27 May 2015

How to Secure Every Remote Desktop with 2FA

You may find it hard to believe but I am just about old enough to remember a time when you switched off your office PC at the end of the day and that was it. If you wanted to finish off that all important presentation you could take a laptop home, but there would be no network access. So, you hurriedly copy and pasted everything on to the desktop on a Friday afternoon. Sound familiar?

Today, thanks to great technology such as Microsoft’s Remote Desktop Services and of course many others, we can all get (and indeed expect) access to our desktop resources whether in a coffee shop, airport lounge, train or a customer site.  Logging on in this way is now second nature.  It means we are free from the shackles of the office-bound desktop and arguably a lot more productive.

But, for many organisations this freedom comes at a price and that is compromised security. Does the benefit outweigh the risk? I am not so sure, as you are only as strong as your weakest link. Being able to offer remote desktop access from a technical perspective is relatively simple and low cost (again thanks to the likes of Microsoft), but securing it adequately and effectively has traditionally been expensive and prohibitive.  I am of course talking about two-factor authentication (2FA).

As 2FA isn’t built-in to Microsoft Remote Desktop Services the only option for organisations conscious of securely protecting their desktop PCs and the network upon which they reside, from data breaches and cyber threats has been to invest in a separate solution. But, traditionally 2FA has been the preserve of key-ring token providers, which require a large (the numbers can be quite frightening) up-front investment and demand a lot of administrative resource. There is often a lot of resistance from those who will be using the token and unless you have a huge remote workforce, the numbers simply don’t stack up to make it a viable proposition.

Add in to the mix regulatory compliance policies for some sectors that demand 2FA is used. You have one camp that is forced to make the painful investment, or the other that simply cannot justify or afford it and must enforce a blanket ban on remote access. Of course, there will be a few ill-advised cases that chose to risk it.

For those not needing to adhere to regulation, the majority settle for the default username and password combination that Microsoft Remote Desktop Services offers.  However, with advances in technology, most notably the ability to place soft-tokens on to mobile devices, the costs have plummeted and it is easier than ever to manage.

From today, organisations using Microsoft Remote Desktop can strengthen with 2FA by augmenting the username and password screen with the need to enter a unique one time passcode.

Using the new Winfrasoft Remote Desktop Agent, all the user needs to do is download the PINgrid app on to their phone. From this point when logging in they simply open the app and enter the digits that appear in their PINgrid pattern.  It is also great news for the IT team as there is no need for any code changes, making it very quick and easy-to-deploy, whether you are an SME, or a large multi-national enterprise.

The Remote Desktop Agent makes strong 2FA affordable for all. So, those who need to comply with regulation but could not afford to do so, now can. Organisations of all shapes and sizes that want to secure their desktop access with 2FA have the option to do so. And, those that have had their hands tied and are using expensive hard-tokens now have a viable alternative to consider when their next license renewal is due.

For more information about Winfrasoft Remote Desktop Agent contact a member of our team on Tel+44 (0)118 336 8330, or Email: sales@winfrasoft.com

Author: Steven Hope, CEO, Winfrasoft

PRESS RELEASE: Winfrasoft Launches Remote Desktop Agent to Deliver Two-Factor Authentication For Microsoft’s Remote Desktop Services

Winfrasoft today announced the launch of its Remote Desktop Agent (RDA) that takes advantage of its award-winning PINgrid solution to deliver secure two-factor authentication (2FA) for organisations using Microsoft’s Remote Desktop Services. Quick and easy-to-deploy without the need for code changes, RDA enables IT security teams to comply with 2FA policy requirements, without slowing down the user log-in experience.

When a user attempts to log-in to their desktop remotely they are presented with the familiar username and password challenge, alongside which they are asked to enter their one-time PINgrid passcode. The user simply enters the digits included within their individual PINgrid pattern, which is displayed on their smartphone or tablet, via the PINgrid app. For organisations that want to strengthen their authentication but do not require full 2FA, RDA can be deployed directly on to the login screen as a non-obtrusive 1.5FA solution.

CEO of Winfrasoft, Steven Hope comments: “Many organisations rely on Microsoft’s Remote Desktop Services to provide employees with anywhere access to their desktop via an Internet connection. The big problem for IT security teams is that it doesn’t have two-factor authentication built-in. Our RDA solution uses PINgrid, which is trusted by public and private sector organisations around the world to deliver strong authentication.”

Remote Desktop Agent is available now.

5 May 2015

Creating a Pattern for Authentication

We all use patterns to create passwords and have our own ‘unique’ formulas that we hope will keep us secure and able to remember them. So, I was not surprised to read a story on TechWeekEurope in which Praetorian had reported that half of users’ passwords follow just 13 structures.

What did shock me thought is that there were as many as 13. How many of you use the tried and tested pattern for creating a password that begins with a capital letter at the start of a memorable word, followed by a memorable number and ending in an exclamation mark? My guess is that it is the majority of you!

It may seem to make sense that fewer structures inevitably make it easier for hackers to decipher passwords and therefore organisations should have policies for ‘strong’ passwords enforced upon them to avoid the obvious, and make it harder. However, the fact of the matter is even if there were double, quadruple or even ten times the number of structures being used, all it would do to a determined cybercriminal is slow them down a little, forcing them to use a wider variety of tools and tactics in their arsenal. It certainly would not stop or deter them.

My answer to the problem is simple. If people like using patterns to create passwords and those passwords are not secure, then remove the password from the equation altogether and use the pattern. This the foundation upon which PINgrid is based.

Of course, the obvious question to ask is what is to stop the professional cybercriminal or opportunist from simply guessing, or identifying patterns? After all, surely that is easier that passwords! So, here is the clever part. Unlike passwords the user never discloses the pattern that they have chosen. 

Using PINgrid, when the user logs in they simply type in the numbers (0-5 digits used in the grid) displayed in their memorable pattern. And, because these numbers are constantly changing it creates a huge range of possibilities. So, in a standard 6x6 configuration, PINgrid provides 2.1 billion unique pattern possibilities, scale that up to 8x8 (0-7 digits used in the grid) and the number grows to an incredible 68.7 billion.

Author: Alissa Lang, Winfrasoft