U2F and Google Authenticator support for Windows Active Directory 2-factor authentication
Rohos Logon Key v.3.6 now allows to use T-OTP OATH codes produced by Google Authenticator for example, for Windows AD network multi-factor authentication: user account password + OTP code. OTP codes verification performed by Domain Controllers. Offline workstations are also supported. Also we are working to add FIDO U2F devices support.
Whats new in Rohos Logon Key v3.6:
- Redesigned Google Authenticator OTP support for network mode (Active Directory).
– OTP configuration (secret key, OTP history, time lap) stored on AD database hosted and replicated on Domain Controllers; - “Offline mode” option in Rohos Remote Config allows to enable support of Google Authenticator codes on offline workstations;
– Enabling this option means that Rohos will keep an OTP secret key on a workstation;
– The synchronization of OTP secret/parameters happens after each successful two-factor authentication by OTP in online. - Improved Emergency Logon for network mode. Now Q/A gets verified by domain controller online. Emergency Logon cannot be used in offline workstations; For standalone mode (home PC) there is no changes in Emergency Logon features.
- Fixes and improvements in Remote Desktop support;
Soon: FIDO U2F key support
Here we also would like to announce that very soon Rohos Logon Key will receive FIDO U2F authentication devices support for both local and network mode. U2F keys offers a better replacement for OTP OATH technology , a mixture of PKI , challenge-response approaches and human-centric interactions. Researches at Goolge also published a review and comparison of OTP vs U2F authentication means usage/threat/attacks across the google offices and presented their vision on practical aspects of U2F for real consumers: “… that lead to both an increased level of security and user satisfaction as well as cheaper support cost”.
Download: