SlideShare una empresa de Scribd logo

Password management

PortalGuard dba PistolStar, Inc.
PortalGuard dba PistolStar, Inc.

PortalGuard’s Password Management will increase the security of passwords by adding features such as more granular password quality rules, history, expiration and lockout due to incorrect logins. This is especially beneficial for applications failing to meet compliance requirements, such as homegrown web applications or custom SQL user repositories. Administrators can easily manage multiple password policies while users are given usability features such as password meters and password expiration reminders synched with their email client calendar. Watch tutorial here: http://pg.portalguard.com/configurable_password_management_tutorial

Tecnología
1 de 40
Descargar para leer sin conexión
Understanding PortalGuard’s Configurable Password Management: Balancing Usability and Compliance Highlighting the Password Management Layer of the PortalGuard Platform
By the end of this tutorial you will be able to… • How PortalGuard can help you • Understand how password management can make applications compliant • Discover PortalGuard’s Configurable Password Management • See the Step-by-step Authentication Process • Know the Technical Requirements
The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications. Usability Security • Single Sign-on • Knowledge-based • Password Management • Two-factor Authentication • Password Synchronization • Contextual Authentication • Self-service Password Reset • Real-time Reports/Alerts
Before going into the details… • Configurable by user, group or application • Security – password history, expiration and complexity • Strikeout/Lockout limits to enforce a configurable number of strikes • Usability – email calendar reminders and password strength meter • Self-service password reset, recovery and account unlock • Password synchronization • Verbal Authentication • Easy implementation • Cost effective – reduce Help Desk calls
Implementing stronger authentication security…
BUY BUILD NON-Compliant
Increasing security as a secondary thought… • Low risk applications - password-based authentication • Medium/High risk applications - stronger authentication • Contextual Authentication • Multi-factor • Two-factor • One-time password (OTP)
Password management is… A poorly chosen password may result in unauthorized access and/or exploitation of critical data. • Password Creation • Password Protection • Password Change Frequency Protection Frequency Complexity
The first step… Educate your users on password best practices including… • Never share your account • Never use the same password for multiple systems • Never tell a password to anyone • Never write down a password • Never provide a password over the phone, email or instant messaging • Make sure to log off or lock workstation • Change your password whenever suspect • Passwords should be alpha-numeric at a minimum
Goes beyond the foundational policies and provides enhanced functionality which improves security of passwords while improving usability for users.
FEATURES
Security Features: • Password Complexity - customizable rules for minimum and maximum length, and uppercase, lowercase and special characters. • Password History - prevent users from reusing their last “n” passwords • Password Expiration - set expiration and grace periods • Strikeout/Lockout Limits - enforce a configurable number of strikes before an account lockout • Prevent Users from Sharing Credentials - limit multiple concurrent logon sessions • Lockout Inactive User After “n” Days - identify and stop access from dormant user accounts
Usability Features: • Email Calendar Reminders - set reminders in user’s email client calendar of upcoming password expirations • Expiration Grace Period – notify users of expiration but allow them to skip the password reset for a configurable number of days • Password Meter - provide users with visual clue of the strength of the password when resetting or creating one • Password Synchronization - leveraging one strong password across multiple systems
Administrative & Help Desk Features: • Help Desk/Verbal Authentication - prove user’s identity when calling into the Help Desk by answering a series of challenge questions • Auditing/Logging - record user login activity including invalid usernames, last login, last password change, etc. • Administrative Dashboard - provides administrators with a snapshot of recent user login activity • Help Desk Console – application which allows Help Desk staff to perform account actions such as a password reset, account unlock, etc.
• Flexibility - configurable to the user, group or domain hierarchy • Increased Usability - maintains user productivity and satisfaction with a password strength meter, email calendar reminders and self- service password reset • Increased Security - prevents both common password and code injection attacks • Balances Usability and Security - supports both compliance and user • Implements password best practices • Compliance – web-based and SQL applications now meet required standards • Cost effective – reduce password related Help Desk calls
HOW IT WORKS
Policy-based security settings…. To enforce password management rules for your users. POLICY
Password History Several previous passwords are remembered. With this policy setting, users cannot reuse old passwords when their password expires. POLICY
Maximum Password Age So passwords expire as often as necessary for your environment, typically every 30 to 90 days. If an attacker manages to crack a user’s password using offline tools, a shorter expiration interval increases the likelihood that the password is no longer current for that user’s account, preventing the breach. POLICY
