Shared accounts got you down?

Here’s a description of a tool I’ve been itching to release for some time now - “2ndAuth”, short for “secondary authentication”.

This is how it works:

1. The user logs on using a shared account – an account that is known to be shared by a number of different people. Often this is a service account, or an account specific to a particular application.

Logon as a shared user

2. The user is prompted to identify their true account, by entering their username and password. At this point, a “known shared” account is not accepted. A timeout, or a repeated failure to logon, will result in the logon attempt being aborted.

Prompt for the individual's username

Error when the user tries to use a shared account

3. The 2ndAuth tool logs to the event log that it is allowing a shared account logon, and lets the user in.

And now he's allowed in.

I figure this tool would be great for allowing auditing of access to shared accounts, because if you can track down where and when a shared account was used maliciously (or accidentally), you could then find out exactly which individual was responsible for the misuse.

Currently, I have it available for Windows XP and Windows 2003, and I’m looking for beta testers. Drop me a line if you’re interested in testing this.

Published Tue, Sep 23 2008 5:47 by Alun Jones
Filed under: ,

Comments

# re: Shared accounts got you down?

You know I am.

re: I know you are

Drop me an email and I'll send you a copy.

Tuesday, September 23, 2008 08:44 AM by Alun Jones

Tuesday, September 23, 2008 9:55 AM by Mark A Ayers

# re: Shared accounts got you down?

Hi.

Can you send me copy of this super tool? Does it also work on Vista or Server 2008?

Thank you,

Joze

re: Sending you a copy

I'm trying to gauge interest before I figure out how to re-architect this to work on Vista or Server 2008. But a copy of the tool will be on its way to you later today

Tuesday, September 24, 2008 02:31 PM by Alun Jones

Wednesday, September 24, 2008 3:00 PM by Joze Markic

# re: Shared accounts got you down?

I clicked on the contact link in the upper left corner of the page and requested a copy of the tool.  Hopefully that email went to you.

Thanks.

re: Request for 2ndAuth

Thanks, Raymond - yes, I received your email. I hope you have received your software. Let me know - either in email, or on blog comments, how it's working for you. [Simple rule - bad comments to me by email, good comments in the blog :)]

Tuesday, September 26, 2008 07:44 AM by Alun Jones

Thursday, September 25, 2008 12:03 PM by Raymond Kelly

# re: Shared accounts got you down?

Hi Alun,

This sounds like a great tool. We've been struggling with shared user accounts for a while.

Will you send me a copy?

Thanks,

michiel

re: Request for 2ndAuth

Thanks for your inquiry, Michiel, but I don't have your email address - you can click on the "Contact" link at the top left of this page to send me an email.

Tuesday, September 26, 2008 07:45 AM by Alun Jones

Thursday, September 25, 2008 1:23 PM by Michiel

# FAQ on 2nd Auth

I’ve already received a number of questions about my secondary authentication tool, 2ndAuth . Here’s

Tuesday, October 14, 2008 11:11 PM by Tales from the Crypto

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: