The OpenOTP server previously mentioned also provides RADIUS authentication services with multifactor. It is the cornerstone of Initiative For Open Authentication (OATH) and is used in a number of two factor authentication systems. So for your hardware VPN solution, you can authenticate the VPN clients using RADIUS against the MFA server, using a code or PIN plus a TOTP code (as described in the parent post above) as the password. A Time-based One-time Password Algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. If you want to enable MFA for service under your control (such as Active Directory), then you can implement a 3rd-party solution, such as Duo (for a cloud-based system) or an on-premises, software based system such as Wright () or OpenOTP from RCDevs ().įor devices or services that don't support MFA but do support RADIUS, you can set up an MFA server that also serves RADIUS clients. If you want to enable MFA for other online accounts, you'll be limited to whatever the provider offers - if they offer anything at all. Right off the bat, it offers to back up all of your saved accounts, in case you have to wipe the phone or change phones.
To be clear, that only enables MFA for your Google account. Authy has positioned itself as a top rival to Google Authenticator.
