https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899991#M18997 <P>Have you considered using a USB secure certificate token store instead? &nbsp;An example is something like this:</P> <P><A href="http://www.safenet-inc.com/data-protection/password-protection-applications/?aldn-true">http://www.safenet-inc.com/data-protection/password-protection-applications/?aldn-true</A></P> <P></P> <P>Basically you issue a certificate, and it is stored on the USB token. &nbsp;You give this to the user along with (usually) a PIN.</P> <P></P> <P>The user plugs the token into their machine, and they get asked for the PIN. &nbsp;This unlocks the certificate store, and it now shows up as a normal certificate store in windows.</P> <P></P> <P>Being a normal certificate store you can use the certificate for WiFi authentication, VPN authentication, Email encryption, etc.</P> <P></P> <P>You may be able to use other methods aside from a PIN. &nbsp;I have only seen it used with a PIN.</P> Wed, 09 Mar 2016 23:31:27 GMT Philip D'Ath 2016-03-09T23:31:27Z https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899990#M18996 <P>We've got a wireless network set up already and we're getting a Cisco ISE for this project. We're investigating deploying two factor authentication, with the two factors being: Domain Username/Password and a Certificate.&nbsp;</P> <P>&nbsp;</P> <P>Is the only way to do two factor authentication like this with EAP-Chaining?</P> <P>&nbsp;</P> <P>Will EAP-Chaining work on Android and Apple IOS devices?&nbsp;</P> <P>&nbsp;</P> Mon, 05 Jul 2021 11:44:55 GMT https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899990#M18996 Daniel Hood 2021-07-05T11:44:55Z https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899991#M18997 <P>Have you considered using a USB secure certificate token store instead? &nbsp;An example is something like this:</P> <P><A href="http://www.safenet-inc.com/data-protection/password-protection-applications/?aldn-true">http://www.safenet-inc.com/data-protection/password-protection-applications/?aldn-true</A></P> <P></P> <P>Basically you issue a certificate, and it is stored on the USB token. &nbsp;You give this to the user along with (usually) a PIN.</P> <P></P> <P>The user plugs the token into their machine, and they get asked for the PIN. &nbsp;This unlocks the certificate store, and it now shows up as a normal certificate store in windows.</P> <P></P> <P>Being a normal certificate store you can use the certificate for WiFi authentication, VPN authentication, Email encryption, etc.</P> <P></P> <P>You may be able to use other methods aside from a PIN. &nbsp;I have only seen it used with a PIN.</P> Wed, 09 Mar 2016 23:31:27 GMT https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899991#M18997 Philip D'Ath 2016-03-09T23:31:27Z https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899992#M18998 <P>Actually this is a better link.</P> <P><A href="http://www.safenet-inc.com/multi-factor-authentication/authenticators/pki-usb-authentication/">http://www.safenet-inc.com/multi-factor-authentication/authenticators/pki-usb-authentication/</A></P> Wed, 09 Mar 2016 23:32:14 GMT https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899992#M18998 Philip D'Ath 2016-03-09T23:32:14Z https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899993#M18999 <P>Refer the link : <A href="https://supportforums.cisco.com/discussion/12727161/how-can-i-perform-two-factor-authentication-nps-radius">https://supportforums.cisco.com/discussion/12727161/how-can-i-perform-two-factor-authentication-nps-radius</A></P> Thu, 10 Mar 2016 01:55:25 GMT https://community.cisco.com/t5/wireless/two-factor-authentication-on-wireless/m-p/2899993#M18999 mohanak 2016-03-10T01:55:25Z