AuthAnvil | Passwords Perfected

	Securing Windows Network Logon
	Weak passwords offer little protection to information assets. They allow adversaries to act on behalf of trusted users and present the opportunity to compromise or even destroy confidential information. AuthAnvil’s Windows Logon Agent protects against this by delivering strong two-factor authentication to all logon requests.
	Why Secure Windows Network Logon?
	When a password is compromised, the results can be disastrous to a company. Adversaries can pose as trusted users and access or destroy privileged and confidential information. In a Windows network the risks are further compounded by the fact a single Active Directory password credential will open up access to resources all over the organization. From company database resources to the corporate Sharepoint intranet, an account that is breached can cost a business highly in financial loss, lost productivity and the potential of a damaged reputation.

	The AuthAnvil Windows Logon Agent offers companies the ability to add strong two-factor authentication to Microsoft’s Windows client and server operating systems. It provides a simple and consistent logon experience no matter if they logon at the local desktop or through a terminal session. And it offers identity assurance by requiring users to provide their AuthAnvil passcode during the logon process.
	AuthAnvil Strong Authentication
	AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).
	How It Works
	When employees or partners need to access Microsoft Windows clients and servers they will log on directly at the keyboard, through Terminal Services or through a direct RDP session. Replacing Microsoft’s Windows Logon, AuthAnvil provides a dialog challenging the user for their Active Directory credentials and their AuthAnvil passcode for that logon session. When a user attempts to log in their passcode is sent to the AuthAnvil Strong Authentication Server (SAS) for authentication. If accepted, AuthAnvil then transfers the request back to the Windows security subsystem, which then attempts to authenticate the user against their domain credentials.
	Why is Identity Assurance important?
	The weakness in traditional passwords lies in the fact you don’t know WHO is using that credential. Was it Bob in accounting who is logging in, or Alice who happens to know Bob’s password? With increasing remote access privileges businesses are more at risk to this threat, and it isn’t getting any better. Identity assurance reduces this risk. It forces users to prove they are who they say they are by presenting their authentication token during logon and providing the dynamically generated one-time password along with their normal credential. This binds the transaction together and assures that the using that password is the owner of that credential.
	Prerequisites
	To add AuthAnvil strong authentication support to Microsoft Windows clients and servers the following prerequisites are needed: Windows XP, Windows Server 2003 or SBS 2003 Microsoft .NET Framework 2.0 AuthAnvil DCOM Bridge AuthAnvil Windows Logon Agent Network access to an AuthAnvil SAS AuthAnvil Authentication Tokens
	Key Highlights
	Some highlights to the Windows Network Logon solution include: Identity assurance that proves that the user attempting to logon is who they say they are. Leverages your existing investment into Microsoft technology to deliver enterprise level security at a fraction of the price. Active Directory Security Group policy management to allow configured accounts to override the need to provide an AuthAnvil passcode. Emergency Passcode Override functionality for AuthAnvil administrators to gain access in the midst of network failure or loss of token access.