Last updated on March 26, 2024
Microsoft is slowly rolling out Windows 11. Some Windows 10 devices have already started prompting their users with information about a possible free update to Windows 11.
As Microsoft stated in its blog post, Windows 11 is being released in phases. As a result, it may take as long as until mid-2022 for Windows 11 to be available as an auto-update for all Windows 10 devices.
If you cannot wait and still have not received any information on a possible update to Windows 11, you can manually download and install Windows 11 from Microsoft’s website.
What’s New in Windows 11
Windows 11 boasts a Mac-like interface, integrates with Android apps, and provides a great gaming experience.
From Secure Boot through Device Encryption to Virtualization-based Security (VBS), Windows 11 comes packed with in-built features.
But what about logon security?
Are Your Logons Secure?
The release of Windows 11 makes a perfect opportunity to review the security policies of your company. Identity and Access Management (IAM) is the core of any company’s security posture. Therefore, you should:
- Review the security of your network infrastructure
- Review how your users authenticate to Windows Logon & RDP
A common approach to Windows accounts includes creating a set of Active Directory domains and filling them with users. These users can then log in to their local Windows devices using their Active Directory user name and password.
But some companies do not use Active Directory. Instead, they prefer a simple network infrastructure they create using in-built Workgroup Accounts.
Then, there’s the question of users. Some users log in to Windows using their local machines. But there are also users, including remote workers, who log in via RDP.
Your company has to deal with at least some of these challenges. If you already set up a way to authenticate your users with passwords, you might think the job’s done. Not so fast. Did you remember about security?
You must now ask yourself a question: Am I secure enough to give all my users the protection they need? Better yet, will my users still be secure even if their passwords get cracked?
Basic Windows authentication is password-based. Unfortunately, passwords are an absolute nightmare for security. While Microsoft allows you to go passwordless on your Microsoft account, not all users have a Microsoft account. In addition to that, Microsoft Azure Active Directory is costly. There is a better option.
Why Two-Factor Authentication (2FA) Is The Way to Go
Let’s face it: passwords are not very secure. Of course, you can replace the password with something else. But you can also add something else besides the password. Two-Factor Authentication (2FA) does exactly that.
With 2FA, you will be using passwords just like before. However, a correct password will not be enough for you to log in. 2FA adds another step to your login process. This second step may require you to provide a short passcode that has been sent to you via SMS. You can also receive a notification request on your mobile phone. These are only two of many available authentication methods. A good 2FA solution lets you choose from many options.
But how can a second authentication step (or factor) increase your login security?
When you log in using your password, you are only using one communication channel and one piece of evidence that you is you. As a result, a malicious actor who guesses, cracks, or steals your password can successfully gain access to your account. Apart from hacking your password, a malicious actor can, for example, eavesdrop on the channel of communication between you and the security system and tamper with the information sent in between. Possible hacking scenarios abound.
Deploying 2FA and setting up the Mobile Push authentication request transforms this one-channel authentication process into a two-channel authentication process. Now the security system requires two separate pieces of evidence. The proof that you are you is not only your password but also your phone. If you start a login process and then receive an authentication request on your phone, you can be sure that it’s you. A hacker does not have your phone so they cannot gain access to your account.
Naturally, a malicious actor can also steal your phone. But stealing a phone is much harder than stealing a password. And since now there are two channels of communication, the malicious actor has to eavesdrop on both. At the same time. And try to steal encrypted information. In a matter of seconds. This is much harder than brute-forcing a simple password of an untrained employee. As a matter of fact, this is so much harder that Microsoft famously stated that MFA/2FA prevents 99.9% attacks on accounts.
Rublon Secures Your Windows 11 Logons
The Rublon for Windows Logon and RDP connector introduces strong 2FA to Windows Server and Windows Home & Pro systems. From now on, Rublon for Windows also supports Windows 11.
Rublon for Windows Logon and RDP supports both local and RDP logons while pulling users from Workgroup Accounts or Active Directory accounts.
Rublon empowers you with secure second-step authentication methods, including Mobile Push, Mobile Passcode (TOTP), and QR Code.
It does not matter how you configured your network infrastructure. Rublon 2FA protects all your users with cutting-edge Two-Factor Authentication.
And just for $2 per user.
