Modern times require modern approaches to work. A successful business nowadays will strive to implement some sort of remote work solutions for their workers. The most popular remote work option for Windows 10, 8, and 7 is Remote Desktop Protocol (RDP), which allows for access to other computers via a network connection.
As it grew in popularity, it also became a target for malicious actors. RDP is very vulnerable to user negligence, as more often than not, users choose to use identical passwords both for their Windows logins and for their logins in all other services, including social networks, etc. As a rule of thumb, these passwords are weak, which leaves them open to brute-force attacks, phishing, or even guessing.
Luckily, it’s possible to secure Windows accounts with 2-factor authentication. So let’s move to review one of the best and easy to install Windows MFA solutions, which will allow you to protect both your RDP and local Windows sessions.
How does Windows two-factor authentication work
You may enable Windows MFA for any direct login attempts, and any attempts to connect to the machine via RDP. Or both, if you prefer maximum security. Consequently, one-time codes will be asked either on Windows startup or an RDP access attempt or in both cases.
The users will log into their Windows accounts both with their permanent passwords, and temporary OTP codes from the 2FA tokens. The time-based OTP codes live just for 30 secs, so even if the fraudster gets the user’s passcode, they won’t be able to compromise the user’s account. The fraudster also needs to steal the OTP-token or intercept the temporary password and use it within 30 secs, which is quite hard and usually not worth the profit from hacking the account.
Also, additional security measures can be used as needed, such as IP, geographic, and time access filtering.
How to install two-factor authentication for Windows and RDP
The configuration procedure is straightforward and can be managed by any PC user.
1. Follow the link above and download the Protectimus Winlogon installer with a set-up guide from the Protectimus website.
2. Sign up with the Protectimus SAAS service or deploy the Protectimus On-Premise MFA Platform, then choose your service plan. If you are going to secure only ten users or less, try it out for free!
3. Add a resource in the Protectimus system and customize it as needed for your particular case. The most essential options can be found under the Winlogon tab available for your newly added resource. Multi-factor auth can be applied either to Windows itself, or RDP, or both. Make sure to check ‘Access accepted’ and ‘Apply 2FA’ boxes inside the RDP column if you require to secure RDP with multi-factor auth.
4. To save some time both for your end-users and admins, you’d probably want to tick ‘Access for unregistered users’, ‘User auto-registration’, and ‘Token auto-registration’ options. You can also select a token type here. Currently, there are 3 types of MFA authentication methods available: SMS, email, and in-app authenticator Protectimus SMART OTP.
5. Run and install the previously downloaded Protectimus Winlogon & RDP component on every computer you’d want to secure. The Protectimus Winlogon installer also allows for an automated domain-wide installation. During the setup, you’ll have to indicate API URL, API Login, and API Key to proceed with the installation. Use api.protectimus.com as API URL. Your API Login is the email that you’ve registered with in Protectimus service. You’ll see the API Key on the Profile page. To go to your Profile page, click the user’s login in the right upper corner, and find the “Profile” entry from the drop-down menu. Then click the Login button and choose the ID of a resource you’ve created previously.
7. When you’re done with all the fields, click Next and finish the installation.
And you’re all set! Enjoy your superb two-factor authentication Windows RDP protection!