Jump to content


  • Posts

  • Joined

  • Last visited

About Simon_Weel

  • Rank

Profile Information

  • Location
  1. @IggyPop: It's not so much the client software bothering me. It's the way it seems to work on the Windows client level. The sole purpose of MFA is to have a more solid protection against account mis-use. All MFA solutions I've seen so far do a pretty good job in securing the Windows client (i.e. pc). But in a Windows domain environment, that's not enough. In that case, you want extra protection for domain accounts as well. In other words, the need for MFA should be initiated by the Domain controller. If the domain requires MFA for a user account and that user can't provide a token, then that account is denied access to domain resources. The current incarnation of MFA solutions I've tried so far don't protect domain accounts. Like I said, if you manage to gain access to the local network and you happen to have an account username and password, then you can simply access domain resources for which that account has permissions, without supplying an additional token. So if it's that easy to circumvent MFA on a Windows Domain, then why even bother using it?
  2. @itman: See Agent deployment (isdecisions.com)
  3. @Trooper and @IggyPop: this would mean that someone who has gained access to the local network, can simply access, shares on a server, for example, by simply using login name and password - no need for MFA?
  4. We are looking for an MFA solution as extra protection for our Windows domain. I tried a couple of them; Duo and Userlock. They offer device-based MFA for Windows. Which is fine if you want extra protection for your pc. However, they don't provide MFA on Domain level. If the MFA client software isn't installed on a pc, a user can simply logon to a domain without MFA. I have studied ESET Secure Authentication. And I wonder how Windows logon requires MFA. The server part of Secure Authentication can integrate with AD, which is promising. But the part about Windows Login protection talks about installing client software. To me, this looks like the Windows Logon part of Secure Authentication works the same as Duo and Userlock? I.e. without client software, you can simply logon without MFA. Any thoughts on this?
  • Create New...