How to protect your Windows devices with multi-factor authentication

With the digitalization of the workplace, it’s becoming obvious that it is no longer secure to access digital resources with only usernames and static passwords. Lloyd Rodrigues, expert in strong authentication at identity and security company Nexus Group, describes how you can protect your organization’s Windows devices with user-friendly multi-factor authentication (MFA).

Static passwords are easy to forget, and they increase the risk of unauthorized access to services and information.

Read more about authentication challenges: 13 reasons why passwords are not secure and benefits here: The benefits of 2FA 

“Passwords can easily be stolen, for instance through social engineering, phishing emails or spoof websites where people are asked to share their login details,” says Rodrigues.

Adding a layer of security

Critical devices should therefore be protected with security solutions that are not based on passwords. For most organizations, the devices that are particularly critical are so-called edge devices, since they provide an entry point into the enterprise core network and the employees’ Windows devices, since they store a lot of sensitive information and can be used to connect to the corporate network.

“The Windows login is also the first gate to pass before logging in to critical applications. For these reasons, it’s important to add a layer of security to the Windows login. The usage of convenient and cost-effective multi-factor authentication for Windows login can also help you to comply with IT security regulations and standards, such as ISO 27001 and PCI-DSS,” says Rodrigues.

Integrating with existing login systems

While security is important, you can’t compromise when it comes to user convenience.

“So, the security solution should be easy to use and easy to integrate into the existing environment and user experience. The access and authentication solution should also provide standard interfaces and support well-used standards,” says Rodrigues.

Nexus offers a solution that allows your users to log in to Windows devices using various types of multi-factor authentication and integrates seamlessly with your existing Windows login system.

Security, compliance – and usability

“Organizations can’t afford to risk the immense damages that compromised access to critical resources could entail. On the other hand, end-users demand authentication methods that are more convenient and easier to use. That’s why we have created this solution,” says Rodrigues.

The Windows MFA login solution is part of the Nexus Smart ID platform, which enables trusted identities and credentials in many forms: from traditional smart cards to virtual smart cards and mobile identities.

Utilizing existing technology

“The virtual smart cards are hosted on the users’ computers and the mobile identities are hosted in the Nexus authentication app on the users’ mobile devices. This setup meets the demands of the modern workforce and allows the people responsible for IT equipment procurement to opt for the equipment that is best when it comes to cost and convenience instead of being locked in and forced to choose from a small range of smart card readers,” says Rodrigues.

As the solution can use technology the users already have – as well as parts of the organization’s enterprise device management solution – it can be adopted quickly. This also makes the solution easy to scale and very cost-effective.

A combination of tokens is often best

“In most implementations our customers use some sort of combination of smart cards, virtual smart cards and mobile identities. This setup not only allows users to opt for the token best suited for login to their specific Windows device – it also means that the users always have a backup token, which is crucial if they go on a business trip and forget one of their tokens at home,” says Rodrigues.

For users working in data centers or security operation centers where mobile phones are not allowed, the Nexus Smart ID platform makes it possible to use hardware tokens to generate one-time passwords for Windows Server login.

“The Nexus Smart ID platform can also act as an authentication middleware and thus enable organizations to roll out secure access to cloud services,” says Rodrigues.

Comes with a self-service portal

To make the MFA solution even more user friendly and cost-effective, the Smart ID platform comes with an easy-to-use and heavily automated self-service portal.

“In this portal, employees can request new credentials, upload photos, change PINs, and more. This is highly appreciated by the users, and it increases workforce productivity as well as reduces the helpdesk cost and workload,” says Rodrigues.

Read more about authentication challenges and benefits here:
13 reasons why passwords are not secure
The benefits of 2FA