{"id":4108,"date":"2019-05-07T12:29:03","date_gmt":"2019-05-07T09:29:03","guid":{"rendered":"https:\/\/www.protectimus.com\/blog\/?p=4108"},"modified":"2022-06-09T17:28:29","modified_gmt":"2022-06-09T14:28:29","slug":"two-factor-authentication-for-windows","status":"publish","type":"post","link":"https:\/\/www.protectimus.com\/blog\/two-factor-authentication-for-windows\/","title":{"rendered":"Two-factor authentication for Windows 7, 8, 10, 11"},"content":{"rendered":"\n<p>Since Windows is one of the most used systems, especially among various businesses, it makes sense to thoroughly protect it. Protectimus has an excellent <a href=\"https:\/\/www.protectimus.com\/winlogon\/index.php\" target=\"_blank\" rel=\"noreferrer noopener\">two-factor authentication software for Windows 7, 8, 8.1, 10, 11<\/a>. In this article, we will look into how it works and how to set it up. And we will address the most common questions on our two-factor authentication for Windows login.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Windows two-factor authentication (2FA) setup | Secure Window login and RDP with MFA || Protectimus\" width=\"838\" height=\"471\" src=\"https:\/\/www.youtube.com\/embed\/xCeQ4jRzXo4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How does two-factor authentication for Windows login work<\/strong><\/h2>\n\n\n\n<p>Two-factor authentication for Windows login is rather simple. The process consists of two successive levels of login, just as the name suggests. First, the user has to sign in with their common Windows credentials (their regular username and password).<br><\/p>\n\n\n\n<p>On the second level, the user has to enter a one-time password (OTP). This password is valid only for 30-60 seconds and can be delivered or generated via a number of different ways, the user can choose which way they prefer. It can be a <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.protectimus.com\/protectimus-bot\" target=\"_blank\">chat-bot message<\/a>, <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.protectimus.com\/protectimus-smart\" target=\"_blank\">2FA app<\/a>, <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.protectimus.com\/protectimus-mail\" target=\"_blank\">email<\/a>, <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.protectimus.com\/protectimus-sms\" target=\"_blank\">SMS<\/a> or one of our <a href=\"https:\/\/www.protectimus.com\/tokens\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">hardware security tokens<\/a>.<br><\/p>\n\n\n\n<p>Windows 7 two-factor authentication ensures there\u2019s minimum to none risk for the Windows user account to be breached if the user\u2019s regular password is compromised. In this unfortunate case, the criminals will have to get access to the user\u2019s email, phone or hardware token, which is much harder to accomplish. And at the same time, if the phone or OTP token is compromised, the attacker still has to guess the password.<br><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"392\" height=\"460\" src=\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/05\/Protectimus-two-factor-authentication-windows-7-8-10.png\" alt=\"Protectimus two-factor authentication for Windows 7, 8, 10, 11.\" class=\"wp-image-4115\" srcset=\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/05\/Protectimus-two-factor-authentication-windows-7-8-10.png 392w, https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/05\/Protectimus-two-factor-authentication-windows-7-8-10-256x300.png 256w\" sizes=\"auto, (max-width: 392px) 100vw, 392px\" \/><\/figure><\/div>\n\n\n\n<p>Besides, each one-time password generated by your two-factor authentication token can be used only once and is time sensitive. This means that the generated code will simply expire and won\u2019t be usable within 30-60 seconds. Which makes it almost impossible to intercept and have the code used for unauthorized access to the protected Windows account.<br><\/p>\n\n\n\n<p><span style=\"color: #ff0000;\">| Read also:<\/span> <a href=\"https:\/\/www.protectimus.com\/blog\/windows-computer-safety-tips\/\">10 Windows Computer<\/a><a href=\"https:\/\/www.protectimus.com\/blog\/windows-computer-safety-tips\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"r Safety Tips (opens in a new tab)\"> Safety Tips<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to set up two-factor authentication for Windows 7, 8, 10, 11<\/strong><\/h2>\n\n\n\n<p>It is very easy and fast to set up Protectimus dual factor authentication Windows solution and have your Windows 7, 8, 8.1, 10 or 11 thoroughly protected from unauthorized access, the whole process usually takes less than 15 minutes. <br><\/p>\n\n\n\n<p>This Windows two-factor authentication software is designed both for individual and business users. So it\u2019s very easy to set it up. The set up can be done by any user themselves without involving an admin with special skills.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Create account in Protectimus Service<\/h3>\n\n\n\n<p>Fill out the&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/service.protectimus.com\/register\" target=\"_blank\">registration form<\/a>&nbsp;and create your Protectimus 2FA service account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Activate a Service Plan<\/h3>\n\n\n\n<p>Choose a service plan and make sure to activate it, even if it\u2019s a Free service plan. The API won\u2019t function unless a service plan is activated. It can be deactivated at any time.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/05\/Activate-API.jpg\" alt=\"How to set up two-factor authentication for Windows 7, 8, 10, 11 - Activate Protectimus API\"\/><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">3. Create a Resource<\/h3>\n\n\n\n<p>To group and easily manage the users and tokens we use Resources. So the first step to actually start using Protectimus MFA for your Windows is to create a Resource, which is done by clicking one single button and giving a name to the Resource you created.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/miro.medium.com\/max\/1400\/0*jZ4_DDzUTEKEhLkW.png\" alt=\"\" width=\"840\" height=\"429\"\/><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">4. Enable Automatic Registration of Users and Tokens<\/h3>\n\n\n\n<p>Once a Resource is created, switch on automatic registration of Users and Tokens.<\/p>\n\n\n\n<p>When the automatic registration of Users and Tokens is enabled, your users will enroll their tokens themselves during their first login to the Windows account after you install the Protectimus Winlogon solution on their computers.<\/p>\n\n\n\n<p>Click on the name of your Resource.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2022\/02\/protectimus-winlogon-setup-2.png\" alt=\"Protectimus Winlogon setup - click the Resource name\"\/><\/figure><\/div>\n\n\n\n<p>Go to the Winlogon tab.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2022\/02\/protectimus-winlogon-setup-3.png\" alt=\"Protectimus Winlogon setup - Winlogon tab\"\/><\/figure><\/div>\n\n\n\n<p>Activate:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Access for unregistered users;<\/li><li>User auto-registration;<\/li><li>Token auto-registration;<\/li><li>And choose the type of tokens your users can enroll (Protectimus Mail, Protectimus SMS, or Protectimus SMART OTP).<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2022\/02\/protectimus-winlogon-setup-4.png\" alt=\"Protectimus Winlogon setup - Winlogon tab settings\"\/><\/figure>\n\n\n\n<p>Note that you can also add Users and Tokens manually.<\/p>\n\n\n\n<p>Read how to add Users manually&nbsp;<a href=\"https:\/\/www.protectimus.com\/guides\/otp-tokens\/#1-how-to-add-tokens-manually\" rel=\"noreferrer noopener\" target=\"_blank\">here<\/a>. The user login you create in Protectimus must be the same as your Windows username. Before creating a user, make sure that your Windows username contains only Latin characters, numbers and the following symbols:&nbsp;_-@\u223d!#%+.$. Spaces and any other symbols are not allowed.<br>If you want to add Tokens manually, read the instructions&nbsp;<a href=\"https:\/\/www.protectimus.com\/guides\/otp-tokens\/#1-how-to-add-tokens-manually\" rel=\"noreferrer noopener\" target=\"_blank\">here<\/a>.<\/p>\n\n\n\n<p>Don\u2019t forget to&nbsp;<a href=\"https:\/\/www.protectimus.com\/guides\/users\/#3-how-to-assign-a-token-to-a-user\" rel=\"noreferrer noopener\" target=\"_blank\">assign Tokens to specific Users<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.protectimus.com\/guides\/resources\/#4-how-to-assign-users-and-tokens-to-resource\" rel=\"noreferrer noopener\" target=\"_blank\">assign Tokens with Users to the Resource<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. Download and install Protectimus Winlogon<\/h3>\n\n\n\n<p>Finally, you need to download and install&nbsp;<a href=\"https:\/\/www.protectimus.com\/winlogon\/index.php\" target=\"_blank\" rel=\"noreferrer noopener\">Protectimus Winlogon<\/a>, run the installer and test the MFA. Please, carefully follow the instructions from the setup guide, which can be found <a href=\"https:\/\/www.protectimus.com\/guides\/winlogon-rdp\/\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.