Loyal readers of this blog know I’m a huge proponent of strong, two-factor authentication solutions to prevent all the vulnerabilities in password authentication. Two factor is based on having two of the three factors:

- something you know (a password)
- something you have (a token or smartcard)
- something you are (a fingerprint)

At Distributech I came across Xyloc from Ensure Technologies which combines an active RFID card, something you have, with a password, something you know. As you walk up to a computer, the RFID reader will pick up the RFID card and request the password. After entering the password you are logged in. If you leave the area, the computer will lock. If you walk back in the area before the configurable idle timeout, the computer will unlock. Very simple to use.

The product can be added to Active Directory with a schema extension and costs $59 for the card and $120 for the reader.

If you are one of the many organizations that use passive RFID cards, the ones you have to hold close to the reader, to access the control center, you will need to carry two cards. Also, we have some concerns on how this would work in a control center where you have multiple PC’s and multiple operators in close proximity. While we still lean towards a smart card solution as our preferred two-factor option, this is the best proximity two-factor solution we have seen.