Press Release: Get the Level of Identity Management Your Campus NEEDS for Office 365

 

vide_snap

BEDFORD, NH– (Marketwire – June 25, 2014) – Today, PistolStar, Inc. announced the integration of its PortalGuard product with Office 365. This integration will give administrators the power to choose the level of convenience and security they desire for their students and faculty while accessing Office 365, including:

 

-Self Service Password Reset (SSPR)

-Single Sign-on (SSO)

-Two-factor Authentication

 

With PortalGuard integrated with Office 365, schools now get the level of identity management they need. Gregg Browinski, CTO of PistolStar, Inc. comments on the level of identity management and security with PortalGuard. “Using Office 365 guarantees 99.9% uptime for your campus email infrastructure, but this benefit is moot if students forget their passwords and can’t login. Federating Office 365 with a local ADFS instance can allow SSO but this just pushes a ‘forgotten password’ scenario further back to the desktop login and still lacks stronger two-factor authentication or self-service password reset options.” Browinski continues, “Swapping PortalGuard in place of ADFS in this architecture can provide standards-based web SSO and highly flexible SSPR from a single, tightly integrated, brandable, login interface.”

 

Using PortalGuard’s SSPR, students and faculty are given the power to reset their passwords from the web or desktop, reducing help desk calls and increasing ROI. SSO streamlines the login and reduces the barriers to access; with just a single login, the students and faculty gain access to all of their authorized applications, including: Blackboard, Moodle, Canvas, Banner, Google Apps, and Office 365.

 

PortalGuard provides you with the level of identity management your campus needs. Click here to learn more about PortalGuard®’s seamless integration for Office 365 and other education applications or visit our Education Page here.

How to Mend a Broken Heart: The Heartbleed Bug and what you need to know to protect yourself

broken heart

 

The news broke this week that the Heartbleed Bug had attacked an undetermined amount of websites and their users worldwide. At this time it would seem that a large number of people are affected, however, the magnitude of this Bug may not be made clear for some time. Last year, the Adobe breach  numbers grew drastically as time moved forward.

So what is the Heartbleed Bug?

The researchers who uncovered the problem describe the Bug as a serious flaw within OpenSSL.

“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

Currently affected sites:

Some of the popular websites that have been listed as vulnerable include the following:

-Yahoo.com

-Imgur.com

-Flickr.com

-Okcupid.com

Click here for a full list.

How you can protect yourself.

There a couple of different steps you can take to proactively protect yourself. The first step would be to change your passwords on all of the effected sites that are listed above. It would also be good practice to change all of your passwords in general, just to play it safe. The other, more drastic option would be to avoid using the identified sites entirely. However, this may not be a possible option if you are an active member of the sites affected.

Although many websites do not require password resets to occur on a regular basis, the authentication experts at PortalGuard highly recommend changing your password every 90 days. If you take this simple action, it can possibly save you from a lot of frustration and heartache.

Identifying Authentication Challenges in Education: A look within our clients

Apple on keyboard

Recently, while looking through our customer base, we noticed a very interesting trend within our post-secondary education clients. Once we recognized this trend, we wanted to take a moment and identify this top issue and look at some of the reasons why this could be so?

We identified that the most common hurdle that our clients are facing within the education industry is account lockouts, a.k.a. self-service password reset (SSPR).

When looking at the grand scheme of things, this is not really a surprise.  Schools have a large number of users that are vastly made up of students that have many things on their minds; surely, they will lock themselves out of their account at one point. Add to the mix of faculty and staff, some of which may be adjunct or part-time employees of the college or university, and you have quite the cocktail of end-users. One more piece to add to this puzzle is new students, both freshmen and transfer students that are trying to remember all of the before mentioned things and learn a new campus.

Education Link Banner

When looking at this breakdown of some of the list of possibilities above, the picture becomes a little clearer of why SSPR would be top of the charts. Without a SSPR solution set in place, this could mean an influx of Help Desk calls to unlock the students and faculty’s accounts. This would bog down the phone lines and prevent other, more important tech issues from being solved.

Also, think about it from a cost perspective.

At the start of any semester, there would be a large number of calls placed to the Help Desk to assist in unlocking the accounts. For the school, that means that there may be a need to have extra staff on hand to cover these simple calls. But adding extra staff is not as simple as it sounds: the extra staff costs the college wages, extra training, and the cost of extra equipment needed for them to do their jobs. All of those extras can add up in a hurry!

At the end of the day, PortalGuard understands this is a pain point for the education industry and has provided affordable solutions to help reduce Help Desk calls and also provide strong authentication security on the backend.

Social Network Hacked: Snapchat, what happened and why they think it happened

snapchat-numbers-posted-online

Snapchat is one of the hottest social networks out there with millions of users worldwide sharing photos, most of them ‘selfies’ of their users. What makes Snapchat so unique is the App allows you to send the photos which self-delete off of the recipient’s phone a few seconds after viewing.  This mega social network is the latest to get hacked, exposing 4.6 million users’ names and phone numbers.

Fox Business interviewed Adam Levin, co-founder of Identity Theft 911.  “This is a big deal… Anytime you have a hack, it impacts what people do. It’s important to remember that any technology can be defeated, and you should always look at things skeptically.”

Snapchat responded to this recent hacking event saying that the motivation of the hack was to expose Snapchat’s lack of security.  “It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal.  Security matters as much as user experience does.”

It definitely is a little unnerving when you find that security features are not at the top of the priority list when companies are developing a product, and only come into light once the users are personally effected.

