Recent News: PortalGuard Presents Contextual Authentication at SecureWorld Expo in Boston
Filed under: Authentication Trends, General Information, PortalGuard, secureworld expo
Just wanted to share PortalGuard’s recent press release regarding the presentation of contextual authentication, a midpoint between passwords and two-factor, at the SecureWorld Expo in Boston, March 28th - 29th.
The release discusses the opportunity attendees will have to talk with our authentication experts about how to apply the appropriate authentication method to each user, group or application.
Read the press release now on MarketWire to learn more about having the flexibility to take a gradual approach to increasing security.
Authentication is Evolving with PortalGuard Now on SearchSecurity.com
Filed under: Authentication Security, Authentication Trends, General Information, PortalGuard
Now On 
Authentication is evolving. There’s a better way to authenticate. Be confident in who accesses your web applications.
You can now find this slogan on SearchSecurity.com, along with multiple media offerings from PortalGuard. PortalGuard is sponsoring both Security Topics, Application and Platform Security and Enterprise Identity and Access Management. Presenting a new flexible approach to authentication, the informative drop down video discusses how risk-based authentication is the next step in the evolution of authentication, and asks you, what’s your authentication situation?
Take a moment to check it out, and while you’re there request your copy of the exclusive whitepaper: “Real World Security with Risk-based Authentication”.
New White Paper on SearchSecurity.com
Filed under: Authentication Trends, General Information, PortalGuard
We recently released a new white paper, in conjunction with Osterman Research, titled “Real World Security with Risk-based Authentication”. This can be found here, on SearchSecurity.com.
The white paper address the challenge organizations face with being able to protect their resources with appropriate authentication capabilities while at the same time making access as easy as possible for users. In order to achieve this, decision makers must focus on “real world security”, namely, matching the level of authentication required to gain access to a particular application with the risk associated with accessing it.
This white paper examines the various methods of authentication in use today. View now to explore:
- Benefits of risk-based authentication
- High-level recommendations about how to improve password management capabilities
- A brief overview of PortalGuard
- And more
PortalGuard Visits Hartford: DataConnectors Tech-Security Conference
Filed under: DataConnectors, General Information
If you are in the Hartford area, PortalGuard would like to encourage you to stop by the DataConnectors Hartford Tech-Security Conference, located in Cromwell CT.
The PortalGuard team will be there to discuss the PortalGuard Risk-based Authentication Platform as well as all supporting functionality. Feel free to stop by the table and ask authentication questions that may have been unanswered in the past, regarding:
- Self-service Password Reset: including Offline Recovery
- SSO: seamless access to web, desktop and mobile applications
- Password Compliance: add to your web applications - even SQL web apps
- Authentication Methods: configurable by user, group or application
Please Click Here for a the conference information and agenda. If you are looking for further conference information please contact Dawn Morrissey at 314-525-7140.
We hope to see you there!
PortalGuard Declares Success at SecureWorld Expo 2011 - Philadelphia
Filed under: General Information, PortalGuard, secureworld expo
We have come back from last week’s SecureWorld Expo 2011 in Philadelphia with enthusiasm. PortalGuard, stationed at booth #109, was successful in discussing Risk-based Authentication with attendees and displaying the benefits of moving away from Static Authentication. Attendees stopping by the booth were posed with interesting technical questions and most were on a fact finding mission to establish the upcoming trends in enterprise authentication.
On Thursday, PortalGuard participated in the Dash for Prizes contest, which encouraged attendees to drop a business card at the booth to enter the drawing. In the end PortalGuard gave out a Cisco Flip Digital Camcorder as well as Amazon Gift Cards and snooze buttons.
Continuing to attend shows around the U.S., the next stop for PortalGuard will be in the fall. Please check www.PortalGuard.com for upcoming events and news.
Mark Cochran, VP of Global Sales, and Kimberly Johnson, Marketing Director, staff the booth
Kimberly congratulates PortalGuard's first Dash for Prizes winner
Kimberly congratulates PortalGuard's second Dash for Prizes winner
PortalGuard Brings Risk-based Authentication to the SecureWorld Expo
Philadelphia 2011, May 11th & 12th
Come stop by booth #109 to learn more about:
PortalGuard:
The PortalGuard software is a Risk-based Authentication Platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your enterprise web, desktop and mobile applications. Developed and supported by authentication experts, PortalGuard is easy to deploy, enterprise ready and Tailored for an exact fit to your requirements.
Tailored Authentication:
For a unique environment and/or situation, which requires specific functionality, our team would make the necessary adaptations to meet or exceed your security objectives, and provide a fully supported product.
