{"id":978,"date":"2020-10-23T15:24:13","date_gmt":"2020-10-23T19:24:13","guid":{"rendered":"https:\/\/increasec.com\/?p=978"},"modified":"2023-09-13T09:16:59","modified_gmt":"2023-09-13T13:16:59","slug":"cheap-2fa-hardware-tokens-for-duo","status":"publish","type":"post","link":"https:\/\/increasec.com\/?p=978","title":{"rendered":"Cheap 2FA Hardware Tokens for DUO"},"content":{"rendered":"\n

I have tested some cheap Multi-Factor Authentication hardware tokens with DUO security. Duo is easy to setup with Microsoft RdWeb remote desktop gateway.<\/p>\n\n\n\n

These are the tokens i tested $15 ca each, made out of metal so their nice and sturdy to attach to your keychain.
https:\/\/www.amazon.ca\/gp\/product\/B07T7SPMJB\/ref=ox_sc_act_title_1?smid=A2IPV56ZW8WL51&psc=1
<\/p>\n\n\n\n

The software to initialize the tokens is here
https:\/\/www.hypersecu.com\/downloads
HyperFIDO Pro HOTP Seed Generator (Ver. 1.0) <\/a>
(the 2nd download is for Titanium tokens)
I ran the software through VirusTotal <\/a>and it didn’t set off alarms.<\/p>\n\n\n\n

decompress and run the software as administrator<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Before <\/strong>you plug the hardware token in, type the serial #, written on the side of the token, into the “Key Serial Number” box
Plug the hardware token in to a USB port (Duh), it should get detected in the top window pane
if you click “Check Key” the program will verify the token is writeable
Now click “Generate Seed”
With the Token plugged in, click the “Program” button
You will need to Push the Button <\/strong>on the token or programming will fail.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Copy the Key Serial # and the Seed and paste them somewhere safe… like a LastPass encrypted note. You did setup LastPass, right?<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Sign into your DUO cloud admin panel and goto 2FA Devices, Hardware Tokens.
click Import Hardware Tokens<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In the “CSV token data” box enter your token serial#, a comma, and the generated key. You can do this for a dozen tokens at once. Hit the “Import Hardware Tokens” button<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

We can now click on the Token serial number and link the token to a user<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Verify that your Global Policy (or sub policy if you have one) has Hardware tokens enabled<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Now to test<\/p>\n\n\n\n

When we logon to the RdWeb server we are asked first to pick a device if the user has multiple auth methods. We will pick Token from the drop-down.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"
We need to click “Enter a Passcode”<\/figcaption><\/figure>\n\n\n\n
\"\"
Click in the text box so the cursor is in the right place (ex. 867539)<\/figcaption><\/figure>\n\n\n\n

The token is like a keyboard with 1 key, so the cursor needs to be in the text box, ready to receive the text.<\/p>\n\n\n\n

Push the button on the token and it should fill the text box with 6 digits<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

and finally click “Log In” to proceed to RdWeb.<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

Info on how to set these up with M$ Exchange Online but I haven’t tested this yet. https:\/\/www.hypersecu.com\/fido2-microsoft<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

A list of services that work with Fido u2f https:\/\/www.dongleauth.info\/#software<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

Update: been using this for a few months now. Works well with Microsoft Azure\/WhateverTheyCallItThisMonth. If you are plugging+unplugging the device every day it does ask for a PIN # 1\/day.<\/p>\n\n\n\n

\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"

I have tested some cheap Multi-Factor Authentication hardware tokens with DUO security. Duo is easy to setup with Microsoft RdWeb remote desktop gateway. These are the tokens i tested $15…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[16,143,144,19],"class_list":["post-978","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-2fa","tag-duo","tag-mfa","tag-rdweb"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=978"}],"version-history":[{"count":13,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/978\/revisions"}],"predecessor-version":[{"id":2662,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/978\/revisions\/2662"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}