I'm searching for a multi-factor authentication (MFA) or two-factor authentication (2FA) solution that doesn't rely on cloud services, as my workplace has a strict policy against using anything in the cloud. We're a small company located in the EU, and I'm curious if anyone has experience or ideas on how to implement such a solution. I'm considering options like YubiKey, but I don't have any personal experience with them. Any insights or suggestions would be greatly appreciated! Cheers!
5 Answers
If you're considering hardware solutions, buying YubiKeys for everyone is a great move. That's what we did since we don't provide company mobiles, and it has really streamlined our access.
You should clarify what you're trying to protect with MFA, as that will affect the best options for you. For instance, if you're looking to secure login into an Active Directory (AD) domain, that’s a significant factor to consider.
For a practical solution, we're using ESET Secure Authentication, which is affordable and works well. It integrates with Exchange, RDS, and Windows machines, and can support TOTP along with mobile apps like HOTP.
If you're already using Active Directory, look into ADFS for OIDC supporting apps, although keep in mind it primarily supports smartcards. Open-source alternatives like Keycloak or Authentik might also be worth exploring.
A solid option is to use the classic Time-Based One-Time Password (TOTP) method, which doesn't require any cloud services. You only need an app that generates codes based on a shared secret and synchronized clocks.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures