This article details strategies Okta admins can take to help block suspicious sign-in attempts against malicious authentication attempts by bad actors using password spraying.

• Credential-based attack
• User account lockout

The collection of references below highlights Okta's best practices and how to secure against unwanted authentications:

• Improve account lockout behavior by adding the ability to block suspicious sign-in attempts from unknown devices.

  • How to Block Suspicious Password Attempts from Unknown Devices

• Add authenticators with different factor types; require possession factor before password during sign-in.

  • Reference: Multifactor authentication

• Admins can block IP addresses from network zones, IP zones,  dynamic zones, and ASN  from accessing their Okta org.

  • Reference: Blocklist network zones

• Leverage Risk Scoring and Behavior Detection to evaluate sign-in requests and prevent credential-based attacks by requiring MFA on high-risk logons. 

  • Reference: Risk and behavior evaluation

• Create a common password check and enable password complexity in Password Policy.

  • Configure a password policy

• As an option to increase org security, Okta supports CAPTCHA services to prevent automated sign-in attempts.

  • Reference: CAPTCHAs

• Integrate with 3rd-party bot detection solutions:

  • Okta + Shape Security: Stop identity attacks in their tracks
  • Okta + PerimeterX
  • Okta Fastly Integration

• In October 2025, Okta added a significant enhancement to its Breached Credentials Protection, designed to provide greater control and stronger defense against account takeover attacks. This protection is enabled by default for all Okta organizations using Okta-mastered or AD-mastered password policies, aligning with Okta's "secure by default" philosophy.
  • Breached Credentials Protection Product Enhancement

Related References

• System Log events for Okta ThreatInsight
• How to Block Anonymizing Services using Okta