PortalGuard Attends Recent Industry Events
PortalGuard has been traveling the states attending leading industry events and educating attendees on self-service authentication, one-time passwords via a mobile device, multi-factor authentication and how to maintain usability for the end-user. With a focus on the enterprise PortalGuard offers a configurable, easy to deploy login system plug-in for the desktop, mobile or browser.
The next stop for PortalGuard is:
Booth #614, Orlando FL, April 19th & 20th
Recently Attended Events:
San Francisco CA, February 14th - 18th
Orlando FL , January 30th - February 3rd
What’s Your Password History?
Filed under: Authentication Security, Authentication Trends, Data Security, IT Security, PortalGuard
What’s your password history? This is a question many end users are not able to answer causing increased frustration. Of course password history is extremely important as it prevents the user from reusing a password which could have potentially been compromised in the past.
One of the biggest challenges with implementing password history policies is being able to maintain usability while increasing compliance and security. By limiting the user to only using passwords that are new to them each time, the user becomes frustrated every time they are required to reset their password. Unfortunately with limits being enforced, the frustrated user is more likely to write down passwords. 
If you are thinking of implementing a password history policy it is better to tailor it to your environment and only make it a requirement when it makes sense in relation to the required level of data protection.
Some key things to remember surrounding password history is that it has an inverse relationship to your password expiration policies. So if you are expiring passwords frequently then you would need a higher password history limit. For example, if you expire passwords as frequently as every 30 days you would want a high password history limit, say around 50. This would not allow the reusing of any passwords for 1500 days. It is important to remember what is necessary for the type of data you are trying to protect.
The other concern is how to help your users create passwords and not get frustrated with having to remember brand new ones. Many times a user will create a password and continually use variations of the same password (ex. password, password1, password2, password3, etc.). Something to take into consideration may be the limiting of similar passwords as it may be crucial to your security.
To help users with all of these issues the option you could give them is to use a pass phrase. Instead of a single “X” length of characters you could allow them to login with an entire sentence. This might be easier for some users to remember and therefore reset their pass phrase when needed.
Overall the goal is to decrease user frustrations while still implementing effective password history policies. Make sure to consider what level of data protection is required and what is necessary in terms of the limits you are setting for your end users.
Stronger Passwords Weighing In
Filed under: Authentication Security, Authentication Trends, Data Security, General Information, IT Security, PortalGuard, Security Attacks, password security
One of the pains in an employee’s daily routines is the idea of password management. Especially being able to easily understand what the IT Security Staff means by using a “strong” password. In a recent CNN.com article they stressed the importance of implementing “super passwords” suggesting that passwords should all be a minimum of 12 characters in length. If these types of standards are going to become the norm, due to the varying types of attacks being performed, than the usability of passwords for the user will decrease.
By implementing a simple Password Strength Meter, your employees can easily have visual feedback as to whether or not they are following password policies and avoiding weak passwords. This will also make password strengths easy to enforce for varying levels of required data protection.
With the Password Strength Meter provided by PortalGuard the user has a real time response to their choice of characters for their new password. With each character that is typed in the meter will show the user whether their password is becoming weaker or stronger. The administrators can implement this on every login page or only on those protecting critical data. The idea is that Password Strength Meters are going to aid the user in implementing stronger passwords while maintaining usability.
CNN.com Super Passwords Article
HTTP Uh-oh! Look at the URL
Filed under: Authentication Security, Authentication Trends, General Information, IT Security, PortalGuard, Security Attacks, Uncategorized
When it comes to security awareness it is key to provide your employees with quick tips to use throughout their daily routine to help them be more security aware. One of the first that is easy to implement and have employees get in the habit of is taking a look at the URL before they type in credentials.
Many times there are misleading URLs and false websites created for the sole purpose of tricking your end-users and stealing their credentials. To an untrained eye it is easy to be fooled.
(Click Photo to Enlarge)
So the tip to give employees is to make sure to look for HTTPS in any URL where they are entering in credentials or accessing sensitive data. HTTP Secure (HTTPS) layers Hypertext Transfer Protocol on an encrypted SSL/TLS to ensure that information sent to the server is secure. This differs from the basic HTTP URLs which are not secure or encrypted and are subject to “man-in-the-middle” and “eavesdropping” attacks.
By users getting in the habit of looking for the more secure HTTPS you are more likely to prevent them from distributing valuable data over the network. This is a very strong method used best for financial transactions and internal portals.
Learn More:
PortalGuard – secure authentication
Wikipedia - explanation of HTTPS
Image Source: http://www.informatics.indiana.edu/markus/documents/security-education.pdf