One-time Passwords: PortalGuard Options

A One-time Password is a unique string of characters that is created and submitted to the requested service through the use of a third party and is valid for only one login session or transaction. OTPs avoid a number of shortcomings with static passwords, including being unsusceptible to replay attacks. If a potential intruder manages to record an OTP that was already used to login to a server, said intruder will still be unable to access the service in question due to the possession of an invalid OTP.

OTP delivery methods can be summed up as falling into one of two categories: Hard Tokens, in which the OTP is generated by a device such as a YubiKey or SecurID Token; or Soft Tokens, such as a mobile phone, Google Authenticator,etc.

For its part, PortalGuard can enforce Two-factor Authentication and OTP delivery when the user is trying to access the web/cloud application directly, through a VPN connection using RADIUS, or when performing any self-service account management tasks – such as password reset, password recovery, or account unlock.

Unique to PortalGuard is the ability to support 11 different OTP Methods: From typical Hard and Soft tokens to its own unique offering of a transparent, Time-based OTP token through PassiveKey. (For detailed information, see the Appendix section below)

A major benefit to using OTPs for increased security is in the OTP’s inherent ability to assist in deterring various forms of malicious attack - such as Active, Passive and Man in t he Middle attacks. Each OTP type has its own tradeoffs in terms of security and usability. PortalGuard natively supports the following OTP delivery methods:

  • SMS Text Message
  • E-Mail
  • PassiveKey
  • Voice Calling
  • RSA SecurID
  • YubiKey
  • HOTP Tokens
  • Printed OTP
  • Google Authenticator
  • PortalGuard App
  • Helpdesk