UserLock is a user login security system for on-premises Windows Active Directory designed by ISDecisions. It works alongside Active Directory to protect access to Windows systems. With specific and customizable user login rules and real-time monitoring, UserLock reduces the risk of external attacks and internal security breaches while helping to address regulatory compliance. UserLock is one of the few solutions existing on the market that allows implementing multi-factor authentication for logging on to Windows computers with Active Directory domain membership or standalone terminal servers.

Previous versions of UserLock are allowing using Token2 programmable tokens as the second factor (TOTP protocol). Starting from version 11, UserLock natively supports Token2 T2F2 Security keys (second-generation only: ALU, AZ, NFC and Bio) by utilizing the HOTP functionality of these keys. In this article, we will show the procedures required to enrol and use Token2 security keys to log in to your Windows workstation protected with UserLock.

1. Enable MFA for a user

this step is done by the administrator of the system

In the UserLock management console, navigate to “Protected Accounts” and click on “Protect a new account” button.

Then follow the wizard’s instruction…


Two-factor authentication (2FA) is a two-step sign-in process that requires a one-time code from a mobile app or text message, in addition to the main Zoom sign-in. This provides an additional layer of security since users will need access to their phone to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room. In this article, we will show how our programmable tokens can be used to protect your Zoom account.

Requirements:

  • A Zoom account (free or paid). Important: if you are using social login feature (i.e. …

VMware Horizon View enables you to access a virtual desktop from anywhere, anytime. Horizon offers you the possibility to move from one place to another: to work from your office or from a cybercafé, or from any other place, when you have a network connection that lets you connect to the Horizon View infrastructure.

This document describes how to secure your external connections and authorize only specific users or groups of users connecting to Horizon View from outside, using 2-Factor authentication with hardware tokens or mobile apps by integrating our TOTPRadius solution.

Prerequisites

Prerequisites are the following:

• vSphere Infrastructure correctly…


Many customers are asking about the best practices on provisioning the programmable hardware tokens in situations when end-users are working remotely and cannot burn the tokens themselves, so IT support has to take care of the burning process. To remind you, using programmable hardware tokens is the only way to have a hardware token for MFA if the user is not licensed for Azure AD Premium.

We have compiled a set of simple instructions and tools to share the best practices used by ourselves and by some of our clients to meet this goal.

This guide describes recommended practices of…


Multi-factor authentication for VPN systems, such as Meraki Client VPN or Fortinet VPN will soon be possible using FIDO Security keys, both FIDO2 and U2F.

While classic OTP (and namely TOTP) still remains industry standard for two-factor authentication and is supported out of the box by the majority of VPN servers and clients, there is not a lot of products that can leverage the FIDO keys for securing VPN access. The majority of the current solutions that are being marketed as supporting FIDO and FIDO2 keys are using the OTP functionality of the security keys (most USB FIDO keys, in…


Two-factor authentication with FortiGate can be implemented using several different methods (SMS, Email etc.) with OTP-based 2FA being the most secure one. 2FA can be implemented natively with FortiToken, a disconnected one-time password (OTP) generator. It is a small physical device with a button that when pressed displays a six-digit authentication code or a mobile app that uses a proprietary algorithm for the enrollment process. FortiToken is a component of Fortinet infrastructure that requires an additional license (even with the mobile app version), which some customers find quite expensive.

Fortunately, Fortinet allows using external RADIUS servers as the authentication source…


About a year ago, we released Token2 Molto-1, the world’s first programmable multi-profile hardware token.

While Molto-1 is still the only solution of its kind currently available on the market, we will be soon releasing a new variation of a multi-profile hardware token, in a different form-factor and with a different set of features available.


Bulk activate OATH hardware tokens with Azure MFA

The current process to activate an OATH token with Azure MFA is cumbersome, error-prone and needs Global Administrators (GA) valuable time. Just imagine all GA’s time required for OATH token registration and activation, if an organization have 10000+ users who have to use OATH tokens.

Token2 has developed a solution to automate the activation of imported hardware tokens with Azure MFA. This is a PowerShell based solution that uses the same CSV file used to import the OATH tokens to Azure MFA. …


Today, we are presenting a new type of TOTP hardware tokens — USB Programmable token that displays the OTP value as a QR code and also can send the current OTP value over USB as a part of its HID emulation feature.

EVVIS-QR1

What is EVVIS-QR1?

EVVIS-QR1 is a hardware device developed primarily for Electronic visit verification (EVV) information systems (hence the name). It is a standards-based TOTP hardware token that can also be programmed over USB. The OTP generated is shown on the display both as regular digits as well as a QR image. …


TOKEN2 started manufacturing and selling programmable hardware tokens back in 2015 and we have been constantly asked questions about iPhone support. So far, our burner apps were available only for Android and Windows, as Apple did not allow using the NFC protocol on their devices, even though the hardware supporting NFC was physically present.

iOS 13 — coreNFC

The situation has improved a little bit with the release of iOS v13 when access to more features of coreNFC Developer API was introduced. Unfortunately, we discovered that it is not fully compatible with the NFC chips we are using. …

Token2 RD

MFA Evangelist

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store