14 DAY TRIAL // Amazon boosted the login security for their virtual computing platform, WorkSpaces, by adding support for two-factor authentication (2FA), which is achieved through an on-premises RADIUS server.
Logging into the account is not much different than before, but apart from providing their Active Directory credentials, enterprise customers also have to enter a one-time password (OTP) that is generated by a hardware or software token.
WorkSpace administrators, who are offered full instructions for enabling the extra authentication layer, can add this feature for the clients by providing the connection details (IP addresses, shared secret, protocol, timeout, and retry count) for the RADIUS server.
In a blog post, Jeff Barr, chief evangelist for the Amazon Web Services, says that other forms of authentication will be added in the future, such as smart cards and digital certificates.
He also said that the new 2FA feature “should work with any security provider that supports RADIUS authentication (we have verified our implementation against the Symantec VIP and Microsoft Radius Server products). We currently support the PAP, CHAP, MS-CHAP1, and MS-CHAP2 protocols, along with RADIUS proxies.”
By implementing two-factor authentication, Amazon lowers the chances of unauthorized individuals to gain access to the virtual desktops hosted on the platform. Attacks through phishing and keylogging are no longer able to steal user credentials for the service.