<\/p>\n\n\n\n<p>All of the steps described above took more time to write down than actually following them does. <\/p>\n\n\n\n<p><span style=\"color: #ff0000;\">| Read also:<\/span> <a href=\"https:\/\/www.protectimus.com\/blog\/two-factor-authentication-types-and-methods\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">The Pros and Cons of Different Two-Factor Authentication Types and Methods<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Common questions<\/strong><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1557153416184\"><strong class=\"schema-faq-question\"><strong>How much does it cost?<\/strong><\/strong> <p class=\"schema-faq-answer\">You can have free two-factor authentication Windows login for up to 10 Users\/Tokens assigned to one Resource. If you need to protect more users, the cost per user in Protectimus\u2019 Windows two factor authentication system starts at $1 per user per month, and the more users you add, the lower the cost per user. Find more info on pricing <a rel=\"noreferrer noopener\" href=\"https:\/\/www.protectimus.com\/pricing\" target=\"_blank\">here<\/a>.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1557153429596\"><strong class=\"schema-faq-question\"><strong>Can I use this solution for Microsoft RDP?<\/strong><\/strong> <p class=\"schema-faq-answer\">Yes, Protectimus Winlogon solution can be used to protect a personal or corporate computer of a single user, as well as remote access for corporate desktops through a connection to a terminal server Windows Server 2012 R2\/2016 over RDP.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1557310721234\"><strong class=\"schema-faq-question\">What versions of Windows OS are supported?<\/strong> <p class=\"schema-faq-answer\">Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, Windows Server 2012 R2, Windows Server 2016.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1557329609155\"><strong class=\"schema-faq-question\">What authentication methods are available?<\/strong> <p class=\"schema-faq-answer\">2FA applications, hardware OTP tokens,  chat-bots in messaging apps, Email and SMS authentication.<\/p> <\/div> <\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Read more:<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.protectimus.com\/blog\/duo-vs-protectimus\/\">Duo Security vs Protectimus<\/a><\/li><li><a href=\"https:\/\/www.protectimus.com\/blog\/hardware-token-azure-mfa\/\">Hardware Tokens for Azure MFA<\/a><\/li><li><a href=\"https:\/\/www.protectimus.com\/blog\/office-365-mfa-hardware-token\/\">Office 365 MFA Hardware Token<\/a><\/li><li><a href=\"https:\/\/www.protectimus.com\/blog\/keycloak-multi-factor-authentication-hardware-tokens\/\">Keycloak Multi-Factor Authentication With Hardware Tokens<\/a><\/li><li><a href=\"https:\/\/www.protectimus.com\/blog\/7-tips-from-phishing-scams\/\">Top 7 Tips How to Protect Yourself from Phishing Scams<\/a><\/li><li><a href=\"https:\/\/www.protectimus.com\/blog\/mitm-prevention-and-detection\/\">Man In The Middle Attack Prevention And Detection<\/a><\/li><li><a href=\"https:\/\/www.protectimus.com\/blog\/social-engineering-why-it-works\/\">Social Engineering: What It Is and Why It Works<\/a><\/li><\/ul>\n\n\n\n<p>Please, let us know if you have any questions in comments or via email <strong>support@protectimus.com<\/strong>.<\/p>\n<span class=\"et_bloom_bottom_trigger\"><\/span>","protected":false},"excerpt":{"rendered":"<p>Since Windows is one of the most used systems, especially among various businesses, it makes sense to thoroughly protect it. Protectimus has an excellent two-factor authentication software for Windows 7, 8, 8.1, 10, 11. In this article, we will look into how it works and how to set it up. And we will address the [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":4164,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[9,15,329],"tags":[194,99,436],"class_list":["post-4108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-protectimus-products","category-rd","category-setup-guides","tag-protectimus-en","tag-two-factor-authentication","tag-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/4108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/comments?post=4108"}],"version-history":[{"count":31,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/4108\/revisions"}],"predecessor-version":[{"id":7666,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/4108\/revisions\/7666"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media\/4164"}],"wp:attachment":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media?parent=4108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/categories?post=4108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/tags?post=4108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}