Minimum Password Age So passwords cannot be changed until they are more than a certain number of days old. If a minimum age is defined, users cannot repeatedly change their passwords to get around the password history policy setting and then use their original password. POLICY
Minimum Password Length So passwords must consist of at least a specified number of characters. Long passwords – seven or more characters – are usually stronger than short ones. With this policy setting, users cannot use blank passwords, and they have to create passwords that are a certain number of characters long. POLICY
Search Order and Precedence Due to PortalGuard’s flexibility users can have multiple policies applied… 1. Policies applied directly to a user 2. Policies applied to a group 3. Policies applied to a domain or OU 4. The default policy POLICY
User Profiles Where PortalGuard’s user-specific information is stored. • Strike count • Last login time • Password expiration time • Hashed answers to challenge questions • Last password change time • Accepted Terms of Use time POLICY
Step 1: The user’s password is expired, but within the grace period. The user defers the password change by clicking the link shown and is allowed to login.
Step 2: A few days later, the user attempts to login and the password is now expired. PortalGuard forces a password change.
Step 2a: If PortalGuard is configured to use a password meter it is automatically updated as the user types their new password.
Step 2b: If a password minimum age is enabled and the user attempts to manually change their password again, PortalGuard will prevent it.
Step 3: When password history is enabled, a password that satisfies the complexity rules may still be rejected.
Step 4: Once the new password is acceptable, PortalGuard changes it in the target user repository in real-time and notifies the user of the success.
Step 5: If a password minimum age is enabled and the user attempts to manually change their password again, PortalGuard will prevent it.
Configurable through the PortalGuard Configuration Utility: Password Rules: • Minimum length • Maximum length • Minimum lowercase • Minimum uppercase • Minimum numeric • Minimum special • Active Directory complexity
Configurable through the PortalGuard Configuration Utility: Rule Grouping: • Combine standard password rules into pools where only a subset must be met
Configurable through the PortalGuard Configuration Utility: Enable/Disable Password Meter: • Minimum required “score” when enabled
Configurable through the PortalGuard Configuration Utility: Password History: • By number of entries or time
Configurable through the PortalGuard Configuration Utility: Password Dictionary: • Standard words that passwords cannot contain
Configurable through the PortalGuard Configuration Utility: Misc: • Enforce Complexity Rules During Login • Regular Expression Checking
Configurable through the PortalGuard Configuration Utility: Password Expiration Lockout • Expiration period • Strike limit • Grace period • Lock expiration • Expire first use • Strike messages • Minimum age • Inactivity • Calendar reminders • Session concurrency • Help Desk/Verbal Authentication Auditing: • Log last login • Log last password change • Log last password recovery • Require acceptance • URL for rejection
TECHNICAL REQUIREMENTS
A MSI is used to install PortalGuard on IIS 6 or 7.x. This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only. • IBM WebSphere/WebSphere Portal v5.1 or higher • Microsoft IIS 6.0 or higher • Microsoft Windows SharePoint Services 3.0 or higher • Microsoft Office SharePoint Server 2007 or later • .NET 2.0 framework or later must be installed • (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 (32 or 64-bit) • Microsoft Windows Server 2008 (32 or 64-bit) • Microsoft Windows Server 2008 R2
THANK YOU For more information visit PortalGuard.com or Contact Us

Recomendados

Password Management
Password ManagementPassword Management
Password ManagementRick Chin
 
Password management for you
Password management for youPassword management for you
Password management for youChit Ko Ko Win
 
Password management
Password managementPassword management
Password managementWilmington University
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksScott Sutherland
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 

Recomendados

Password Management
Password ManagementPassword Management
Password ManagementRick Chin
 
Password management for you
Password management for youPassword management for you
Password management for youChit Ko Ko Win
 
Password management
Password managementPassword management
Password managementWilmington University
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksScott Sutherland
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcingn|u - The Open Security Community
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Password Policy and Account Lockout Policies
Password Policy and Account Lockout PoliciesPassword Policy and Account Lockout Policies
Password Policy and Account Lockout Policiesanilinvns
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Brute Force Attack
Brute Force AttackBrute Force Attack
Brute Force AttackAhmad karawash
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFAJack Forbes
 
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知Justin Lin
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Email hacking
Email hackingEmail hacking
Email hackingShreyaBhoje
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentationHitachi ID Systems, Inc.
 
