Strong Authentication for Terminal Services

[Guest straightup]

I'm looking for 2 factor authentication options to layer on to my Terminal Services implementation. Anyone have any experience or opinions?

[Guest AKumar]

2nd factor authentication

 

2nd factor authentication

 

There are some nice tokenless options in this space. check out https://www.phonefactor.com/terminalservices. It may be just what you're looking for, though we haven't actually implemented it ourselves yet. Anyone else have experience with them?

[Guest straightup]

Thanks

 

Thanks

 

I'll have a look, thanks. How significant is Out of Band response from a security perspective?

[Guest Francesca]

Out Of Band is a big deal

 

Out Of Band is a big deal

 

Given that Phishing is a significant security threat, the opportunity to use PhoneFactor to enter the 2nd factor through a channel other than the browser is a pretty big deal.

[Guest straightup]

PhoneFactor Out of Band?

 

PhoneFactor Out of Band?

 

What do you mean when you say the 2nd Factor is out of band with PhoneFactor?

[Guest Yogen Archibald]

phonefactor for terminal services out of band

 

phonefactor for terminal services out of band

 

It's out of band because it relies on a different network (phone network) to provide the second factor. When you think about it, someone would need to have infiltrated both networks and know to put them together in order to get access to an identity

[Guest straightup]

Thanks, not bad!

 

Thanks, not bad!

 

Thanks for the help. I tried it and it has worked pretty well. Trying to figure out what the downside is. More that I think about, the more the Out of Band response is a big deal. Couple other things are a big deal, like price and token-less.

[Guest straightup]

Tokenless is the way to go

 

Tokenless is the way to go

 

Tokenless is pretty significant. Tokens cost $4-$5 apiece which can add up when you support thousands of users, especially if you assume they have to be replaced every year or two.

[Guest Yogen Archibald]

Tried it for OWA

 

Tried it for OWA

 

BTW, we tried PhoneFactor for Outlook Web Access as well. Had to upgrade to a paid version in order to support multiple apps, but at least it works well technically.

[Guest Yogen Archibald]

Tried it for OWA

 

Tried it for OWA

 

BTW, we tried PhoneFactor for Outlook Web Access as well. Had to upgrade to a paid version in order to support multiple apps, but at least it works well technically.

[Guest Alyosha]

Human Factors a plus

 

Human Factors a plus

 

We use the free version for OWA Authentication as well. Our users don't seem to mind it as much as they did for tokens. Putting my human factors hat on, the natural process of answering a phone call and hitting the "#" key is a lot more comfortable than pulling out the token, looking for the number, then typing it in to browser. (Not to mention a lot more secure).

[Guest Yogen Archibald]

Works for landline as well

 

Works for landline as well

 

Ya know, it doesn't have to be a wireless phone either. If users know they will be out of coverage, or if they lose their phone, or if they run out of battery, or if they are out of the country, or if they are abducted by aliens, they can easily change the outbound phone number to a landline where they know they will be.