Windows local and remote login with MFA

Did you ever wonder how you can add an extra layer of security to your local machine account? Well, if the password, PIN or ID is not enough, or you want to have extra protection when connecting over RDP, there is only one answer: Multi Factor Authentication.

MFA or 2FA is an authentication method that a user is presenting in order to access an account. In our case, to log on the PC we will need to provide the current password and a second type of authentication.

DUO Security is a company acquired by Cisco in 2018 and the main service that this company is offering is Multi Factor Authentication. The free versions for personal or home use ca have up to 10 users and is available to integrate with lots of apps like Microsoft Windows RDP, WordPress, Dropbox, Office 365, MacOS and more. DUO can be used as a Single Sign On service as well.

How to setup MFA for Windows login

The first step is to create a free account on DUO website. After this step is completed now we can go ahead and make our setup. We must create a user from the Users menu. It’s important to know that in order for this to work, the username must be the same as the Windows username. You can have up to 8 aliases.

After the user has been created we need to let him know, right? Send Enrollment Email

The next step is to install on our mobile device the DUO Security app. The user will receive by email the enrollment steps. Finish the steps on your mobile device, we will need to do just one more thing.

Now that our account has been set up we need to finish our Microsoft Integration.

Go to Applications on the right menu and click on Protect An Application. From the list, select Microsoft RDP and click Protect. Now our setup should be generated, we should have an API Hostname, Secret key and Integration key. This info will be used further, but don’t worry you can find it anytime here.

The last step is to download and configure DUO Authentication for Windows Logon installer package. You can view the checksum here. Insert the API Hostname, Secret key and Integration key when required and sign out after the setup is completed. The next step in configuration is up to your preferences.

At login you should see this screen an a notification on your device.

DUO Windows MFA Login
DUO Windows MFA Login
Duo Mobile Push
Duo Mobile Push

That’s all, enjoy it.