Securing Windows RDP with two-factor Authentication.
Opening RDP access for you home computer can be quite convenient. However, this means you have to carefully secure access to your machine. One of the things you can do is to enable two-factor authentication.
Duosecurity provides such an option for free (has paid versions for business).
Steps to enable two-factor authentication with Duo:
- Create a free account on duosecurity.com
- Log int to your account. Go to Application – create a new application – Microsoft RDP.
- Install Duo RDP Installer Package (from duosecurity) and install on your machine. It’ll ask for Integration key, Secret key, and API hostname from the application that you created. If you don’t want to use duo for local logins, make sure to check “Only prompt for Duo authentication when logging in via RDP”.
- Go to your duosecurity dashboard and add a new user. This may be a little tricky if you use a Microsoft Live account (the same account across multiple machines). It doesn’t seem to work with duosecurity. Instead you need to enter your Windows username (Computer Management – Local Users and Groups – Find your account. Use this name in your RDP connection as well as in Duo Security.). Add Phone to your user account and activate it (will text you a link to activate).
You are all set. The next time you try to RDP to your machine, it’ll send you a push notification to your phone before you can login.