Skip to main content

How to not add two-factor authentication to your product

First, I want to say that I really, really support any application that adds support for two-factor authentication, especially if they do it right by using an open standard such as RADIUS.  That's why I was excited to see RADIUS support in VMWare View 5.1.  I decided to test it and add a tutorial to our growing collection.

 Sadly, what I found is that VMWare View first requires you to login using your two-factor authentication credential:

 

 

and then again using your AD credentials:

vmwareview07.jpg

 

  Why is this an issue?

  • The extra step is a hassle for users
  • It is unnecessary. The Microsoft Radius plugin, NPS can preform AD authorization without the AD password and will then proxy the credentials to any two-factor server for authorization.
  • It reduces security.  Anyone remember the idea of "LAN passwords"?  It would be better to NOT use the static password outside of the firewall.

 Security is a big enough impediment to usability without any additional help.  Especially if users might be logging in from a mobile device. 

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom