Configurable Password Management:: Balancing Usability and Compliance
Configurable Password Management:: Balancing Usability and Compliance
The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications.
Usability Single Sign-on
Password Management Password Synchronization Self-service Password Reset
Security
Knowledge-based Two-factor Authentication
Contextual Authentication
Real-time Reports/Alerts
Password synchronization
Verbal Authentication
BUY BUILD
NON-Compliant
Password management is A poorly chosen password may result in unauthorized access and/or exploitation of critical data.
Password Creation Password Protection Password Change Frequency
Protection
Frequency
Complexity
The first step Educate your users on password best practices including
Never share your account Never use the same password for multiple systems Never tell a password to anyone Never write down a password Never provide a password over the phone, email or instant messaging Make sure to log off or lock workstation Change your password whenever suspect Passwords should be alpha-numeric at a minimum
Goes beyond the foundational policies and provides enhanced functionality which improves security of passwords while improving usability for users.
FEATURES
Security Features:
Password Complexity - customizable rules for minimum and maximum length, and uppercase, lowercase and special characters. Password History - prevent users from reusing their last n passwords Password Expiration - set expiration and grace periods Strikeout/Lockout Limits - enforce a configurable number of strikes before an account lockout Prevent Users from Sharing Credentials - limit multiple concurrent logon sessions Lockout Inactive User After n Days - identify and stop access from dormant user accounts
Usability Features:
Email Calendar Reminders - set reminders in users email client calendar of upcoming password expirations Expiration Grace Period notify users of expiration but allow them to skip the password reset for a configurable number of days Password Meter - provide users with visual clue of the strength of the password when resetting or creating one Password Synchronization - leveraging one strong password across multiple systems
Flexibility - configurable to the user, group or domain hierarchy Increased Usability - maintains user productivity and satisfaction with a password strength meter, email calendar reminders and selfservice password reset Increased Security - prevents both common password and code injection attacks Balances Usability and Security - supports both compliance and user Implements password best practices Compliance web-based and SQL applications now meet required standards Cost effective reduce password related Help Desk calls
HOW IT WORKS
POLICY
Password History
Several previous passwords are remembered. With this policy setting, users cannot reuse old passwords when their password expires.
POLICY
POLICY
POLICY
So passwords must consist of at least a specified number of characters. Long passwords seven or more characters are usually stronger than short ones. With this policy setting, users cannot use blank passwords, and they have to create passwords that are a certain number of characters long.
POLICY
POLICY
User Profiles
Where PortalGuards user-specific information is stored.
Strike count Last login time Password expiration time Hashed answers to challenge questions Last password change time Accepted Terms of Use time
POLICY
Step 1:
The users password is expired, but within the grace period. The user defers the password change by clicking the link shown and is allowed to login.
Step 2:
A few days later, the user attempts to login and the password is now expired. PortalGuard forces a password change.
Step 2a:
If PortalGuard is configured to use a password meter it is automatically updated as the user types their new password.
Step 2b:
If a password minimum age is enabled and the user attempts to manually change their password again, PortalGuard will prevent it.
Step 3:
When password history is enabled, a password that satisfies the complexity rules may still be rejected.
Step 4:
Once the new password is acceptable, PortalGuard changes it in the target user repository in real-time and notifies the user of the success.
Step 5:
If a password minimum age is enabled and the user attempts to manually change their password again, PortalGuard will prevent it.
Auditing: Log last login Log last password change Log last password recovery Require acceptance URL for rejection
TECHNICAL REQUIREMENTS
.NET 2.0 framework or later must be installed (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) Microsoft Windows Server 2000 Microsoft Windows Server 2003 (32 or 64-bit) Microsoft Windows Server 2008 (32 or 64-bit) Microsoft Windows Server 2008 R2
THANK YOU
For more information visit PortalGuard.com or Contact Us