Press Release: Get the Level of Identity Management Your Campus NEEDS for Office 365

 

vide_snap

BEDFORD, NH– (Marketwire – June 25, 2014) – Today, PistolStar, Inc. announced the integration of its PortalGuard product with Office 365. This integration will give administrators the power to choose the level of convenience and security they desire for their students and faculty while accessing Office 365, including:

 

-Self Service Password Reset (SSPR)

-Single Sign-on (SSO)

-Two-factor Authentication

 

With PortalGuard integrated with Office 365, schools now get the level of identity management they need. Gregg Browinski, CTO of PistolStar, Inc. comments on the level of identity management and security with PortalGuard. “Using Office 365 guarantees 99.9% uptime for your campus email infrastructure, but this benefit is moot if students forget their passwords and can’t login. Federating Office 365 with a local ADFS instance can allow SSO but this just pushes a ‘forgotten password’ scenario further back to the desktop login and still lacks stronger two-factor authentication or self-service password reset options.” Browinski continues, “Swapping PortalGuard in place of ADFS in this architecture can provide standards-based web SSO and highly flexible SSPR from a single, tightly integrated, brandable, login interface.”

 

Using PortalGuard’s SSPR, students and faculty are given the power to reset their passwords from the web or desktop, reducing help desk calls and increasing ROI. SSO streamlines the login and reduces the barriers to access; with just a single login, the students and faculty gain access to all of their authorized applications, including: Blackboard, Moodle, Canvas, Banner, Google Apps, and Office 365.

 

PortalGuard provides you with the level of identity management your campus needs. Click here to learn more about PortalGuard®’s seamless integration for Office 365 and other education applications or visit our Education Page here.

From Hacktivist to Cybersleuth

Hacker Gone Hero

 

It’s just like something from out of the movies: criminal mastermind gets caught, turns from his wicked ways, and eventual unveils a piece of the criminal mastermind world to help out the good guys. There is something intriguing in being able to see into the criminal mastermind and get a behind the scenes look at the secret life of these hacktivist. In the hacktivists’ world, there is a network of secret groups and ominous aliases that threaten to breach and expose a multitude of private and personal data.

 

In August 2011, Hector Xavier Monsegur, also known by his hacker alias “Sabu,” pled guilty to numerous charges relating to multiple hacktivists actions. Monsegur then proceeded to help reveal the true identity to the alias names responsible for stolen identities and jeopardized corporations. According to The Daily Dot article LulzSec hacker-informant ‘Sabu’ set free, “After agreeing to help the FBI “immediately” after they busted him in his home on June 7, 2011, according to court documents, he proved extremely helpful to their investigations.” With the Monsegur turned cyberslueth, FBI officials were able to prevent many major cyber attacks from taking place.

 

Monsegur is also the foster parent of two kids, and this factor was what drove to Monsegur’s quick response of pleading guilty and full cooperation with the FBI.  According to USAToday, his attorneys stated “It was not a difficult choice for him. [. . .] his family came first.” Monsegur and his family are currently being relocated for safety purposed.

 

 

http://www.usatoday.com/story/money/business/2014/06/16/computer-hacker-sabu-monsegur-took-risks/9731443/

 

http://www.dailydot.com/news/sabu-hector-xavier-monsegur-fbi-antisec-anonymous-sentenced/

Press Release: Strengthening Web Authentication, Without Overcorrecting

PKlaunch 1

CLICK to View Video

BEDFORD, NH–(Marketwired – Jun 3, 2014) – Today, PistolStar, Inc. announced immediate availability of PortalGuard’s newest solution, PassiveKey. PortalGuard’s PassiveKey is a customer driven response to deliver the latest in innovative identity solutions. PassiveKey transparently enables two-factor authentication while allowing the user to login with the familiar username/password approach. This simultaneously strengthens authentication and eliminates the need for end-user training.

“Many think the correlation between strong security and identity logins is an unavoidable inconvenience to the end user. With PassiveKey, you can strengthen identity logins without ever impacting the end user,” says Thomas Hoey, founder and CEO of PistolStar, Inc. “Increasing security can be accomplished with many different second factor methods, but most stifle usability, negatively impacting the end user,” Hoey says. “Answering the need for both security and usability, PassiveKey cuts through all the hassle of second factors without ever compromising strong identity security.”

 

bannerblock_passivekey

 

With PassiveKey enrolled on a user’s device, the user logs into the protected account like they normally would with their password while PassiveKey transparently generates and transmits a one-time token which is validated by the PortalGuard server based on a shared secret between the two. “It is clear that it is no longer enough to protect private information with just a password,” Hoey continues. “Authenticating the user today must be more than just a user’s password, but the login process must be as easy as using just a password.” Revolutionizing logins, PassiveKey is restoring the balance between security and usability.

For more details or a free demo of PassiveKey, visit the product page here.

To see our PassiveKey video click here.

About PistolStar, Inc.
PistolStar, Inc. was founded in 1999 and is located in Bedford, NH and provides multiple services through PortalGuard. PortalGuard is Your Ideal Identity Solutions Experience, providing dedicated services, innovative solutions, and proven value. For more information, visit our website.

Honesty is the Best Policy: Passwords, IT Security Professionals, and Llamas!

Toothbrush

 

Well, the truth is that many organizations are just not enforcing the basics of Password Best Policies (PBP), never mind investing and enforcing stronger identity security. With much emphasis on ROI, the truth is IT Security Professionals make the dangerous decision to purchase the minimal authentication solution just to have “something” in place. And the truth about Llamas is never tick-off a Llama; they spit when provoked or threatened!

 

Passwords are precious things and have lost their importance in the eyes of the public. According to Teri Robison’s article, Study: Security pros still grappling with lax password policies, on SC magazine, “respondents to Lieberman Software’s ‘2014 Information Security Survey’ saying that they can still access systems at a previous place of employment by using old credentials. Disturbingly, in some cases, the report found, they can even access the systems of two or more employers.” A good place to start would be PBP, but sadly, Robison states that the 2014 Information Security Survey reports “quite a few respondents — nearly one in four — say their organizations don’t change their service and process account passwords within 90 days, which is recommended by most mandatory regulations.” This is staggering, and I believe there is a Llama spitting somewhere right now.

 

Also in the article, Robison quotes Lieberman stating, “’it’s astonishingly common’ in corporate and government networks for the administrator passwords . . . ‘to be shared across multiple systems, remain unchanged for extended periods of time, and be used without any access control or audit records.’” It goes without saying this is an unacceptable policy . . . anywhere!

 

With all the breaches in security you would think the lesson would be learned indirectly and companies would prioritize authentication security . But truth be told, Robison also quotes Lieberman stating, “a breach ups interest in investing in security, but not for long . . . with a ‘half-life mentality’ companies loosen the purse strings in the wake of a data breach, ‘diminishing back to basic security after a few months,’” a sad truth to be sure.

 

In closing, it is a no brainer that Passwords must be stronger and PBP awareness shared, IT Security Professionals must invest in a solution that increases ROI, and stronger security means commitment!

 

So go ahead! Invest . . . the Llamas won’t mind.

 

 

 

Source:

http://www.scmagazine.com/study-security-pros-still-grappling-with-lax-password-policies/article/348888/2/