Power LogOn offers 2FA and networked password management for the enterprise

Like most humans, I’m more vocal about the things I don’t like and less likely to crow about the things I do like.  Since I wrote my popular 11 ways to hack 2FA article, I’ve been besieged by vendors eager to show me how their authentication solution defeats all the hacking issues I wrote about.

They are all wrong. There is no such thing as unhackable anything. Saying something is unhackable is like saying you can stop all crime. It just isn’t possible. Most of the time I can quickly show them how four or five of the methods I wrote about would work against their particular solution.

Beyond the potential security issues, most of the solutions are either not nearly as good as the creators think or they are or are too cumbersome to use for a lot of organizations. I’ve grown accustomed to being underwhelmed. So, imagine my pleasant surprise when a vendor showed me something relatively simple that I liked. The founder didn’t make false anti-hacking promises, seems to really know his stuff, and has a working product used by many customers, including a few Fortune 100 companies. The kicker? It’s easy to install, setup and use.

Power LogOn combines 2FA with network-based password manager

The product is called Power LogOn by Access Smart, and its founder and CEO is Dovell Bonnett. Bonnet has decades of authentication experience particularly around smartcards. He likes to brag that he was part of the team that helped Microsoft deploy a user smartcard that doubled as a building access card. I know those since I was a Microsoft “blue badge” for 12 years.

Power LogOn brings together 2FA with a network-based password manager. The user first logs onto a computer or workstation (using multi-factor authentication, say a smartcard and a PIN) that has the Power LogOn authentication client installed. That client then creates a trusted node that takes other logon information to authenticate with the network portion, which admins install and manage. It can be easily installed in 90 minutes, plus user provisioning. The admin configures the allowed authentication policy and can control many other configuration settings.

The Power LogOn network portion acts as a network-based password manager, creating and managing long and complex passwords for each user and website. The user gets a list of the previous sites saved in the password manager portion, which they can then choose among. The user double-clicks one, and the password manager logs them onto the website or application.

The admin portion gives the admin complete control over the user’s logon, including defining how many factors — 1FA, 2FA or 3FA — to require for the initial client logon, and how it is accomplished (e.g., PIN, smartcard or biometrics). PIN sizes and composition can be controlled. Once enabled, the Power LogOn client prompt can replace the normal Microsoft Windows logon prompt.

Logging off the computer or network is just as important as logging in. Power LogOn allows admins to control what happens if the user removes their smartcard, such as doing a forced log out, shutdown, hibernation, regular screen lock, run one or more customized scripts, or no action. You can configure a Windows password policy, including requiring passwords with up to 30 characters. You can create different policies for different users and groups.

Because the backend password manager database is networked, the user can access the sites they want to log onto using Power LogOn from any terminal in the system that has the Power LogOn client installed. Contrast that with an individual password manager, which must be configured for each specific user for each device upon which it will be used. This one feature alone is a reason why organizations should consider it.

Simpler authentication solution from a small company

If I have one complaint it is that, like a lot of the other MFA vendors, Access Smart is not a large, Fortune 500 company. It’s a small shop run by dedicated professionals. Both the software and demo video seem a little less polished than if Bonnett had $10 million to develop the code with a huge design and PR team behind it. Because I come from a large Fortune 100 company background, I was a little skeptical initially. Could anyone trust a network authentication product that can be installed and be up in running in 90 minutes?

Sometimes simple is better. For example, Power LogOn doesn’t use public key infrastructure (PKI). Setting up the PKI servers alone can take days to weeks.

If you want to test Power LogOn for yourself, Access Smart has a small pilot test kit that contains everything you need (software, hardware, smart cards) to test the solution for yourself, with a 90-day money back guarantee. It has an API so websites and applications that want to take advantage of MFA integrated with a network-based password manager can do so. Only a Microsoft Windows client is available right now, but a Linux client is on the horizon.

I’ve seen other good authentication solutions lately, but none as simple and quick to setup as Power Logon. I also like the idea of a network-based password manager. I’ve fully converted myself to a password manager a few months ago, and the idea of a network-controllable one seems like it would be necessary for any enterprise. Authentication is a complex thing by nature. It’s nice when a solution can make it seem a bit easier to implement.