Message-ID:

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

computers / alt.comp.os.windows-10 / Re: MFA on RDP

MFA on RDP

<utk3mm$2v7k5$1@dont-email.me>

https://news.novabbs.org/computers/article-flat.php?id=79135&group=alt.comp.os.windows-10#79135

copy link Newsgroups: alt.comp.os.windows-10

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: T@invalid.invalid (T)
Newsgroups: alt.comp.os.windows-10
Subject: MFA on RDP
Date: Fri, 22 Mar 2024 07:13:41 -0700
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <utk3mm$2v7k5$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 22 Mar 2024 14:13:42 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="667dfae62b3b1d29b4cf952058925c53";
logging-data="3120773"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19k6Z67Pdses6RBU5T3Z1vh4gpdg7TpQ6Y="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:TrEGru1w2lpy3S75N6uVYvUVKso=
Content-Language: en-US

by: T - Fri, 22 Mar 2024 14:13 UTC

Hi All,

Windows 10 Pro
Windows 11 Pro

I have RDP set up on several Widows workstation such
that customers can remote into the work computers
from home with mstsc.

Problem: on some of them, I am now required to set
up multifactor authentication (MFA) to accept a log
on. What is the best way to do this?

https://rublon.com/pricing/
https://rublon.com/blog/how-to-use-microsoft-authenticator-with-remote-desktop/

looks good, but I'd rather not have to deal with
third part subscriptions.

Many thanks,
-T

Re: MFA on RDP

<utkcq9$31i1o$1@dont-email.me>

copy mid

https://news.novabbs.org/computers/article-flat.php?id=79144&group=alt.comp.os.windows-10#79144

copy link Newsgroups: alt.comp.os.windows-10

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10
Subject: Re: MFA on RDP
Date: Fri, 22 Mar 2024 12:49:13 -0400
Organization: A noiseless patient Spider
Lines: 40
Message-ID: <utkcq9$31i1o$1@dont-email.me>
References: <utk3mm$2v7k5$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 22 Mar 2024 16:49:13 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="ac2c96fc99c98adec04f4da51d644351";
logging-data="3196984"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/i616gN3gMox9+oMNhqC9K2ATychV00iY="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:nBKiW9z+JGCHEGx/z+fM0mrNclc=
In-Reply-To: <utk3mm$2v7k5$1@dont-email.me>
Content-Language: en-US

by: Paul - Fri, 22 Mar 2024 16:49 UTC

On 3/22/2024 10:13 AM, T wrote:
> Hi All,
>
> Windows 10 Pro
> Windows 11 Pro
>
> I have RDP set up on several Widows workstation such
> that customers can remote into the work computers
> from home with mstsc.
>
> Problem: on some of them, I am now required to set
> up multifactor authentication (MFA) to accept a log
> on. What is the best way to do this?
>
> https://rublon.com/pricing/
> https://rublon.com/blog/how-to-use-microsoft-authenticator-with-remote-desktop/
>
> looks good, but I'd rather not have to deal with
> third part subscriptions.
>
> Many thanks,
> -T

It's not complicated enough.

https://github.com/bitwarden/clients/issues/6808

The best security comes from things we don't understand :-/

https://en.wikipedia.org/wiki/FIDO_Alliance

A FIDO2 key and a PIN might serve as the MFA.
2FA with smartphones potentially has some phishing holes.

Devices with a metal barrel are preferred, since they
don't bend like a plastic one would.

https://en.wikipedia.org/wiki/Multi-factor_authentication

Paul

Re: MFA on RDP

<utl6e0$37h5s$1@dont-email.me>

copy mid

https://news.novabbs.org/computers/article-flat.php?id=79156&group=alt.comp.os.windows-10#79156

copy link Newsgroups: alt.comp.os.windows-10

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: T@invalid.invalid (T)
Newsgroups: alt.comp.os.windows-10
Subject: Re: MFA on RDP
Date: Fri, 22 Mar 2024 17:06:24 -0700
Organization: A noiseless patient Spider
Lines: 44
Message-ID: <utl6e0$37h5s$1@dont-email.me>
References: <utk3mm$2v7k5$1@dont-email.me> <utkcq9$31i1o$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 23 Mar 2024 00:06:24 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="883c1ed37b8ad99687b9ae996bda8a38";
logging-data="3392700"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19zDqZEmrhkxzuwlI+qNhKKO+iNj4jWNa8="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:TWQhrCNY3LYRNWgGiiF3K3PjGog=
Content-Language: en-US
In-Reply-To: <utkcq9$31i1o$1@dont-email.me>

by: T - Sat, 23 Mar 2024 00:06 UTC

On 3/22/24 09:49, Paul wrote:
> On 3/22/2024 10:13 AM, T wrote:
>> Hi All,
>>
>> Windows 10 Pro
>> Windows 11 Pro
>>
>> I have RDP set up on several Widows workstation such
>> that customers can remote into the work computers
>> from home with mstsc.
>>
>> Problem: on some of them, I am now required to set
>> up multifactor authentication (MFA) to accept a log
>> on. What is the best way to do this?
>>
>> https://rublon.com/pricing/
>> https://rublon.com/blog/how-to-use-microsoft-authenticator-with-remote-desktop/
>>
>> looks good, but I'd rather not have to deal with
>> third part subscriptions.
>>
>> Many thanks,
>> -T
>
> It's not complicated enough.
>
> https://github.com/bitwarden/clients/issues/6808
>
> The best security comes from things we don't understand :-/
>
> https://en.wikipedia.org/wiki/FIDO_Alliance
>
> A FIDO2 key and a PIN might serve as the MFA.
> 2FA with smartphones potentially has some phishing holes.
>
> Devices with a metal barrel are preferred, since they
> don't bend like a plastic one would.
>
> https://en.wikipedia.org/wiki/Multi-factor_authentication
>
> Paul

Do you know of an open source solution?

