Link to home
Start Free TrialLog in
Avatar of greyscale
greyscale

asked on

Inexpensive two-factor authentication?

Hi there

A small-fry client of ours acquired an RSA appliance with standard digital tokens for terminal server/active directory authentication a few years ago. Recently, the harddisk in the appliance malfunctioned, and without a support contract with RSA, the options to get back up and running are a bit more expensive than what our client is comfortable with spending at this time.

Thusly, I am on the prowl - looking for a more inexpensive and less "fancy" solution than the RSA appliance/server. I was thinking along the lines of a pre-generated one-time password solution where the users could perhaps be issued wallet-sized preprinted one-time password cards.

The whole idea is trying to find something which improves on standard user/password mechanics in Active Directory without basing it on the built-in aging and complexity rules in standard policies. The users are simple minds, and the RSA token authentication was spot on.

Any thoughts or suggestions would be greatly appreciated!

Oh, and this should be compatible with a Windows 2008 Active Directory/Terminal Server environment. (Yes, they killed Gina..)
ASKER CERTIFIED SOLUTION
Avatar of CoccoBill
CoccoBill
Flag of Finland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Paranormastic
USB smart tokens would be my suggestion.  Similar to smart cards, but less expensive in general since they use a software driver to make the USB port a card reader.  I would suggest shopping around or contacting sales people in person - these tend to be a bit high on retail, but you can usually negotiate down a little bit since their profit margin tends to be very high.  The company I used to work for retailed for about $80 down to $35 or so for large bulk, but cost about $10 to manufacture.  Of course, each company will vary, but try negotiating a bit on these - can usually drop about 10-20 bucks off easily from full retail since you're not looking for large bulk I wouldn't expect a huge markdown - this is where they make their money afterall, the middleware is usually at cost for the price of the development team salary and pretty cheap.

Many VPN devices, terminal services, etc. will support certs.  If nothing else, you can issue software certs without hardware, but there is a huge security hit to that.
Avatar of greyscale
greyscale

ASKER

Thanks for both your responses! I'll dig a little deeper into both suggestions and see how much wiser I get! Security isn't top of their agenda, and with only 30ish users, it's not a huge endeavour.
I haven't managed to land on any technology yet, and this is also outside the scope of a small company like this, but it's the closest I've gotten to a workable answer, so thank you!