OTP as part of username
0 vote
I've started working with Authlite and it is a pain in the posterior. Long story short, in order to connect to some systems, you have to put in the credentials like this;
DOMAIN\User-####
With the ### being an OTP password.
To work around this I have created custom credentials in Bitwarden like this;
DOMAIN\Usernamek-$ONE_TIME_PASSWORD$
Which works BUT things get 'funky' when changing password.
It would really help to have the option in the advanced somethi8ng like {Domain}\User}-{OTP}
If it pulls the OTP password from the configured OTP settings (inherited is great!) that would be super helpful.
Thank you!
To say can't is to fail before you begin
All Comments (8)
Hello,
Just to make sure I am getting this correctly, what you would like is the following :
Username : user
Domain : domain
OTP : 123123
Result : domain\user-123123
In this case the OTP is taken from the following section of your session :
Is this correct?
Best Regards,
Michaël Beaudin
Correct. To loginto an Authlite protected server it uses 2 factor, with the OTP being part of the username.
To say can't is to fail before you begin
Hello,
We have created a ticket for this feature and will keep you updated.
Best Regards,
Michaël Beaudin
Hello, I wanted to add a +1 that I would also like to see this feature. We are implementing AuthLite as well, due to increasingly strong requirements from our insurance agency. Many other institutions in our consortium of independent colleges/universities are facing the same requirements, so this may be in higher demand soon.
Hello,
We're currently working on adding this to RDM but I had a question @Bill and @travito.
The plan right now is to add two new options to the "usage" value for OTPs, "Append to username" and "prepend to username".
My question is the following: would you also need an additional option when in "append" mode to be able to specify a string of text to add between the username and OTP? The reason I ask is because you both specified that the format is <USERNAME>-<OTP> (emphasis on the hyphen) and not <USERNAME><OTP>.
Currently the append option is simply concatenating both strings, but for flexibility I think adding an option to put a string between both would be useful. What do you think?
Regards,
Hubert Mireault
Yes, the ability to append text between the two is essential. for customers using AuthLite, they must include a hyphen after the username.
Documentation on Authlite 2FA over RDP is here: 2FA over Remote Desktop Protocol | AuthLite v2.4 Documentation | AuthLite
Excerpt:
Using RDP with AuthLite
To log in to the remote desktop server:
Launch the mstsc.exe client and specify the terminal server you are connecting to
Tap your AuthLite key into the Username field. OATH token users should enter their username followed by a dash “-” followed by the OTP from their token.1
Enter your password into the password field
Connect
1 The password field is hashed by the NTLM protocol, so it cannot be used to enter OTPs.
"Tap your authlite key into the username field" presumably is for yubikey users. OATH users have to put a hyphen and their OTP code after the username.
I agree with Travito. That hypen is important. It wouldn't surprise me if other companies used something similar. Thank you.
To say can't is to fail before you begin
Thank you two for the feedback, we will also add this option to customize this! I will get back to you once I have an update about the feature.
Regards,
Hubert Mireault