I'm working in a company that has a strict no-cloud policy, and I'm trying to find a suitable multi-factor authentication (MFA) or two-factor authentication (2FA) solution that we can implement on-premises. I'm based in the EU and I'm interested in any ideas or experiences you might have. I'm specifically considering options like YubiKey, but I really have no prior experience with them. I would greatly appreciate any insights or recommendations! Thanks!
5 Answers
A classic method is using TOTP, which doesn't require any cloud services. You just need an app with a shared secret and synced clocks. It's simple and effective!
The MFA solution you choose will depend on what exactly you're trying to protect. For example, if you need to secure your Active Directory domain login, that will guide your options. It's essential to clearly define your security needs.
You could look into ESET Secure Authentication. It's affordable and works with various setups like Exchange, RDS, and Windows machines. It supports TOTP too, and comes with mobile app capabilities. Definitely worth considering!
If you already have Active Directory, consider ADFS for apps that support OpenID Connect. Keep in mind that it only works with smartcards. Otherwise, check out open-source SSO providers like Keycloak, Authentik, or Authelia. They might fit your needs.
Providing YubiKeys to all employees is a solid choice. That's what we did at our workplace since we avoid using company mobiles, and it keeps things secure without adding hassle.
Exactly! It's a great solution, and I pushed against management expecting users to install the Duo app on their personal phones.
I've heard it can be a bit pricey to set up, though. Is it hard to implement? Also, with BYOD not being an option since employees can refuse to use their devices, what do you suggest for that situation?