<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Why Was Security Image Removed in OIE
Aug 22, 2025
Okta Identity Engine
Administration
Overview

In Okta Classic Engine, Security Images served as an extra layer of security on the Okta login page. They displayed a unique image to users, offering visual verification that they were entering their credentials on a legitimate Okta page and not falling victim to a phishing attempt. 

Applies To
  • Security Images
  • Okta Identity Engine (OIE)
Solution

The decision to discontinue the Security Images feature was made after careful consideration of evolving security best practices and standards, as outlined by the National Institute of Standards and Technology (NIST). NIST has published guidelines highlighting the potential vulnerabilities associated with security images. These concerns stem from their limited effectiveness in enhancing security and their potential to introduce vulnerabilities into the system. Moreover, they may not align well with a zero-trust security model.

As always, Okta's priority is to provide its customers with the highest level of security and user experience. As a result, all options were considered, and the more effective security protocols for Okta Identity Engine (OIE) were chosen.

Recommended content

Still looking for help?
Loading
Why Was Security Image Removed in OIE