The release discusses the opportunity attendees will have to talk with our authentication experts about how to apply the appropriate authentication method to each user, group or application.

Read the press release now on MarketWire to learn more about having the flexibility to take a gradual approach to increasing security.

Authentication is evolving. There’s a better way to authenticate. Be confident in who accesses your web applications.

You can now find this slogan on SearchSecurity.com, along with multiple media offerings from PortalGuard. PortalGuard is sponsoring both Security Topics, Application and Platform Security and Enterprise Identity and Access Management. Presenting a new flexible approach to authentication, the informative drop down video discusses how risk-based authentication is the next step in the evolution of authentication, and asks you, what’s your authentication situation?

Take a moment to check it out, and while you’re there request your copy of the exclusive whitepaper: “Real World Security with Risk-based Authentication”.

The white paper address the challenge organizations face with being able to protect their resources with appropriate authentication capabilities while at the same time making access as easy as possible for users. In order to achieve this, decision makers must focus on “real world security”, namely, matching the level of authentication required to gain access to a particular application with the risk associated with accessing it.

This white paper examines the various methods of authentication in use today. View now to explore:

• Benefits of risk-based authentication
• High-level recommendations about how to improve password management capabilities
• A brief overview of PortalGuard
• And more

If you are in the Hartford area, PortalGuard would like to encourage you to stop by the DataConnectors Hartford Tech-Security Conference, located in Cromwell CT.

The PortalGuard team will be there to discuss the PortalGuard Risk-based Authentication Platform as well as all supporting functionality. Feel free to stop by the table and ask authentication questions that may have been unanswered in the past, regarding:

- Self-service Password Reset: including Offline Recovery

- SSO: seamless access to web, desktop and mobile applications

- Password Compliance: add to your web applications - even SQL web apps

- Authentication Methods: configurable by user, group or application

Please Click Here for a the conference information and agenda. If you are looking for further conference information please contact Dawn Morrissey at 314-525-7140.

We hope to see you there!

On Thursday, PortalGuard participated in the Dash for Prizes contest, which encouraged attendees to drop a business card at the booth to enter the drawing. In the end PortalGuard gave out a Cisco Flip Digital Camcorder as well as Amazon Gift Cards and snooze buttons.

Continuing to attend shows around the U.S., the next stop for PortalGuard will be in the fall. Please check www.PortalGuard.com for upcoming events and news.

Mark Cochran, VP of Global Sales, and Kimberly Johnson, Marketing Director, staff the booth

Kimberly congratulates PortalGuard's first Dash for Prizes winner

Kimberly congratulates PortalGuard's second Dash for Prizes winner

Philadelphia 2011, May 11th & 12th

Come stop by booth #109 to learn more about:

PortalGuard:

The PortalGuard software is a Risk-based Authentication Platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your enterprise web, desktop and mobile applications. Developed and supported by authentication experts, PortalGuard is easy to deploy, enterprise ready and Tailored for an exact fit to your requirements.

Tailored Authentication:

For a unique environment and/or situation, which requires specific functionality, our team would make the necessary adaptations to meet or exceed your security objectives, and provide a fully supported product.

The next stop for PortalGuard is:

Booth #614, Orlando FL, April 19th & 20th

Recently Attended Events:

San Francisco CA, February 14th - 18th

Orlando FL , January 30th - February 3rd

One of the biggest challenges with implementing password history policies is being able to maintain usability while increasing compliance and security. By limiting the user to only using passwords that are new to them each time, the user becomes frustrated every time they are required to reset their password. Unfortunately with limits being enforced, the frustrated user is more likely to write down passwords. If you are thinking of implementing a password history policy it is better to tailor it to your environment and only make it a requirement when it makes sense in relation to the required level of data protection.

Some key things to remember surrounding password history is that it has an inverse relationship to your password expiration policies. So if you are expiring passwords frequently then you would need a higher password history limit. For example, if you expire passwords as frequently as every 30 days you would want a high password history limit, say around 50. This would not allow the reusing of any passwords for 1500 days. It is important to remember what is necessary for the type of data you are trying to protect.

The other concern is how to help your users create passwords and not get frustrated with having to remember brand new ones. Many times a user will create a password and continually use variations of the same password (ex. password, password1, password2, password3, etc.). Something to take into consideration may be the limiting of similar passwords as it may be crucial to your security.

To help users with all of these issues the option you could give them is to use a pass phrase. Instead of a single “X” length of characters you could allow them to login with an entire sentence. This might be easier for some users to remember and therefore reset their pass phrase when needed.

Overall the goal is to decrease user frustrations while still implementing effective password history policies. Make sure to consider what level of data protection is required and what is necessary in terms of the limits you are setting for your end users.

By implementing a simple Password Strength Meter, your employees can easily have visual feedback as to whether or not they are following password policies and avoiding weak passwords. This will also make password strengths easy to enforce for varying levels of required data protection.

With the Password Strength Meter provided by PortalGuard the user has a real time response to their choice of characters for their new password. With each character that is typed in the meter will show the user whether their password is becoming weaker or stronger. The administrators can implement this on every login page or only on those protecting critical data. The idea is that Password Strength Meters are going to aid the user in implementing stronger passwords while maintaining usability.

CNN.com Super Passwords Article

Many times there are misleading URLs and false websites created for the sole purpose of tricking your end-users and stealing their credentials. To an untrained eye it is easy to be fooled.

(Click Photo to Enlarge)

So the tip to give employees is to make sure to look for HTTPS in any URL where they are entering in credentials or accessing sensitive data. HTTP Secure (HTTPS) layers Hypertext Transfer Protocol on an encrypted SSL/TLS to ensure that information sent to the server is secure. This differs from the basic HTTP URLs which are not secure or encrypted and are subject to “man-in-the-middle” and “eavesdropping” attacks.

By users getting in the habit of looking for the more secure HTTPS you are more likely to prevent them from distributing valuable data over the network. This is a very strong method used best for financial transactions and internal portals.

Learn More:
PortalGuard – secure authentication
Wikipedia - explanation of HTTPS
Image Source: http://www.informatics.indiana.edu/markus/documents/security-education.pdf