Inexpensive two-factor authentication?

Hi there

A small-fry client of ours acquired an RSA appliance with standard digital tokens for terminal server/active directory authentication a few years ago. Recently, the harddisk in the appliance malfunctioned, and without a support contract with RSA, the options to get back up and running are a bit more expensive than what our client is comfortable with spending at this time.

Thusly, I am on the prowl - looking for a more inexpensive and less "fancy" solution than the RSA appliance/server. I was thinking along the lines of a pre-generated one-time password solution where the users could perhaps be issued wallet-sized preprinted one-time password cards.

The whole idea is trying to find something which improves on standard user/password mechanics in Active Directory without basing it on the built-in aging and complexity rules in standard policies. The users are simple minds, and the RSA token authentication was spot on.

Any thoughts or suggestions would be greatly appreciated!

Oh, and this should be compatible with a Windows 2008 Active Directory/Terminal Server environment. (Yes, they killed Gina..)
greyscaleAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoccoBillCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ParanormasticCryptographic EngineerCommented:
USB smart tokens would be my suggestion.  Similar to smart cards, but less expensive in general since they use a software driver to make the USB port a card reader.  I would suggest shopping around or contacting sales people in person - these tend to be a bit high on retail, but you can usually negotiate down a little bit since their profit margin tends to be very high.  The company I used to work for retailed for about $80 down to $35 or so for large bulk, but cost about $10 to manufacture.  Of course, each company will vary, but try negotiating a bit on these - can usually drop about 10-20 bucks off easily from full retail since you're not looking for large bulk I wouldn't expect a huge markdown - this is where they make their money afterall, the middleware is usually at cost for the price of the development team salary and pretty cheap.

Many VPN devices, terminal services, etc. will support certs.  If nothing else, you can issue software certs without hardware, but there is a huge security hit to that.
0
greyscaleAuthor Commented:
Thanks for both your responses! I'll dig a little deeper into both suggestions and see how much wiser I get! Security isn't top of their agenda, and with only 30ish users, it's not a huge endeavour.
0
greyscaleAuthor Commented:
I haven't managed to land on any technology yet, and this is also outside the scope of a small company like this, but it's the closest I've gotten to a workable answer, so thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.