A small-fry client of ours acquired an RSA appliance with standard digital tokens for terminal server/active directory authentication a few years ago. Recently, the harddisk in the appliance malfunctioned, and without a support contract with RSA, the options to get back up and running are a bit more expensive than what our client is comfortable with spending at this time.
Thusly, I am on the prowl - looking for a more inexpensive and less "fancy" solution than the RSA appliance/server. I was thinking along the lines of a pre-generated one-time password solution where the users could perhaps be issued wallet-sized preprinted one-time password cards.
The whole idea is trying to find something which improves on standard user/password mechanics in Active Directory without basing it on the built-in aging and complexity rules in standard policies. The users are simple minds, and the RSA token authentication was spot on.
Any thoughts or suggestions would be greatly appreciated!
Oh, and this should be compatible with a Windows 2008 Active Directory/Terminal Server environment. (Yes, they killed Gina..)