Two-factor authentication (2FA) is a security feature that adds an extra layer of security to your Windows VPS login process. Instead of relying solely on a password, 2FA requires a second verification step, making it significantly harder for unauthorized users to gain access.
When enabled on a VPS, 2FA significantly reduces the risk of unauthorized access, even if an attacker obtains the user’s password.
Why Should You Implement 2FA on a VPS?
A VPS typically hosts critical data, business applications, and confidential files, making it a valuable target for hackers. If an attacker gains access to a VPS, they can’t:
1. An attacker cannot log in without the second authentication factor, even if a password is compromised.
2. It protects against brute force attacks and phishing attempts.
3. Many businesses require 2FA to secure server access and meet regulatory standards.
It is easy to use and can be set up with apps like Google Authenticator, Authy, or Duo Security.
Implementing 2FA can protect system administrators and users on a VPS. It adds an extra layer of protection against these threats by ensuring only authorized personnel can log in.
To implement 2FA on VPS using RDP on DUO, follow these steps:
1. Signup to DUO to register your admin account.
From the menu, select Protect Application under Applications:
2. Search or find RDP and select Microsoft RDP to protect your Windows VPS:
3. You will be shown with the following details:
4. Now go to your Windows VPS and login to your account, then install DUO by pasting the link into your browser:
https://dl.duosecurity.com/duo-win-login-latest.exe
Enter the API hostname from the DUO account as shown:
After that, enter the Integration Key and Secret Key:
5. Configure as per your requirement, but be cautious while unchecking the third checkbox; otherwise, local logins will also require 2FA.
After configuring, Click Install, and 2FA will be enabled:
Caution: Do not close your VPS until you have enrolled a new user. Otherwise, it will be locked, and you will need root access or contact your VPS provider to uninstall DUO.
6. Add new User:
This is the most crucial step when enabling 2FA for VPS:
Click on Add User and enter your Username, which must be the same as your VPS.
7. After Adding a new user, add Duo to your mobile device by sending the link from your admin account:
Follow this link: https://duo.com/docs/administration-users#activating-duo-mobile or directly activate from your admin account.
You will see this after successfully completing the steps:
Following these steps carefully and reading the instructions, you can enable 2FA on your Windows VPS Hosting.