Securing Windows Logon
Weak passwords offer little protection to information assets. They allow adversaries to act on behalf of trusted users and present the opportunity to compromise or even destroy confidential information. AuthAnvil’s Windows Logon Agent protects against this by delivering strong two-factor authentication to all logon requests.
Why Secure Windows Network Logon?
When a password is compromised, the results can be disastrous to a company. Adversaries can pose as trusted users and access or destroy privileged and confidential information. In a Windows network the risks are further compounded by the fact a single Active Directory password credential will open up access to resources all over the organization. From company database resources to the corporate Sharepoint intranet, an account that is breached can cost a business highly in financial loss, lost productivity and the potential of a damaged reputation.
The AuthAnvil Windows Logon Agent offers companies the ability to add strong two-factor authentication to Microsoft’s Windows client and server operating systems. It provides a simple and consistent logon experience no matter if they logon at the local desktop or through a terminal session. And it offers identity assurance by requiring users to provide their AuthAnvil passcode during the logon process.
AuthAnvil Strong Authentication
AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).
How It Works
When employees or partners need to access Microsoft Windows clients and servers they will log on directly at the keyboard, through Terminal Services or through a direct RDP session. Replacing Microsoft’s Windows Logon, AuthAnvil provides a dialog challenging the user for their Active Directory credentials and their AuthAnvil passcode for that logon session. When a user attempts to log in their passcode is sent to the AuthAnvil Strong Authentication Server (SAS) for authentication. If accepted, AuthAnvil then transfers the request back to the Windows security subsystem, which then attempts to authenticate the user against their domain credentials.
