PortalGuard has the ability to use various aspects of a user’s login in order to determine the veracity of the user’s identity. PortalGuard’s Contextual Authentication (Or Risk Based Authentication) takes these transparent barriers and associates a Risk Score based on a predetermined set of values. For a valid user, these barriers remain unseen during authentication – being processed and checked in the background only. For an unauthorized user, access is denied even if the correct password is provided.
PortalGuard uses multiple factors of any given login to determine exactly who is attempting to login to a user account. For example: If an individual typically access his or her account in the New York office during typical 9 to 5 hours, any login attempt that falls outside of those parameters will fail, unless these circumstances are set-up in advance.
In order to enforce Contextual Authentication, an installation of PortalGuard Desktop is required. PortalGuard Desktop provides access to various transparent barriers, while also allowing the configuration of a unique Risk Score for each individual user. By attributing various risk values to each parameter, PortalGuard allows for flexibility while still maintaining strong authentication security. The most commonly used parameters are based on geographic location, secured/unsecured Wi-Fi signal, and the time of day.
Users only allowed to authenticate on a secured WiFi network
Users must be in a specific location in order to be authenticated
Users only allowed to authenticate during work hours
In order to achieve the ultimate goal of increasing authentication security, PortalGuard also makes use of mutual authentication. Sometimes called two-way authentication, mutual authentication is a process in which the client authenticates itself to the server, and the server authenticates itself to the client. In this way, both sides of the process prove their legitimacy to the other.
Leveraging Public Key Infrastructure (PKI), PortalGuard creates an encrypted cookie for specific web-based applications; thus ensuring that only the PortalGuard server is able to decrypt it. No passwords in transit - far less risk to user logins.
Contextual authentication optionally collects data that can be used to report on risk, user adoption, and efficiency.
By using a combination of mutual and contextual authentication, PortalGuard helps to mitigate man-in-the-middle attacks. These attacks attempt to intercept messages in transit, substituting a typical public key with an imposter. Both parties are left with the appearance that they are still communicating with each other, and the attacker can act unchallenged. By using an encrypted cookie, PortalGuard circumvents this infiltration.