I spent last night installing the latest version of AuthAnvil and RWW-Guard on our network. Between the two, we now have a far more secure environment that enforces Two Factor Authentication (TFA) for access to critical accounts and resources. Normal Windows authentication is a single factor authentication - your password. Now if you use a really good, very long, password it's a reasonable level of security for most folks. But let's be honest - who really wants to type in a 20 character pass-phrase every time you log in, and keep changing it every few weeks. So, inevitably, we all tend to either go for a much shorter password, or never change it. (or more likely, both) By adding an additional level of authentication, we can increase security without materially increasing the pain of our users. Because, let's face it, users resist pain and find ways around it!
There are lots of kinds of TFA - some based on who you are (biometrics), some on what you know (additional query/response fields), and some based on what you have (token based systems). And many based on combinations of those. With AuthAnvil, I have a little key fob token that generates a one time password (OTP) whenever I press the button. It stays visible for about 30 seconds, long enough to key it in. In addition to that one time password, I also have a personal pin that I need to know. And, of course, my own Windows account name and password. If someone gets my password somehow, it does them no good at all - they don't have the token to generate the OTP. If they are looking over my shoulder when I type it in, I don't care! Use it once and it's never, ever, used again. And if, perish the thought, someone gets my token, knows my pin, and knows my password? I can easily disable that token and it's now useless, except as a keychain. 
What I really like about using an OTP token is that it isn't in any way possible to somehow fake my OTP. Biometrics are often used these days for TFA, and they have their proponents. But most biometric methods that ordinary folks have access to are easily fooled. As anyone who has watched Mythbusters knows! But my OTP token can't be fooled. Yes, I can lose it, or have it stolen. But it's easily disabled, even remotely, and then I just have the annoyance of getting a new one. And without my PIN, the token is useless anyway.
So, what's my number one gripe about AuthAnvil? No 64-bit support, so I can't use it for logins to my Ferrari. Yet. But Scorpion Software's Dana Epp has promised that it's actively being developed, and I'm hopeful we'll see it this fall? And when we do, I'll move all my business to require it for all logins. Right now I'm limited to requiring it for remote logins, either by way of VPN or over Remote Web Workplace. But as soon as the 64-bit GINA (for Windows XP) and 64-bit Provider (for Windows Vista and Windows Server 2008) are available, I'll make the move.
So, if you're concerned about the security of your network, and especially of your remote users and the valuable information they have, you really should be using TFA. And AuthAnvil is an excellent form of TFA.
Charlie.
Followon: So, apparently Scorpion Software reads this blog, since they noticed our comments on AuthAnvil. That's nice, but they have a challenge for us - they want to hear from folks about the need for 64-bit. So, by all means, go on over to the Scorpion Software blog and let Dana know you want 64-bit support in AuthAnvil. And hey, I'll bet if a few folks actually place an order, that will shift his priorities quite quickly. 
As some of you know, I've been fighting to live with Windows Server 2003 SP2 and Virtual Server - without much success, I might add. I strongly suspect it's related to networking, but whatever the cause, it's been a disaster here. After losing two days last weekend, reinstalling Windows Server multiple times while I tried to figure out what the cause was, I finally got smart. I poked around and found my copy of the server version of Acronis True Image. After I got everything working as I wanted to, with the basic patches installed, all my apps on there (Gvim, Hypersnap, and PowerShell), I installed Acronis True Image on the host system and took a full image of the C:\ (system) drive of the server (an HP ML-350 G5) and stored it locally on the E: drive. So far so good. Then I set a task to do a differential backup every night. (I could have used an incremental backup if disk space had been in short supply, but opted for differential to provide the best possible fall back position.)
Well, sure enough, Friday night it started misbehaving, giving all the symptoms of last weekend. It was 10 o'clock at night so I left it and went to bed, Got up in the morning, still broken, so I fired off Acronis in the running Windows Server 2003 R2 x64 Enterprise Edition system. Click on Restore, walked through some prompts, told it to blow away the existing image and to restore the one from Wednesday morning. It rebooted the server, I went away to get a make coffee, and by the time I got back, I was looking at the Windows Server 2003 login prompt. For a moment I thought it hadn't run. Wrong - it had restored the image and booted back into Windows without any further intervention on my part. And with no muss, no fuss. Gotta love it. This is how things are supposed to work.
Charlie.
For any of you running Virtual Server as your virtualization solution (and I am certainly in that camp for all except 64-bit guests), here's a great tool that gives you everything that VMRC should be, but isn't - VMRCPlus. Even if you're running the System Center Virtual Machine Manager, this is a tool you'll want to have. And if you're not running SCVMM, this is a tool you MUST have.
Charlie.