Any need for Windows two step verification?

fox_hound_33fox_hound_33 subscriber Posts: 2
edited January 2017 in Security
Hello all,

I am starting this topic to gain some feedback on a side/passive income/open-source project that i am thinking of.

Passwords are used to log into Windows machines (desktops, laptops, servers, Pos etc.); a compromise of the password means any unauthorized entity now has access to your machines. My idea is basically to enable Two step verification or Two factor authentication (2FA) to protect Windows login.

2FA would be in form of an One Time Password (OTP). The OTP is generated securely (e.g. on your phone) which only you have access to. Without a valid OTP, logging in is prevented even if the correct password is used. In the event of a password breach, your OTP will still be unknown to the attacker, thereby preventing unauthorized entry.

The OTP algorithm will use standard TOTP as deployed by Google, FaceBook etc. I don't plan to bring any new capabilities on the OTP side itself but rather develop a sort of plugin or middleware that will be installed on Windows to trigger 2FA during login.

I have seen a very few solution in the market, mostly aimed at enterprises. I envision my work to be used by security and privacy conscious consumers as well as small to medium sized businesses that operate Windows machines (on-premises or cloud based). The solution would work for both physical as well as remote login.

Do you think this is something you or people you know will use? Is there even a need for this thing? Your thoughts are most welcome.

Comments

Sign In or Register to comment.