Gregg Browinski

Recent Posts

Three Ways PortalGuard Is Serving Up A Competitive Advantage

There are numerous options for Identity and Access Management (IAM) software in today's market. The wealth of information available from vendors provides ample resources for self-guided research, but it also makes it difficult to separate marketing messaging from the explicit answers you need to evaluate and make an informed decision. This post side-steps any feature/functionality checklists...

Continue Reading →

Tags: Authentication Security, identity management, MFA, Multi-Factor Authentication, SSO, Single Sign-On (SSO), IAM, tailored authentication, Licensing, identity and access management

Gregg Browinski
by Gregg Browinski 0 Comments

Discussing CSRF Attacks and SameSite Cookies

CSRF attacks, the Cookie Snatcher

Many malicious attacks against users browsing the web involve the use of cookies. Websites often use cookies to keep track of your logon session.

Continue Reading →

Tags: #security, SSO, Single Sign-On, cookies, Chromium, cross-site request forgery, CSRF

Gregg Browinski
by Gregg Browinski 0 Comments

PortalGuard vs. Microsoft Azure AD: A Direct Comparison

When it comes to purchases or big decisions, there is no shortage of quotes, quips and clichés. "You get what you pay for", "there's no free lunch" and "if it sounds too good to be true, it probably is". Any decision takes careful research and Identity Management decisions are among the most crucial that a business can make. Previous blog posts examined hidden costs for Microsoft ADFS and made...

Continue Reading →

Tags: 2FA, MFA, Microsoft, Multi-Factor Authentication, SSO, Self-Service Password Reset, Single Sign-On (SSO), SSPR, Two-Factor Authentication, Custom Branding

Gregg Browinski
by Gregg Browinski 0 Comments

How Can a Cloud Provider Securely Access my Active Directory?

More users and companies are running software applications in the cloud than ever before. When even the US Federal government is looking to get into the cloud, it's a clear indication that it has reached wide acceptance. Similarly, Identity as a Service (IDaaS) has been around for years, but how often do admins considering this approach bother to take a deeper dive into the issue of directory...

Continue Reading →

Tags: Authentication, Authentication Methods, Authentication Security, Cloud SaaS, encryption, firewall, Identity Federation, IT Security, #security, Access Control, Access Management, Active Directory, User Authentication, VPN, OAuth 2.0, OAauth, IDaaS, directory synchronization

PortalGuard's Latest in Feature Updates - Summer 2019

There is never a shortage of feature and enhancement requests from our customer base. These have been critical to ensuring PortalGuard's relevance in the authentication space so keep them coming! Features that make it into PortalGuard are either directly funded by a customer through our Tailored Authentication program or they are requested by multiple customers. For the latter case, these...

Continue Reading →

Tags: Authentication Security, End user experience, MFA, Multi-Factor Authentication, PortalGuard, Access Control, Access Management, Active Directory, PortalGuard Configuration, PortalGuard for Education, PortalGuard Update, SOL-based directory, two-factor, Two-Factor Authentication, secure login, security risk, login session, mobile authentication, Biometrics, front-end login, voice biometrics, domain policy, fingerprint readers, enable 2fa, security compliance, features, voice recognition, tailored authentication, automatic delivery fallback/failover, web-key, bio-key

It took 10 years, but the future has arrived for Multi-Factor Authentication!

The internet is a curious thing. It empowers us by being a gateway to the world's information, increases productivity by enabling us to work anywhere in the world and entertains us by streaming decades' worth of music, movies and television shows with a few clicks. Unfortunately, it also harbors the worst kinds of profit or thrill-seeking miscreants and criminals whether they are working alone...

Continue Reading →

Tags: 2FA, Authentication Security, information security, MFA, Multi-Factor Authentication, network security, #2FA, data breach, #phishing, two-factor, Two-Factor Authentication, #YubiKey, increase security, Google Authenticator, Duo Push Security, secure passwords, FIDO, FIDO Alliance, Biometrics, information systems, voice biometrics, password-based authentication, multilayer encryption, strong online security, technology evolution, improve security, phone call, interoperability, FIDO2, PKI, Public Key Infrastructure, Client-to-Authenticator, CTAP, fingerprint readers, hardware token, passwordless, WebAuthn, Web Authentication, Authenticators

The Benefits of Two-Factor for Your Offline Desktop

Why Require Two Factor for Windows Logons?

PortalGuard has offered two-factor authentication for Windows workstations and servers as part of its PortalGuard Desktop offering since 2013. As with all multi-factor initiatives, the primary use case is to increase security. As an example, multiple customers have installed the PortalGuard Desktop two-factor authentication on Windows servers in their...

Continue Reading →

Tags: 2FA, #2FASolutions, MFA, Microsoft Active Directory, Multi-Factor Authentication, PortalGuard, #2FA, #One-time password, two-factor, Two-Factor Authentication, Windows 10, #YubiKey, increase security, off network access, Duo Push Security, mobile authenticator, Benefits of 2FA, maintain security privacy, server-to-server communication, PortalGuard Service Provider, improve security, desktop 2FA, credential provider, HTTPS requests, Installation Requirements, offline, offline desktop 2fa, domain policy, modifying

Importance of Third-Party Testing and Verification

All companies that create software necessarily do varying degrees of internal testing. There are numerous types of which can include: unit, system or "end-to-end", regression, performance, load or "stress", accessibility and security. Yes, that is a LOT and it's only a sample! Having a dedicated team of specialists for this purpose is ideal, but anyone that works with the same product daily is...

Continue Reading →

Tags: Press Release, software as a service, Software Security Testing, SSO, Static Binary Analysis, static password, usability, User Experience, Veracode, Application Security Testing, Password Management, #phishing, PortalGuard Configuration, PortalGuard for Education, PortalGuard Update, Service Provider, Single Sign-On (SSO), SSPR, Stand your Ground, tech support, updates, PortalGuard Service Provider, veracode verified, "static" analysis, Spoofing, Probabilistic Techniques, Exploitation of Authentication, Manual Penetration Testing, Dynamic Link Libraries, Abuse of Functionality, Exploitation of Trust, Data Structure Attacks

Gregg Browinski
by Gregg Browinski 0 Comments
Gregg Browinski
by Gregg Browinski 0 Comments

Enforcing Two-Factor for All Access to Office 365 Email

In today's "always connected" environment, allowing users to access applications from anywhere is a standard mandate. Depending on the application itself, the first step is often finding a cloud-hosted version of the application. In this article, we'll focus on email, of which there is no shortage of cloud offerings. We'll narrow down further on Office 365 — currently the second most popular...

Continue Reading →

Tags: Authentication Methods, Authentication Security, contextual authentication, email, identity management, Identity Provider, IdP, IT Security, Multi-Factor Authentication, multilayer authentication, Authentication Provider, data breach, data security, office 365, Password Management, password manager, Single Sign-On (SSO), Two-Factor Authentication, security risk, login session, outlook, Office 365 Email