Locking down Laptop/PCs with 2FA keys

Discussion in 'Business & Enterprise Computing' started by evo800v, Jul 8, 2019.

  1. evo800v

    evo800v Member

    Joined:
    Jul 26, 2004
    Messages:
    523
    Location:
    Australia, Sydney, NtRyde
    As the title suggest, love to hear what everyone is doing out there. Due to new customer requirement, we need to lock down PCs that authenticate to AD & local accounts for security measures. Most PCs a either running Windows 7/10 with small numbers on XP.

    Has to be a physical USB key that support FIFO or industry 2FA standard.

    Any suggestions?
     
  2. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,627
    Location:
    NSW
    https://www.yubico.com/why-yubico/for-business/computer-login/windows-login/

    But i guarantee people will just leave the usb key in 24/7
     
  3. OP
    OP
    evo800v

    evo800v Member

    Joined:
    Jul 26, 2004
    Messages:
    523
    Location:
    Australia, Sydney, NtRyde
    Being talking with the Yubico guys for the last several days, looks promising. Good thing it using windows native tools so no third party software to manage. Organizing a trial atm.
     
  4. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,310
    Location:
    Canberra
  5. Dr Kildare

    Dr Kildare Medic!

    Joined:
    Jun 27, 2001
    Messages:
    3,898
    Location:
    Melbourne
    Using Yubikeys for a few of our staff that don't have smartphones alongside Okta 2FA.
    Limited use case but does the trick :)
     
  6. OP
    OP
    evo800v

    evo800v Member

    Joined:
    Jul 26, 2004
    Messages:
    523
    Location:
    Australia, Sydney, NtRyde
    Windows Hello might be ok for non-joined AD domain but only 15% of the organisation are laptops. So yubikeys + pin/password is the safest option.
     
  7. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,310
    Location:
    Canberra

Share This Page

Advertisement: