Amazon protects its virtual desktops with two-factor authentication

Amazon Web Services now lets enterprises use two-factor authentication to better protect hosted WorkSpaces virtual desktops.

The steady stream of incidents in which hackers have been able to access traditional passwords highlight the need for something more secure over and over again. Adding so-called two-factor authentication increases security by validating users with something they know (a regular password) and something they have (a hardware or software generated one-time password).

Protecting Workspaces desktops with two-factor authentication helps prevent unauthorized users from gaining access to enterprise resources, while defending against password attacks such as phishing and keystroke logging. The feature itself is available now at no extra charge, Amazon said in a blog post.

For the authentication to work, organizations need a Radius server. Amazon has verified its implementation against the Symantec VIP (Validation and ID Protection) and Microsoft Radius Server products.

Gemalto offers two products that can be used to generate the one-time passwords; the Ezio keyfob costs $12.99 and the Ezio display card costs $19.99. The six digit passwords they generate are valid for one attempt and for 30 seconds.

For companies that don't want to roll out new hardware, there are applications for Android, BlackBerry OS, iOS and Windows. The applications are free, but aren't considered as secure.

To help IT departments get started, Amazon has updated its administration guide with instructions on how to activate the improved authentication.

Amazon Workspaces was made generally available at the end of March. The service offers managed virtual desktops users can access from PCs, Macs, Apple's iPads and tablets based on Android, including Amazon's own Kindle Fire products.

The desktops cost from $35 per user and month and are available from Amazon's data centers in North Virginia, Oregon, Sydney and Ireland.