Intruders
IntrudersIntruders
Intruderstechn
 

Más contenido relacionado

La actualidad más candente

Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Password Policy and Account Lockout Policies
Password Policy and Account Lockout PoliciesPassword Policy and Account Lockout Policies
Password Policy and Account Lockout Policiesanilinvns
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知Justin Lin
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 

La actualidad más candente (20)

Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Password Policy and Account Lockout Policies
Password Policy and Account Lockout PoliciesPassword Policy and Account Lockout Policies
Password Policy and Account Lockout Policies
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Phishing
PhishingPhishing
Phishing
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Brute Force Attack
Brute Force AttackBrute Force Attack
Brute Force Attack
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Social engineering
Social engineering Social engineering
Social engineering
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
 
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Email hacking
Email hackingEmail hacking
Email hacking
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Social engineering
Social engineering Social engineering
Social engineering
 

Destacado

Intruders
IntrudersIntruders
Intruderstechn
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threatswardjo
 
Lyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond AccountingLyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond AccountingVijay Somu
 
Ds interest (HS)
Ds interest (HS)Ds interest (HS)
Ds interest (HS)barcombe
 
126611584 sap-password
126611584 sap-password126611584 sap-password
126611584 sap-passwordDavid Chan
 
Great white sharks project
Great white sharks projectGreat white sharks project
Great white sharks projecteric57
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 
Tech Ed 2011 Preso
Tech Ed 2011 PresoTech Ed 2011 Preso
Tech Ed 2011 PresoPAUL CONROY
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_resetKunal Grover
 

Destacado (18)

Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentation
 
Intruders
IntrudersIntruders
Intruders
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threats
 
Lyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond AccountingLyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond Accounting
 
Rabbits Integrated Pest Management
Rabbits Integrated Pest ManagementRabbits Integrated Pest Management
Rabbits Integrated Pest Management
 
Can Dogs Drink Coffee
Can Dogs Drink CoffeeCan Dogs Drink Coffee
Can Dogs Drink Coffee
 
Ds interest (HS)
Ds interest (HS)Ds interest (HS)
Ds interest (HS)
 
126611584 sap-password
126611584 sap-password126611584 sap-password
126611584 sap-password
 
Rabbits
RabbitsRabbits
Rabbits
 
Great white sharks project
Great white sharks projectGreat white sharks project
Great white sharks project
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
 
roberts portfolio
roberts portfolioroberts portfolio
roberts portfolio
 
Tech Ed 2011 Preso
Tech Ed 2011 PresoTech Ed 2011 Preso
Tech Ed 2011 Preso
 
Password Management
Password ManagementPassword Management
Password Management
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
 

Similar a Password management

Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
How to be a Security Minded Admin by Chris Zullo
How to be a Security Minded Admin by Chris ZulloHow to be a Security Minded Admin by Chris Zullo
How to be a Security Minded Admin by Chris ZulloSalesforce Admins
 
Twofactorauthentication 120625115723-phpapp01
Twofactorauthentication 120625115723-phpapp01Twofactorauthentication 120625115723-phpapp01
Twofactorauthentication 120625115723-phpapp01Hai Nguyen
 
CNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationCNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationSam Bowne
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Zoho Corporation
 
CNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationSam Bowne
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3jemtallon
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SASrobbuddingh
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best PracticesAmazon Web Services
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10APSU
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 

Similar a Password management (20)

Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
How to be a Security Minded Admin by Chris Zullo
How to be a Security Minded Admin by Chris ZulloHow to be a Security Minded Admin by Chris Zullo
How to be a Security Minded Admin by Chris Zullo
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Twofactorauthentication 120625115723-phpapp01
Twofactorauthentication 120625115723-phpapp01Twofactorauthentication 120625115723-phpapp01
Twofactorauthentication 120625115723-phpapp01
 
CNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationCNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking Authentication
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...
 
CNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking Authentication
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best Practices
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple Passwords
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloud
 

Más de PortalGuard dba PistolStar, Inc.

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationPortalGuard dba PistolStar, Inc.
 

Más de PortalGuard dba PistolStar, Inc. (6)

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Contextual Authentication
Contextual AuthenticationContextual Authentication
Contextual Authentication
 
Make Your Employees More Security Aware
Make Your Employees More Security AwareMake Your Employees More Security Aware
Make Your Employees More Security Aware
 

Último

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Último (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Password management

  • 1. Understanding PortalGuard’s Configurable Password Management: Balancing Usability and Compliance Highlighting the Password Management Layer of the PortalGuard Platform
  • 2. By the end of this tutorial you will be able to… • How PortalGuard can help you • Understand how password management can make applications compliant • Discover PortalGuard’s Configurable Password Management • See the Step-by-step Authentication Process • Know the Technical Requirements
  • 3. The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications. Usability Security • Single Sign-on • Knowledge-based • Password Management • Two-factor Authentication • Password Synchronization • Contextual Authentication • Self-service Password Reset • Real-time Reports/Alerts
  • 4. Before going into the details… • Configurable by user, group or application • Security – password history, expiration and complexity • Strikeout/Lockout limits to enforce a configurable number of strikes • Usability – email calendar reminders and password strength meter • Self-service password reset, recovery and account unlock • Password synchronization • Verbal Authentication • Easy implementation • Cost effective – reduce Help Desk calls
  • 6. BUY BUILD NON-Compliant
  • 7. Increasing security as a secondary thought… • Low risk applications - password-based authentication • Medium/High risk applications - stronger authentication • Contextual Authentication • Multi-factor • Two-factor • One-time password (OTP)
  • 8. Password management is… A poorly chosen password may result in unauthorized access and/or exploitation of critical data. • Password Creation • Password Protection • Password Change Frequency Protection Frequency Complexity
  • 9. The first step… Educate your users on password best practices including… • Never share your account • Never use the same password for multiple systems • Never tell a password to anyone • Never write down a password • Never provide a password over the phone, email or instant messaging • Make sure to log off or lock workstation • Change your password whenever suspect • Passwords should be alpha-numeric at a minimum
  • 10. Goes beyond the foundational policies and provides enhanced functionality which improves security of passwords while improving usability for users.
  • 12. Security Features: • Password Complexity - customizable rules for minimum and maximum length, and uppercase, lowercase and special characters. • Password History - prevent users from reusing their last “n” passwords • Password Expiration - set expiration and grace periods • Strikeout/Lockout Limits - enforce a configurable number of strikes before an account lockout • Prevent Users from Sharing Credentials - limit multiple concurrent logon sessions • Lockout Inactive User After “n” Days - identify and stop access from dormant user accounts
  • 13. Usability Features: • Email Calendar Reminders - set reminders in user’s email client calendar of upcoming password expirations • Expiration Grace Period – notify users of expiration but allow them to skip the password reset for a configurable number of days • Password Meter - provide users with visual clue of the strength of the password when resetting or creating one • Password Synchronization - leveraging one strong password across multiple systems
  • 14. Administrative & Help Desk Features: • Help Desk/Verbal Authentication - prove user’s identity when calling into the Help Desk by answering a series of challenge questions • Auditing/Logging - record user login activity including invalid usernames, last login, last password change, etc. • Administrative Dashboard - provides administrators with a snapshot of recent user login activity • Help Desk Console – application which allows Help Desk staff to perform account actions such as a password reset, account unlock, etc.
