Two Factor Authentication

giorgigordeziani · 2015-07-16T13:55:32.000Z

Hello,

We are looking for on-premise two factor authentication solution for our network. It consists of several windows server 2008R2-2012 versions and we do not want to have any fobs or keys. Basically email or text that goes to user.

No password or user info to cloud replication.

Any ideas?

Thanks in advance

justin1250 · 2015-07-16T14:04:58.000Z

There is LinOTP.

Its open source and will do sms or google authenticator tokens.

http://www.linotp.org/

zuphzuph · 2015-07-16T14:08:14.000Z

Yubico How to Here: Computer Login Security Tools | YubiKeys | Yubico

You’ll need a yubikey though.

halcyonforever · 2015-07-16T14:29:38.000Z

Your looking for out-of-band authentication then.

(sort of a faux two-factor since it doesn’t really guarantee a second factor. If it goes to an email, that may well tied to the same password they may have used to log-in with. IE if I break your admin’s password to get into the system, why wouldn’t I just log into his webmail to get the authentication email as well. Same gripe I have against the ancilliary questions (Mother’s Aunt’s Dog’s Name?), they are just weaker second passwords)

Are you wanting to use authentication when logging into server or workstations?

kyleparrish · 2015-07-16T14:33:52.000Z

I have been wanting to check out the Yubikey…they look awesome. Especially the NFC version for use on mobile phones and such.

jkhigg · 2015-07-16T15:45:43.000Z

Kyle Parrish:

I have been wanting to check out the Yubikey…they look awesome. Especially the NFC version for use on mobile phones and such.

Me too. Haven’t had time though.

zuphzuph · 2015-07-16T15:47:04.000Z

Kyle Parrish:

I have been wanting to check out the Yubikey…they look awesome. Especially the NFC version for use on mobile phones and such.

I really wanna get one to play around with. Currently using Google’s Two Factor app for nearly everything possible.

eriklangeland · 2015-07-16T16:06:08.000Z

Some, if not most, key fob-based solutions (e.g. RSA SecurID) will now allow you to use a smartphone app in place of the key fob, if that’s an option for you.

giorgigordeziani · 2015-07-17T18:41:03.000Z

Thank you all for your input, we now are looking at FortiAuthenticator and EMCs’ Apliance 130.They all have hardware and software token capabilities with app for mobile devices.

Thank you all

halcyonforever · 2015-07-17T19:17:41.000Z

I’m a fan of smartcards, mostly because many of our laptops have the reader built in. That and I realized pretty much everything is built into windows already.

scottbrindley · 2015-07-20T10:40:32.000Z

We use RSA with the token as an app on a smartphone as well , much easier than fobs.