With this hack in place it is a reminder to keep vigilance over your personal information.  Many people use the same screen name across multiple accounts, which means the other accounts may also be susceptible to being hacked.

Not only did this hack show the users of Snapchat the application’s vulnerabilities, it also reminds us all to be careful with what they share on social media networks in general.

Sources:

http://en.wikipedia.org/wiki/Selfie

http://www.foxbusiness.com/personal-finance/2014/01/02/snapchats-hack-what-users-should-do-now/

http://hackersnewsbulletin.com/2014/01/proved-snapchat-hack-joke-4-6m-usernames-plus-numbers-posted-online.html

P@ssw0rdS

password

Passwords we all have them, but we all can’t remember them: A satirical observation on the complexity of passwords.

There is so much pressure on choosing the “right” or “R!6ht” password, it has to exceed 6 characters and even though we really wanted to use our dogs name “Spot,” which won’t work since it’s only four characters. So we are then left to think of some other variation to use that we then may or may not remember. Then it becomes an ordeal to just remember is it spot12, Spot123, or SPOT10 since he was ten when you created the password, but was that in human or dog years?

Passwords just aren’t fun anymore, they are stressful. Some people put too much pressure on themselves when creating a password, we promise it’s not like the pressure of trying to win a gold medal at the Olympics. On other end of spectrum some people don’t put enough pressure on creating a strong password (cough) 123456.

Faith Sale once said, “It sometimes feels like the only person from whom your passwords are keeping you safe is YOU.” 1

After forgetting your password you then feel like you need to go to therapy, after being asked enough questions about your childhood to make your head spin. Maybe you don’t have the greatest childhood memories, and you are still recovering from being called, “Chunky Monkey” for the first 13 years of your life. But sure enough, you are prompted to enter in your childhood nickname.

“It may all lead to a profound existential crisis which leaves you yelling at your computer, ‘IT’S REALLY ME, I JUST FORGOT WHO I AM!!!’”1

Some people would argue that passwords are something we have just for the sake of making us feel safe rather, than actually keeping us safe. We don’t agree, a hacker acquiring one or two of your passwords could bring you whole world crashing down. Your bank account could be drained, and even worse they could potentially acquire your social security number and really do some damage.

So adapt password habits that you will remember, and maybe if you are lucky the organization you work for will implement single sign-on, if they haven’t already.

Resource:

1.)    http://www.cbsnews.com/news/a-word-for-the-password-weary/

EU Behind the Times for Cyber Security

Night view of Europe

 

Often in our blog we focus on what is happening here in America, but we work with companies all over the globe. Recently, there was a survey done by the  where they questioned over 27,000 people in the European Union about their internet use, security attitudes and experiences. 1  The survey showed that individuals in the EU were behind the times when it came to cyber security.

Just over a quarter those surveyed only use their own hardware to go online, and just under that figure (24%) use unique passwords for different sites. Does this remind you of any recent breaches?

“Of those surveyed 48% of web users said they had not changed any of their online passwords in the last year. Out of those who had made changes, the highest figure was for webmail (31%) with social networks just behind on 26%. Online banking passwords were less likely to be changed, with only 20% changing in the last 12 months, and shopping site passwords were rarely changed, at only 12%. “1

These numbers seem slightly off because you would think the information that could obtained from hacking into your bank account would be more detrimental than a social media account.  The website Naked Security adds that maybe this is a sign that there is a need for more education.

Most of the statics in the report point back to the fact that there is a common fear of the risks associated with using the internet, so they put off taking advantage of all that it has to offer.  The catch is that most of these people are not even doing the basics to protect themselves.

If you have a fear about using the internet take the time to educate yourself and those around you, whether it’s your family or co-works.  Make sure you have strong passwords in place that cannot be easily guessed. And if you do not have anti-virus software installed on your machine then definitely take the time to do so.

You can read the full report here, for more statistics.

Resources:

1.)    http://nakedsecurity.sophos.com/2013/11/27/only-24-of-europeans-use-different-passwords-for-different-websites/

2.)    http://ec.europa.eu/public_opinion/archives/ebs/ebs_404_en.pdf

Food for thought… On Passwords

Let’s talk about forgetting your password, it has happened to all of us at one time or ano

ther.

Forgetting your password is a real pain in the you-know-where. You type in what you think is your  password, then you try another one, then with Caps and a special character. Before you know it, your account has been locked out and you need to contact the systems administrator. You dial the help desk, wait on hold for a few minutes, and then finally, success!

This always seems to  happen when you are in a time crunch. This could be during a meeting or presentation, or  when you need to check your email quickly before heading out for the night. No matter what the case it is a real pain point and a huge inconvenience.

PCWorld  cited a study done by Ian Robertson, “Illustrates the growing amount of alphanumeric clutter in our heads: the average person now has to remember five passwords, five PIN numbers, two number plates, three security ID numbers and three bank account numbers just to get through everyday life. Not surprisingly, Robertson’s research found that nearly 60 percent of those studied felt like they couldn’t possibly remember all of these numbers and letters that they were supposed to.” The number of passwords that the average person is required to remember today only continues to grow.

Today, more companies are shying away are from the “traditional” password management, to a self-service method. Self Service Password Reset is a simple service that can help avoid the anxieties associated with locking yourself out, by prompting the user to answer preselected questions or enter a one-time code sent to their phone to unlock their account or obtain a new password.

Companies like PortalGuard offer a simple and effective solution that will not only eliminate the stress that comes from a lock out, but will save money and time at a higher level.

Click here for more information on Self Service Password Reset.

 

Resources:

http://www.pcworld.com/article/150874/password_brain_power.html