Re: Fingerprint 2-factor authentication in a domain?



It does not matter whether it is RSA cards, fingerprints or any other type of 2-factor form authentication. 2-factor form authentication has been done numerous times before and integrated in with Windows AD (I saw this first hand at a Microsoft site in 2001 with Windows 2000 AD and card readers).

One of my previous employers used single sign-on with 2FF authentication with AD. The key is getting the right vendor to assist you with your implementation, one who actually listens to your needs and not just what they can provide. Make sure that you have some backup method of signing on when it fails. We had 2 AUTH servers (primary/standby) and it failed over right once in about 20 tries....that was a few years ago, so things should be better, but still....

Do your research and bring in some vendors. That's exactly what I did for my last firewall upgrade and actually threw out the favorite going in (when they spoke 5 minutes on firewalls and 50 minutes on everything else it could do, I had to run).