Here’s a description of a tool I’ve been itching to release for some time now – “2ndAuth”, short for “secondary authentication”.
This is how it works:
1. The user logs on using a shared account – an account that is known to be shared by a number of different people. Often this is a service account, or an account specific to a particular application.
2. The user is prompted to identify their true account, by entering their username and password. At this point, a “known shared” account is not accepted. A timeout, or a repeated failure to logon, will result in the logon attempt being aborted.
3. The 2ndAuth tool logs to the event log that it is allowing a shared account logon, and lets the user in.
I figure this tool would be great for allowing auditing of access to shared accounts, because if you can track down where and when a shared account was used maliciously (or accidentally), you could then find out exactly which individual was responsible for the misuse.
Currently, I have it available for Windows XP and Windows 2003, and I’m looking for beta testers. Drop me a line if you’re interested in testing this.