Two Factor Authentication

What is Two Factor Authentication?

Two Factor Authentication (2FA) is a safer way to secure your logins. Instead of using one form of authentication, such as a password, two factor authentication uses at least two forms of authentication to authenticate a user. This creates a much more secure environment for a user since even if a password does get compromised they still have an extra layer of protection to make sure their information is secure.

Multi-Factor Authentication

PortalGuard can enforce two-factor authentication and deliver an OTP when the user is trying to access the web/cloud application directly, through a VPN connection using RADIUS, or when performing self-service password reset, recovery, or account unlock.

PortalGuard can use these OTP methods for 2FA:

SMS Authentication

man using sms on phone

PortalGuard can leverage SMTP-to- SMS gateways or deliver SMS messages directly using multiple service providers. The former entails no additional per SMS cost whereas the latter can be as low as a few cents per message but guarantees the quickest delivery. Neither option requires additional hardware or infrastructure.


yubikey authentication example

YubiKey is a small USB key which is inserted into the user's machine and verifies the authentication request. YubiKey avoids many issues and costs associated with other hardware tokens because the user does not have to type in the OTP and batteries are not required.


computer with passive key overlooking window

Passivekey validates both the user -AND- the device they're using. PassiveKey® automatically generates a Time-based One-time Password (TOTP) on a configurable interval and sets the value as a session-based cookie. This cookie is created for only specific websites and is encrypted using public-key cryptography to ensure only the PortalGuard server can decrypt it.

SIP Authentication

rep using sip authentication

PortalGuard can call a user's landline or mobile phone with the OTP using either a hosted text-to-speech service or with the SIP protocol to leverage your existing phone infrastructure.


man using email on computer

PortalGuard can also send an email to the user's enrolled email account in order to authenticate the OTP.

Google Authenticator

google logo for mobile authenticator app

The OTP can be read from an enrolled Mobile Authenticator App

The mobile user performs a one-time enrolment where they enter their username, password and OTP.For subsequent logins on that browser, the user only needs to provide their username and password.