Skip to main content

How to not add two-factor authentication to your product

(0 comments)

First, I want to say that I really, really support any application that adds support for two-factor authentication, especially if they do it right by using an open standard such as RADIUS.  That's why I was excited to see RADIUS support in VMWare View 5.1.  I decided to test it and add a tutorial to our growing collection.

 Sadly, what I found is that VMWare View first requires you to login using your two-factor authentication credential:

 

 

and then again using your AD credentials:

vmwareview07.jpg

 

  Why is this an issue?

  • The extra step is a hassle for users
  • It is unnecessary. The Microsoft Radius plugin, NPS can preform AD authorization without the AD password and will then proxy the credentials to any two-factor server for authorization.
  • It reduces security.  Anyone remember the idea of "LAN passwords"?  It would be better to NOT use the static password outside of the firewall.

 Security is a big enough impediment to usability without any additional help.  Especially if users might be logging in from a mobile device. 

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom