & Co-Founder
History

The timeline

2015

Founded in Israel

Four founders start the company around secret-sharing cryptography.

2016

Seed + Gartner Cool Vendor

$1.5M seed and early industry recognition.

2017

Series A

$6M to build out the enterprise passwordless platform.

2019

FIDO2 certification

Authentication Server certified, including on-prem Active Directory support.

2020

$15M Series B

Sony, KDDI and Global Brain back securing the remote workforce.

2022

ZeroPassword launch

Rebrand around Octopus Passwordless / ZeroPassword Enterprise.

2023

SINET 16 Innovator

Named a top security innovator; MSP partner program grows.

2024

$15M Series C

Round led by Benhamou Global Ventures funds global expansion.

Track Record

Recognition

Watch

Interviews & demos

Questions

Frequently asked

What does Secret Double Octopus do?

It provides enterprise passwordless multi-factor authentication, letting employees log into workstations, cloud apps and legacy systems without passwords - using phishing-resistant methods like phone-as-a-token and FIDO2 keys.

Who founded it, and when?

Founded in 2015 in Israel by Raz Rafaeli (CEO), Shimrit Tzur-David (CTO), Shlomi Dolev (Chief Scientist) and Chen Tetelman (VP R&D).

How much funding has it raised?

Roughly $36M total across seed, Series A, a $15M Series B in 2020, and a $15M Series C closed in January 2024 - from investors including JVP, Benhamou Global Ventures, Sony, KDDI and SBI Group.

What makes the technology unique?

Its core is secret-sharing cryptography originally developed to protect nuclear launch codes, distributing a secret so no single point can be compromised - and it works across Windows, Mac, cloud, on-prem and legacy environments.

Who uses it?

Mid-market to Fortune 50 enterprises, especially in regulated sectors like financial services, government, defense and higher education - serving hundreds of thousands of employees and 750M+ authentications a year.

Share & Connect

Spread the word