greyscale
asked on
Inexpensive two-factor authentication?
Hi there
A small-fry client of ours acquired an RSA appliance with standard digital tokens for terminal server/active directory authentication a few years ago. Recently, the harddisk in the appliance malfunctioned, and without a support contract with RSA, the options to get back up and running are a bit more expensive than what our client is comfortable with spending at this time.
Thusly, I am on the prowl - looking for a more inexpensive and less "fancy" solution than the RSA appliance/server. I was thinking along the lines of a pre-generated one-time password solution where the users could perhaps be issued wallet-sized preprinted one-time password cards.
The whole idea is trying to find something which improves on standard user/password mechanics in Active Directory without basing it on the built-in aging and complexity rules in standard policies. The users are simple minds, and the RSA token authentication was spot on.
Any thoughts or suggestions would be greatly appreciated!
Oh, and this should be compatible with a Windows 2008 Active Directory/Terminal Server environment. (Yes, they killed Gina..)
A small-fry client of ours acquired an RSA appliance with standard digital tokens for terminal server/active directory authentication a few years ago. Recently, the harddisk in the appliance malfunctioned, and without a support contract with RSA, the options to get back up and running are a bit more expensive than what our client is comfortable with spending at this time.
Thusly, I am on the prowl - looking for a more inexpensive and less "fancy" solution than the RSA appliance/server. I was thinking along the lines of a pre-generated one-time password solution where the users could perhaps be issued wallet-sized preprinted one-time password cards.
The whole idea is trying to find something which improves on standard user/password mechanics in Active Directory without basing it on the built-in aging and complexity rules in standard policies. The users are simple minds, and the RSA token authentication was spot on.
Any thoughts or suggestions would be greatly appreciated!
Oh, and this should be compatible with a Windows 2008 Active Directory/Terminal Server environment. (Yes, they killed Gina..)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for both your responses! I'll dig a little deeper into both suggestions and see how much wiser I get! Security isn't top of their agenda, and with only 30ish users, it's not a huge endeavour.
ASKER
I haven't managed to land on any technology yet, and this is also outside the scope of a small company like this, but it's the closest I've gotten to a workable answer, so thank you!
Many VPN devices, terminal services, etc. will support certs. If nothing else, you can issue software certs without hardware, but there is a huge security hit to that.