Flexible Windows Multifactor Authentication
August 30, 2023
Flexible Windows Multifactor Authentication
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with HID DigitalPersona
We used DigitalPersona for MFA logging into Windows. This was to meet the need of protecting sensitive data in legacy applications that did not support MFA, as well as reports and other local files that needed additional security. DigitalPersona was installed on all our user endpoints, which was roughly 230 devices.
Pros
- Multifactor authentication
- Offline authentication
Cons
- Product support and patches
- New features
- Local admin login
Do you think HID DigitalPersona delivers good value for the price?
Yes
Are you happy with HID DigitalPersona's feature set?
Yes
Did HID DigitalPersona live up to sales and marketing promises?
Yes
Did implementation of HID DigitalPersona go as expected?
Yes
Would you buy HID DigitalPersona again?
No
We solely used DigitalPersona for Windows logon. We primary used 3 different forms of authentication. Bluetooth from a business owned device, fingerprint with a HID reader for biometrics, and smartcard. Having multiple ways to sign in with MFA was very helpful as users would frequently forget one of their factors.
HID having Active Directory integration was a strength and a drawback. The drawback as a System Administrator I don't like to extend my Active Directory schema if I don't have to. It adds additional complexity when needing to upgrade an Active Directory server. It also means all of your authentication is being authorized by a sole source. This can be a strength or a drawback depending on your view of security. Having everything integrated is helpful as there's only one place needed to go to when troubleshooting login issues.
We were protecting Windows desktops and laptops. The idea behind having multifactor authentication at login is to protect local data sitting on each device and adding another layer of security for legacy on-premises applications that do not support multifactor authentication. We only used DigitalPersona with Windows 10 and had no issues upgrading to different major released of Windows 10.
We did not use DigitalPersona with Azure AD.
- Easy to use MFA with little push back from users
- Lost the ability to use local admin accounts
We went the other direction. DigitalPersona was our initial implementation, but we have moved away from DigitalPersona and moved to a product called TecMFA. Our organization has implemented Okta as our application and Azure as our multifactor authentication platform, and TecMFA allows us to use Okta at the Windows login which allows consistency with MFA across all platforms and applications.
Comments
Please log in to join the conversation