The Protectimus DSPA (Dynamic Strong Password Authentication) software allows integration of the Protectimus two-factor authentication solution with Microsoft Active Directory or any other user directory (AD/LDAP, DBMS). Once integrated, dynamic two-factor authentication passwords will be required for access to all services connected to this directory, such as Winlogon, RDP, ADFS, and OWA.

Protectimus DSPA appends six-digit time-based one-time passwords to users' static passwords. The resulting passwords appear like this: P@ssw0rd!459812, where:

• P@ssw0rd! is the fixed part.
• 459812 is a TOTP (Time-Based One-Time Password) that changes within a set time interval.

The administrator sets the one-time password change interval, which must be a multiple of 30 seconds.

From the end-user perspective, authentication proceeds as follows: to access their accounts, a user must enter their fixed password and a one-time code in one line. Users should use the Protectimus SMART 2-factor authentication app to generate one-time passwords.

Protectimus DSPA (Dynamic Strong Password Authentication) Advantages:

1. Scheduled password changes:

The Protectimus DSPA component for Active Directory two-factor authentication regularly changes users' passwords in AD. The administrator specifies the password change interval. In this system, passwords are composed of two parts: a static part (specified by the user) and a dynamic part (a one-time password generated using the TOTP algorithm). The resulting passwords look like this: P@ssw0rd!459812.

2. On-premise platform:

The Protectimus DSPA component for Active Directory security and the Protectimus two-factor authentication platform are installed on the client's premises. You can manage all the data and processes yourself to ensure the maximum level of infrastructure security. The Protectimus on-premise platform is designed for multidomain environments and offers cluster, replication, and backup features.

3. Hassle-free administration:

Unlike traditional MFA solutions, Protectimus DSPA frees administrators from the need to install additional software on client machines and update it periodically. After integrating the Protectimus DSPA component with Active Directory, multi-factor authentication passwords will automatically be required to log into all systems connected to Active Directory MFA (Winlogon, RDP, OWA, etc.).

What problems does Protectimus DSPA solve?

1. Existing MFA solutions protect only part of the infrastructure:

Many standard MFA solutions add two-factor authentication exclusively to endpoints. This leaves a vulnerability where hackers can potentially attack your infrastructure by bypassing two-factor authentication and directly accessing your user directory. For example, it's possible to access Active Directory via the Windows command line, and having knowledge of a user's login and password is enough to perform actions on their behalf. By implementing Protectimus DSPA for system protection, you can ensure that no one gains access to AD, LDAP, or user accounts in your database without a dynamic password, regardless of the source or destination of the request.

2. Administrators need to install and support 2FA plugins on multiple platforms:

To configure two-factor authentication for all employees and the various services a company utilizes, administrators are often required to implement multiple 2FA plugins for different platforms and install additional software on each client machine. Furthermore, all this software needs constant updates. However, by integrating the Protectimus DSPA component with Active Directory, 2-factor authentication dynamic passwords will be mandatory for all services connected to AD (Winlogon, RDP, ADFS, OWA, etc.).