Posted by:
admin
9 years ago
The 4.1 release of the WiKID Strong Authentication Server - Enterprise Edition includes the ability to use one-time passcodes for Active Directory accounts. We noted an increasing focus on privileged accounts. Companies need these accounts to manage windows PCs and infrastructure. Multiple system admins need to have the credentials for them too. So, organizations often have shared spreadsheets with credentials. You can put them into a "password vault" but then there is still a password to the vault and an attacker that is already on the system can still perform a 'pass-the-hash' attack to escalate their privilege.
At WiKID we prefer to just get rid of the secrets. With the new Active Directory protocol on WiKID, a user gets an OTP and it is pushed to AD as the new password. They login with the OTP. The WiKID server then overwrites the OTP with a random string. WiKID allows multiple tokens on the same username as well so you can have five tokens for the user 'Admin' if you want.
The benefits:
- No need to maintain a spreadsheet of passwords or a vault
- Users are managed on the WiKID server vs changing passwords
- Two-factor authentication for critical accounts in Windows
Every year the Verizon DBIR and other reports prove that attackers use credentials to infiltrate and then to escalate their privileges. Two-factor authentication for remote access thwarts the former, this new functionality thwarts the latter.
I should also note that if you are an organization with up to 5 admins (which covers a lot of ground), you can deploy this for free.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)