What is the Windows desktop two-factor authentication process?

Double protection against security vulnerabilities

With the increasing number of security vulnerabilities every day, it is no longer an option to protect user accounts only by username and password. In addition to making passwords stronger, a more feasible solution is to add an extra security layer to filter unauthorized users. Two-factor authentication (TFA)- a method of verifying the identity of a user using information that the user knows and owns, which makes all this possible.

Use ADSelfService Plus to log on to Windows.

Enable ADSelfService Plus? "Windows login TFA function, users must pass two consecutive stages of authentication before accessing their Windows computers. The first level of authentication is through what they know: their usual Windows credentials. The second level of authentication (what they have) can be done in one of the following ways:

Security questions and answers

Mail verification

Sms authentication

Google authenticator

How safe

RSA SecurID

RADIUS authentication

Push notification authentication

fingerprint authentication

Authentication based on QR code

Microsoft authenticator

TOTP certification

Security issues based on AD

Windows login TFA ensures that even if the password is leaked, it will not pose any risk to sensitive data. In other words, even if unauthorized users get the user's password, they still need to access the user's phone or email to get the verification code. In addition, the verification code and identity verification code based on SMS and email provided by Duo Security and RSA SecurID are unique for each user. These codes can only be used once, and if they are not used within a certain period of time, they will expire.

After Windows login TFA is enabled, TFA will be added to all Windows local and remote login attempts.

ADSelfService Plus supports Windows login TFA on the following operating systems:

Windows Vista and later.

Windows Server 2008 and later.