Shared accounts got you down?

Here’s a description of a tool I’ve been itching to release for some time now – “2ndAuth”, short for “secondary authentication”.

This is how it works:

1. The user logs on using a shared account – an account that is known to be shared by a number of different people. Often this is a service account, or an account specific to a particular application.

Logon as a shared user

2. The user is prompted to identify their true account, by entering their username and password. At this point, a “known shared” account is not accepted. A timeout, or a repeated failure to logon, will result in the logon attempt being aborted.

Prompt for the individual's username

Error when the user tries to use a shared account

3. The 2ndAuth tool logs to the event log that it is allowing a shared account logon, and lets the user in.

And now he's allowed in.

I figure this tool would be great for allowing auditing of access to shared accounts, because if you can track down where and when a shared account was used maliciously (or accidentally), you could then find out exactly which individual was responsible for the misuse.

Currently, I have it available for Windows XP and Windows 2003, and I’m looking for beta testers. Drop me a line if you’re interested in testing this.