PLEASANTON, Calif. - July 10, 2018 - ManageEngine, the real-time IT management company, today announced that it is rolling out two-factor authentication (TFA) support for Windows logons in ADSelfservice plus, its integrated Active Directory self-service password management and single sign-on solution. With this support, ADSelfService Plus enables organizations to add an extra layer of protection for critical resources that are accessed by users through Windows-based machines. ADSelfService Plus seamlessly integrates with Windows client (Vista and above) and server (2008 and above) operating systems to provide users a simple and secure logon experience across both local and remote desktop logons.
Most organizations enforce complex passwords as a common defense against cyberattacks. However, complex passwords are hard to remember, so many employees resort to insecure practices like writing passwords down or storing them in plaintext. Even if an organization properly implements complex passwords, it may still not be enough to stay ahead of the evolution of password cracking programs. According to a recent Forrester report, almost one third of security breaches are caused by stolen passwords. Knowing the risks associated with passwords, IT compliance laws such as PCI DSS have explicitly prohibited the use of passwords as the only authentication mechanism.
TFA ensures that users are authenticated twice - once through a password and again through a fingerprint or an OTP sent to a smartphone - before being granted access to valuable corporate resources.
"With better security mechanisms like TFA available, there's no reason for organizations to verify users' identities using passwords alone. TFA creates a two-layered mechanism that is almost impossible for an attacker to bypass," said Parthiban Paramasivam, product manager at ManageEngine. "Now that we've broken ground on TFA for Windows logons, we're also working on adding contextual authentication that factors in a user's geolocation, IP address, local time, and device, all to further enhance IT security."
ADSelfService Plus comes with a built-in logon agent for Windows, which forces users to undergo TFA during both local and remote desktop logons. Users have to first enter their Active Directory domain password and then authenticate themselves using one of the supported second factors.