27 May 2015

How to Secure Every Remote Desktop with 2FA

You may find it hard to believe but I am just about old enough to remember a time when you switched off your office PC at the end of the day and that was it. If you wanted to finish off that all important presentation you could take a laptop home, but there would be no network access. So, you hurriedly copy and pasted everything on to the desktop on a Friday afternoon. Sound familiar?

Today, thanks to great technology such as Microsoft’s Remote Desktop Services and of course many others, we can all get (and indeed expect) access to our desktop resources whether in a coffee shop, airport lounge, train or a customer site.  Logging on in this way is now second nature.  It means we are free from the shackles of the office-bound desktop and arguably a lot more productive.

But, for many organisations this freedom comes at a price and that is compromised security. Does the benefit outweigh the risk? I am not so sure, as you are only as strong as your weakest link. Being able to offer remote desktop access from a technical perspective is relatively simple and low cost (again thanks to the likes of Microsoft), but securing it adequately and effectively has traditionally been expensive and prohibitive.  I am of course talking about two-factor authentication (2FA).

As 2FA isn’t built-in to Microsoft Remote Desktop Services the only option for organisations conscious of securely protecting their desktop PCs and the network upon which they reside, from data breaches and cyber threats has been to invest in a separate solution. But, traditionally 2FA has been the preserve of key-ring token providers, which require a large (the numbers can be quite frightening) up-front investment and demand a lot of administrative resource. There is often a lot of resistance from those who will be using the token and unless you have a huge remote workforce, the numbers simply don’t stack up to make it a viable proposition.

Add in to the mix regulatory compliance policies for some sectors that demand 2FA is used. You have one camp that is forced to make the painful investment, or the other that simply cannot justify or afford it and must enforce a blanket ban on remote access. Of course, there will be a few ill-advised cases that chose to risk it.

For those not needing to adhere to regulation, the majority settle for the default username and password combination that Microsoft Remote Desktop Services offers.  However, with advances in technology, most notably the ability to place soft-tokens on to mobile devices, the costs have plummeted and it is easier than ever to manage.

From today, organisations using Microsoft Remote Desktop can strengthen with 2FA by augmenting the username and password screen with the need to enter a unique one time passcode.


Using the new Winfrasoft Remote Desktop Agent, all the user needs to do is download the PINgrid app on to their phone. From this point when logging in they simply open the app and enter the digits that appear in their PINgrid pattern.  It is also great news for the IT team as there is no need for any code changes, making it very quick and easy-to-deploy, whether you are an SME, or a large multi-national enterprise.

The Remote Desktop Agent makes strong 2FA affordable for all. So, those who need to comply with regulation but could not afford to do so, now can. Organisations of all shapes and sizes that want to secure their desktop access with 2FA have the option to do so. And, those that have had their hands tied and are using expensive hard-tokens now have a viable alternative to consider when their next license renewal is due.

For more information about Winfrasoft Remote Desktop Agent contact a member of our team on Tel+44 (0)118 336 8330, or Email: sales@winfrasoft.com

Author: Steven Hope, CEO, Winfrasoft




2 comments:

  1. Nice post! While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire session, any time Administrator access to a system is granted remotely there are risks. iDeals data room service

    ReplyDelete