How To Setup Two-Factor Authentication With RDP On Your VPS

What is Two-Factor Authentication (2FA)?

Two-factor authentication (2FA) strengthens access security by requiring two methods (also referred to as factors) to verify your identity. These factors can include something you know - like a username and password, plus something you have - like a smartphone app to approve authentication requests.

2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

Duo integrates with Microsoft Windows client and server operating systems to add two-factor authentication to Remote Desktop and local logons.

How To Setup Duo

  • Sign up for a Duo account: https://signup.duo.com/
  • Log in to the Duo Admin Panel: https://admin.duosecurity.com/login
  • Navigate from the left menu to Applications:
  • Click the Protect an Application button:
2FA screenshot step 1
  • Search for RDP and locate Microsoft RDP in the applications list. Click Protect this Application:
2FA screenshot step 2
  • Get your integration key, secret key, and API hostname on the next page. You will need this information to install the Duo application. Treat your secret key like a password - the security of your Duo application is tied to the security of your secret key (skey).
  • On the VPS, download the Duo Authentication for Windows Logon installer package:https://dl.duosecurity.com/duo-win-login-latest.exe
  • Run the Duo Authentication for Windows Logon installer with administrative privileges.
  • When prompted, enter your API Hostname from the Duo Admin Panel and click Next. The installer verifies that your Windows system has connectivity to the Duo service before proceeding.
  • If the connectivity check fails, ensure that your Windows system is able to communicate with your Duo API hostname over HTTPS (port 443).
2FA screenshot step 3
  • Enter your integration key and secret key from the Duo Admin Panel and click Next again.
2FA screenshot step 4
  • Finish the installer and continue to next step:
2FA screenshot step 5 2FA screenshot step 6

Add User

From the left panel choose Users and then click the Add User button on the right:

2FA screenshot step 7

Add the username for your VPS - this must match:

2FA screenshot step 8

On the next page, complete the form to finish setting up the account.

Test your installation:

To test your setup, attempt to log in to your newly-configured system as a user enrolled in Duo.

If installed and configured correctly, you should see something like this:

2FA screenshot step 9

Duo Push: Send a request to your mobile device. To use Duo Push, install the Duo client on your Android or iOS device. Follow the instructions provided during the install at Play Store or iTunes. Login to your mobile client using your Duo account credentials.

Call Me: Perform phone callback authentication.

Passcode: Log in using a passcode generated with Duo Mobile, received via SMS, generated by your hardware token, or provided by an administrator. To have a new batch of SMS passcodes sent to you click the Send me new codes button. You can then authenticate with one of the newly-delivered passcodes.