Re: MFA on RDP

<utlf1v$39g4r$1@dont-email.me>

copy mid

https://news.novabbs.org/computers/article-flat.php?id=79160&group=alt.comp.os.windows-10#79160

copy link Newsgroups: alt.comp.os.windows-10

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10
Subject: Re: MFA on RDP
Date: Fri, 22 Mar 2024 22:33:34 -0400
Organization: A noiseless patient Spider
Lines: 54
Message-ID: <utlf1v$39g4r$1@dont-email.me>
References: <utk3mm$2v7k5$1@dont-email.me> <utkcq9$31i1o$1@dont-email.me>
<utl6e0$37h5s$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 23 Mar 2024 02:33:35 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="21b6641820991305db9a4e2e823bfff0";
logging-data="3457179"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19tJfo7BoaLjC7K6p6HEyAnVTbCwqawSs4="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:Tdv9Y23SsOmS0RKj4DkJOScnHRg=
Content-Language: en-US
In-Reply-To: <utl6e0$37h5s$1@dont-email.me>

by: Paul - Sat, 23 Mar 2024 02:33 UTC

On 3/22/2024 8:06 PM, T wrote:
> On 3/22/24 09:49, Paul wrote:
>> On 3/22/2024 10:13 AM, T wrote:
>>> Hi All,
>>>
>>> Windows 10 Pro
>>> Windows 11 Pro
>>>
>>> I have RDP set up on several Widows workstation such
>>> that customers can remote into the work computers
>>> from home with mstsc.
>>>
>>> Problem: on some of them, I am now required to set
>>> up multifactor authentication (MFA) to accept a log
>>> on. What is the best way to do this?
>>>
>>> https://rublon.com/pricing/
>>> https://rublon.com/blog/how-to-use-microsoft-authenticator-with-remote-desktop/
>>>
>>> looks good, but I'd rather not have to deal with
>>> third part subscriptions.
>>>
>>> Many thanks,
>>> -T
>>
>> It's not complicated enough.
>>
>>     https://github.com/bitwarden/clients/issues/6808
>>
>> The best security comes from things we don't understand :-/
>>
>>     https://en.wikipedia.org/wiki/FIDO_Alliance
>>
>> A FIDO2 key and a PIN might serve as the MFA.
>> 2FA with smartphones potentially has some phishing holes.
>>
>> Devices with a metal barrel are preferred, since they
>> don't bend like a plastic one would.
>>
>>     https://en.wikipedia.org/wiki/Multi-factor_authentication
>>
>>    Paul
>
>
> Do you know of an open source solution?

You know I'm not a security guy, and I couldn't tell
if a solution was getting close or not.

https://fidoalliance.org/company/strongkey/

https://github.com/google/OpenSK

Paul

Re: MFA on RDP

<uuq0sn$1lc0p$1@dont-email.me>

copy mid

https://news.novabbs.org/computers/article-flat.php?id=79500&group=alt.comp.os.windows-10#79500

copy link Newsgroups: alt.comp.os.windows-10 alt.comp.os.windows-11

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: T@invalid.invalid (T)
Newsgroups: alt.comp.os.windows-10,alt.comp.os.windows-11
Subject: Re: MFA on RDP
Date: Fri, 5 Apr 2024 16:18:47 -0700
Organization: A noiseless patient Spider
Lines: 44
Message-ID: <uuq0sn$1lc0p$1@dont-email.me>
References: <utk3mm$2v7k5$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 05 Apr 2024 23:18:48 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="3b7c45771525bf5cfa0f48ba91433d1d";
logging-data="1749017"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18uZdRG2TwY5G/gXjLIOv6jf93cGwpJbGY="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:gHUO5QGOpU6Dfjvx8oR6kk9U+ws=
Content-Language: en-US
In-Reply-To: <utk3mm$2v7k5$1@dont-email.me>

by: T - Fri, 5 Apr 2024 23:18 UTC

On 3/22/24 07:13, T wrote:
> Hi All,
>
> Windows 10 Pro
> Windows 11 Pro
>
> I have RDP set up on several Widows workstation such
> that customers can remote into the work computers
> from home with mstsc.
>
> Problem: on some of them, I am now required to set
> up multifactor authentication (MFA) to accept a log
> on. What is the best way to do this?
>
> https://rublon.com/pricing/
> https://rublon.com/blog/how-to-use-microsoft-authenticator-with-remote-desktop/
>
> looks good, but I'd rather not have to deal with
> third part subscriptions.
>
> Many thanks,
> -T

Follow up:

Took me forever to find it, but this is the best
for Remote Desktop to (not from) a Desktop.

https://rohos.com/

15 day trial

And it is cheap: 32 U$D each.

Does not require a cloud anything or a Windows server.
It all runs on the workstation.

I have my customer using it with FreeOPT to
generate the tokens.

And I have to say, I like it.

-T

Subject	Author
MFA on RDP	T
Re: MFA on RDP	Paul
Re: MFA on RDP	T
Re: MFA on RDP	Paul
Re: MFA on RDP	T