Is it possible to require a TOTP on Windows Login using existing or custom software?

windows windows-10 security login google-authenticator
5,535

Solution 1

Microsoft Active Directory currently supports smartcard authentication as a second factor of authentication. This is designed to support the US Department of Defense "Common Access Card".

Some "security dongle" products support the emulation of a Smartcard and thus can be used with Active Directory today (Microsoft are moving towards FIDO2/WebAuthn but that isn't yet available for on-premises Active Directory). As one example, see this extensive deployment guide from YubiKey.

Solution 2

Microsoft have committed to supporting U2F FIDO2 in a update to Windows 10 for Active Directory authentication. (source)

Share:
5,535

Related videos on Youtube

Sam Weaver
Author by

Sam Weaver

Check out my website!

Updated on September 18, 2022

Comments

  • Sam Weaver
    Sam Weaver over 1 year

    I have always been looking for a way to require a Two-Factor Authentication (One Time) Passcode on my Windows Login. Using an algorithm such as TOTP, this should be easy, and require no internet connection, and it could work with something like Google Authenticator to require a 6-digit code generated by my mobile device as I log into my computer. I have been snooping around, and I haven't found any program that can do this, therefore I've come to the conclusion that this is near impossible, and I am looking for validation of that observation.

    To be clear, I haven't found any software that can do this, and I'm not looking for a comparison of different products as a recommendation, since that's not what SO is about. I'm simply asking if it is possible, and if so, if there is any software that does it already, or if it is something I'd have to create myself.

    • Thalys
      Thalys about 8 years
      Windows version and account type may be a factor here - you've mentioned windows 10, but is this a local or 'microsoft account' account?
    • Sam Weaver
      Sam Weaver about 8 years
      I'm open to a solution for either of the account types. My personal account is technically a microsoft account, but I wouldn't be adverse to changing it for the additional security this provides. Also, I would strongly like to avoid, but am not totally against, doing this in an Active Directory setting.
    • birdman3131
      birdman3131 about 8 years
      Not exactly what you are looking for but if your computer has a smartcard slot you could possibly use something from superuser.com/questions/446969/…
  • ojchase
    ojchase about 5 years
    I have tried it. It works and answers OP's question.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows 10 Logon Script Execution location
For Windows 10 update, what are the IP address for firewall?
How to check Windows Defender status via the command line?
Adding ALL RESTRICTED APPLICATION PACKAGES to folder permissions
Auto/Automated login after Wake On Lan
How to make a self-signed certificate trusted?
Windows preload software before login
See failed logons in Windows 10
How to add security tab to the drive properties in Windows 10?
Creating a self-signed cert and trusting it for windows RDP (no domain)