This article is a collection of commonly asked questions pertaining to our Client Portal
What is the Portal?
The Secure Ideas Portal is the interface we have designed to securely exchange sensitive information for the penetration testing and security consulting services we provide. You must be invited by a consultant to access the Portal.
How do I get invited?
Access to our Portal is currently by invite only. The Secure Ideas consultants you are working with will be able to set up your account. Once you have an account, you will need to initiate a password reset to receive your temporary password.
What if I didn't receive an email invite?
Sometimes automated emails can get lost along the way. Verify the email invite is not in your spam folder. If you still can't find the email, try initiating a password reset anyway. If you do not receive the password reset email, reach out to your consultant or Email Us so we can assist in troubleshooting.
What is MFA or Multi-Factor Authorization?
Multi-Factor Authentication (or MFA) is a security mechanism that helps protect unauthorized access to your account. We use what is known as a Time-based One Time Password (TOTP) for MFA. This means you will need to set up an authenticator application (or, app) on your mobile device to generate the six-digit codes needed for MFA.
If you already have an applicable app (such as Authy or Google Authenticator), then you should be able to add the Secure Ideas Portal to the app from the Secure Ideas Settings page, which you can access via the cog icon. If you do not have an authenticator app, you will need to install one of those applications.
Once it is set up, you will need both your password and the most recently generated code from your app.
What if I can't access my MFA app?
We can reset it. Simply email us and once we confirm your identity, we can reset your MFA configuration so that you can set it up with a new entry when you sign in. To avoid confusion, you should delete your old entry (eg, if it is still in your app but not working).
How do you secure Portal data?
Our entire job is all about keeping data secure (it's in the name!) — we use a multi-layer approach to security in the Portal to protect its data from unauthorized access. To begin, our Portal is our own cloud-based solution hosted in a locked-down Amazon Web Services (AWS) account and deployed using templates and automation to restrict access to the minimum necessary (i.e. principle of least privilege). All files (eg, reports) are stored in encrypted form. For users, we support Multi-Factor Authentication (MFA). In addition, we have architected the solution so that all API calls are funneled through authentication and authorization checks. And finally, in addition to the protections offered by AWS, we have added some of our own monitored logging on critical functions.