1. The Cost and Loss of NOT Using Single Sign-On
with Two Factor Authentication
Presented by

2. Setting expectations
Here to provide you with food for thought
Managing your corporation’s password systems
Reduce cost
Enhance the user experience and improve productivity
Improve security
Simplify auditing and compliance
Housekeeping
Run time of approximately 15 minutes
Contact details will be provided at the end of
the presentation. We welcome questions
and comments.

3. According to a recent Gartner1 study….
• 30% of help desk calls are password related
• Average employee calls 1-2 times per month
• Each call costs ~$30
1000 users
x 21 calls per user per year
21000 calls per year
x $30 per call
$630,000
x 30% password related
$189,000 per year on password resets
1-Password Reset: Self-Service That You Will Love (Gartner Research Note T-15-6454)

4. 2012 Security Breaches
Network gets hacked millions of users and passwords compromised
Lets take it to a more personal place….

5. The LOSS:
• Hacker wanted to take control of Mat’s Twitter account
• Mat’s Gmail and home address were located on his Twitter profile
• From the Gmail password recovery screen, the hacker discovered
Mat’s backup email address – a .me account
• To access Mat’s Amazon account, they did a simple hack and added
a credit card number by calling and giving Mat’s email and billing
address
• The hackers called back to Amazon and added another email
address to the account
• Next they did a password reset on the account via the new email
address and now owned Mat’s account and last 4 digits of his
original credit card on the account
• The hacker next called Apple and was able to have his Apple ID given
to him using his billing address and the last 4 digits of his credit card
– which he knew from his Amazon account
• The hacker used the Apple ID to login to Mat’s .me account and
reset the password
• The hacker now has full control of Mat’s .me account as well as
Mat’s iCloud
• The hacker leverage the forgotten password on Gmail and had a new
password sent to his .me account.
• The hacker was then able to access Mat’s Gmail account and
effectively his entire digital identity
• The hacker was now able to take over his Twitter account
• Having access to Mat’s Apple ID, the hacker was able to remotely
wipe his iPhone and MackBook

6. Single Sign-On using Strong Authentication
Two-factor authentication
Contextual-based authentication
Self-service password management

7. Reduce cost associated with multiple passwords
Enhancing the user experience while increasing productivity
Increasing security around a single point of access
Simplifying auditing and compliance

8. Passwords are expensive
30% of help desk calls are password related
Reducing the number of passwords reduces the
number of help desk calls
Implementing SSO and self-service
password reset will result in ROI in
months…not years!

9. Passwords for:
• Email • Accounting
• CRM • Project management
• ERP • Payroll
• Marketing automation • Many many more…
Of those passwords, how many are scribbled on sticky notes?
SSO eliminates the need for multiple passwords allowing users
to maintain a single password
Fewer password related help desk calls and lost productivity
while IT comes to the rescue
Average downtime for a user waiting for a password reset: 20
minutes! Lost time that can never be recovered.
Take advantage of self-service password reset options to further
enhance the user experience and take burden off of help desk
staff

10. Strong Authentication:
When you have a single point of access… it better be secure!!
Strong authentication + SSO = Secure Network
Two-factor authentication increases security by some thing you know –
a password and leverages something you have – mobile phone, laptop
Example:
• User logs in with user name/password
• User receives SMS with one time password (OTP)
• User is prompted to enter OTP on screen
• System verifies user identity and grants access
Secure roaming or remote employees with contextual authentication.
Gauge risk based on where user is logging in from, basing the level of
authentication accordingly.
Example:
• Network detects user is logging in via LAN connection, authentication method =
password
• Network detects user is logging in from remote location during off hours,
authentication requires password and OTP

11. Benefit from configurable password policies – you set the
requirements for passwords or pass phrases along with how often
password expire; how frequently users can change the password
Should security be compromised, IT will have a cleaner log of
accounts to research and identify the rogue account.

12. Gartner is predicting the number of regulatory requirements directly
affecting IT will double over the next few years.
SSO helps alleviate some of the challenges of regulatory compliance
such as SOX, HIPAA, GLB and FFIEC.
Implementing SSO creates a centralization of authentication
Forces you to think about and document the logging and auditing of your
systems
Centralized authentication and documentation boosts your compliance efforts
Fewer password records means reducing the manpower spent each year on
compliance.

14. SAML is:
Platform neutral – workstations, tablets and
mobile devices
Improves online experience for end users
Increases security
Supported by many SaaS applications with strong commercial and
open source support

15. Can we go with a ‘homegrown’ approach?
Higher upfront costs in development and testing consuming resources
Additional lead-time is required – pushing out deployment schedule
You get to work out all of the bugs!
Workforce and expertise attrition
Ongoing maintenance demands and cost

16. PortalGuard Product Offerings
Single Sign-On
Two-Factor Authentication
Contextual Authentication
Self-Service Password Reset
Password Management
Password Synchronization
Professional Services

17. Thank you!
Check out videos, tutorials and tech briefs at
www.portalguard.com
Email Mark Cochran
mdcochran@portalguard.com