  • 15. • Flexibility - configurable to the user, group or domain hierarchy • Increased Usability - maintains user productivity and satisfaction with a password strength meter, email calendar reminders and self- service password reset • Increased Security - prevents both common password and code injection attacks • Balances Usability and Security - supports both compliance and user • Implements password best practices • Compliance – web-based and SQL applications now meet required standards • Cost effective – reduce password related Help Desk calls
  • 17. Policy-based security settings…. To enforce password management rules for your users. POLICY
  • 18. Password History Several previous passwords are remembered. With this policy setting, users cannot reuse old passwords when their password expires. POLICY
  • 19. Maximum Password Age So passwords expire as often as necessary for your environment, typically every 30 to 90 days. If an attacker manages to crack a user’s password using offline tools, a shorter expiration interval increases the likelihood that the password is no longer current for that user’s account, preventing the breach. POLICY
  • 20. Minimum Password Age So passwords cannot be changed until they are more than a certain number of days old. If a minimum age is defined, users cannot repeatedly change their passwords to get around the password history policy setting and then use their original password. POLICY
  • 21. Minimum Password Length So passwords must consist of at least a specified number of characters. Long passwords – seven or more characters – are usually stronger than short ones. With this policy setting, users cannot use blank passwords, and they have to create passwords that are a certain number of characters long. POLICY
  • 22. Search Order and Precedence Due to PortalGuard’s flexibility users can have multiple policies applied… 1. Policies applied directly to a user 2. Policies applied to a group 3. Policies applied to a domain or OU 4. The default policy POLICY
  • 23. User Profiles Where PortalGuard’s user-specific information is stored. • Strike count • Last login time • Password expiration time • Hashed answers to challenge questions • Last password change time • Accepted Terms of Use time POLICY
  • 24. Step 1: The user’s password is expired, but within the grace period. The user defers the password change by clicking the link shown and is allowed to login.
  • 25. Step 2: A few days later, the user attempts to login and the password is now expired. PortalGuard forces a password change.
  • 26. Step 2a: If PortalGuard is configured to use a password meter it is automatically updated as the user types their new password.
  • 27. Step 2b: If a password minimum age is enabled and the user attempts to manually change their password again, PortalGuard will prevent it.
  • 28. Step 3: When password history is enabled, a password that satisfies the complexity rules may still be rejected.
  • 29. Step 4: Once the new password is acceptable, PortalGuard changes it in the target user repository in real-time and notifies the user of the success.
  • 30. Step 5: If a password minimum age is enabled and the user attempts to manually change their password again, PortalGuard will prevent it.
  • 31. Configurable through the PortalGuard Configuration Utility: Password Rules: • Minimum length • Maximum length • Minimum lowercase • Minimum uppercase • Minimum numeric • Minimum special • Active Directory complexity
  • 32. Configurable through the PortalGuard Configuration Utility: Rule Grouping: • Combine standard password rules into pools where only a subset must be met
  • 33. Configurable through the PortalGuard Configuration Utility: Enable/Disable Password Meter: • Minimum required “score” when enabled
  • 34. Configurable through the PortalGuard Configuration Utility: Password History: • By number of entries or time
  • 35. Configurable through the PortalGuard Configuration Utility: Password Dictionary: • Standard words that passwords cannot contain
  • 36. Configurable through the PortalGuard Configuration Utility: Misc: • Enforce Complexity Rules During Login • Regular Expression Checking
  • 37. Configurable through the PortalGuard Configuration Utility: Password Expiration Lockout • Expiration period • Strike limit • Grace period • Lock expiration • Expire first use • Strike messages • Minimum age • Inactivity • Calendar reminders • Session concurrency • Help Desk/Verbal Authentication Auditing: • Log last login • Log last password change • Log last password recovery • Require acceptance • URL for rejection
  • 39. A MSI is used to install PortalGuard on IIS 6 or 7.x. This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only. • IBM WebSphere/WebSphere Portal v5.1 or higher • Microsoft IIS 6.0 or higher • Microsoft Windows SharePoint Services 3.0 or higher • Microsoft Office SharePoint Server 2007 or later • .NET 2.0 framework or later must be installed • (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 (32 or 64-bit) • Microsoft Windows Server 2008 (32 or 64-bit) • Microsoft Windows Server 2008 R2
  • 40. THANK YOU For more information visit PortalGuard.com or Contact Us