Strong Authentication for Terminal Services

[straightup]

I'm looking for 2 factor authentication options to layer on to my Terminal Services implementation. Anyone have any experience or opinions?

 

[AKumar]

2nd factor authentication

2nd factor authentication

There are some nice tokenless options in this space. check out https://www.phonefactor.com/terminalservices. It may be just what you're looking for, though we haven't actually implemented it ourselves yet. Anyone else have experience with them?

 

[straightup]

Thanks

Thanks

I'll have a look, thanks. How significant is Out of Band response from a security perspective?

 

[Francesca]

Out Of Band is a big deal

Out Of Band is a big deal

Given that Phishing is a significant security threat, the opportunity to use PhoneFactor to enter the 2nd factor through a channel other than the browser is a pretty big deal.

 

[straightup]

PhoneFactor Out of Band?

PhoneFactor Out of Band?

What do you mean when you say the 2nd Factor is out of band with PhoneFactor?

 

[Yogen Archibald]

phonefactor for terminal services out of band

phonefactor for terminal services out of band

It's out of band because it relies on a different network (phone network) to provide the second factor. When you think about it, someone would need to have infiltrated both networks and know to put them together in order to get access to an identity

 

[straightup]

Thanks, not bad!

Thanks, not bad!

Thanks for the help. I tried it and it has worked pretty well. Trying to figure out what the downside is. More that I think about, the more the Out of Band response is a big deal. Couple other things are a big deal, like price and token-less.

 

[straightup]

Tokenless is the way to go

Tokenless is the way to go

Tokenless is pretty significant. Tokens cost $4-$5 apiece which can add up when you support thousands of users, especially if you assume they have to be replaced every year or two.

 

[Yogen Archibald]

Tried it for OWA

Tried it for OWA

BTW, we tried PhoneFactor for Outlook Web Access as well. Had to upgrade to a paid version in order to support multiple apps, but at least it works well technically.

 

[Yogen Archibald]

Tried it for OWA

Tried it for OWA

BTW, we tried PhoneFactor for Outlook Web Access as well. Had to upgrade to a paid version in order to support multiple apps, but at least it works well technically.

 

[Alyosha]

Human Factors a plus

Human Factors a plus

We use the free version for OWA Authentication as well. Our users don't seem to mind it as much as they did for tokens. Putting my human factors hat on, the natural process of answering a phone call and hitting the "#" key is a lot more comfortable than pulling out the token, looking for the number, then typing it in to browser. (Not to mention a lot more secure).

 

[Yogen Archibald]

Works for landline as well

Works for landline as well

Ya know, it doesn't have to be a wireless phone either. If users know they will be out of coverage, or if they lose their phone, or if they run out of battery, or if they are out of the country, or if they are abducted by aliens, they can easily change the outbound phone number to a landline where they know they will be.