The PortalGuard platform’s layered authentication approach adds protection which is crucial in defending Outlook Web App (OWA) against attacks, an often overlooked and critically weak focal point for illegitimate access to most any corporate network, with minimal tradeoff between security and usability.
Through providing a variety of two-factor authentication methods for logins, the PortalGuard platform effectively alleviates the threat of compromised webmail credentials, greatly enhancing and securing OWA’s native simple password authentication. In addition, the platform presents options for enhancing the authentication for self-service password reset, eliminating the compromise between allowing user self-service and softening security.
“It is very clear that in an unprecedented number of accounts involving the compromise of corporate infrastructure in recent years, access to employee email accounts were a primary factor,” says Thomas Hoey, founder and CEO of PortalGuard, a company whose principals have always centered on providing companies with low-risk, robust functionality, and dedicated customer service, all while maintaining usability at an affordable price point. “Webmail access is sought after by hackers for an overwhelming number of reasons. An email account contains a wealth of data that can be easily leveraged for further takeover of the individuals or company’s assets or services,” Hoey says. “Everything from password reset links, sensitive corporate information, and all of your personal data is there as well, to be waded through for answers to password recovery questions. It’s in essence an archive with everywhere you’ve been and everything you’ve done online, making it the perfect place to initiate any sort of attack. Most OWA logins are publicly available and typically secured with the simplest lock available: a basic password.”
To hearken to the theme of usability, PortalGuard also offers completely transparent One-time Password (OTP) delivery methods to achieve its two-factor authentication in addition to the traditional, tangible type. Through use of its Transparent Tokenless Toolbar (TTT) browser plugin, the enhanced protection of two-factor authentication is combined with utmost usability, when a user is able to submit a full-fledged two-factor authentication without the need of a phone, hard-token, or anything the user has besides their laptop. The TTT automatically generates time based OTPs (TOTPs) on a regular interval, as well as encrypts the OTP value with public key cryptography. This ensures that the OTP is only able to be decrypted and read by the PortalGuard server, as well as severely limits the amount of time the OTP is valid if it were to be somehow compromised. With the TTT plugin installed, authenticating on a machine that passes a set of risk-based criteria requires just the users’ password, nothing more than a standard OWA login, despite that a secure two-factor authentication is actually taking place.
“For many, the importance of locking down your webmail access appears to be overlooked,” Hoey continues, “Others are certainly actively securing their OWA logins, through SSL, or hiding them behind reverse proxies, which are all partial answers. The fact of the matter is: multi-factor authentication is the only solution that addresses the issue of it being a weakest link in its entirety.”
The full version of the PortalGuard authentication platform software is available for $7,500 USD per installation, and comes with a 90 day money back guarantee. A trial version of PortalGuard is also available. For details, please visit the company website