RDP - Whitelist IP address with 2 step authentication?
-
I was looking at multiOTP, which looks like it would be a good free way of implementing 2-step authentication for RDP
https://github.com/multiOTP/multiotp/wiki
http://servilon.com/two-factor-authentication/But I would imagine that in SMB, people would find it annoying to have to get a code every time.
And then I found this post that makes me think you could use the 2-step authentication in order to whitelist IPs
Maybe I'll try to lab it sometime
-
Hello,
What do you mean exactly by " in SMB, people would find it annoying to have to get a code every time" ?
Any proposal welcome, and we will adapt our Credential Provider (https://github.com/multiOTP/multiOTPCredentialProvider)
Regards,
Andre -
@multiOTP Welcome to the community!
-
@multiotp said in RDP - Whitelist IP address with 2 step authentication?:
Hello,
What do you mean exactly by " in SMB, people would find it annoying to have to get a code every time" ?
Any proposal welcome, and we will adapt our Credential Provider (https://github.com/multiOTP/multiOTPCredentialProvider)
Regards,
AndreWhat I mean by that is, with a small business that does not have it's own IT staff, the business owner often is the person who determines the security that is used based on their own personal availability tolerance. If they find it too annoying (aka availability/accessibility is too low) to enter in a code, they will simply tell a MSP they don't want that. The MSP has to either oblige, convince them otherwise, or drop them as a client.
Small businesses with IT staff runs into a pretty similar situation. Might actually be worse because there is not a peer-to-peer relationship between IT staff and owner, and the alternative is for the IT staff to quit.
-
I think I will make a proposal, thanks for joining the community and reaching out @multiOTP