Case Study: Key Mechanical eliminates phishing risk with Secret Double Octopus passwordless authentication

Key Mechanical - Customer Case Study

Key Mechanical, a West Coast HVAC and refrigeration contractor, was hit by a successful phishing attack that exposed an Office 365 account and, because passwords were synchronized with Active Directory, gave the attacker access to AD‑connected resources. The attacker attempted to redirect a large client payment before the fraud was noticed. To eliminate this vulnerability, Key Mechanical chose Secret Double Octopus and its Octopus Authenticator passwordless solution.

Secret Double Octopus implemented the Octopus Authenticator company‑wide, replacing typed passwords with secured out‑of‑band push approvals (and BLE for offline use) that integrate with Office 365 and Active Directory. The deployment removed password‑based phishing as a viable attack vector, improved user experience (users simply swipe to approve), and strengthened protection for workstations, cloud accounts and AD resources—leaving Key Mechanical and its customers better protected, per IT director Tyler Wisenburg.

Key Mechanical

Tyler Wisenburg

IT Director