As corporations move to two factor authentication, a critical set of users has classically been ignored: the administrators. Administrators are the most privileged users because they are usually in charge of installing, supporting, and maintaining the corporate server and other computer systems. As a result, administrator accounts should be the most protected.
Historically, limitations on server hardware and operating systems prevented many two factor solutions from being deployed to administrators. The missing element has been the lack of support for more than one login certificate by the Microsoft operating system, which means administrators need an additional card for each account. This can become problematic in corporations following the best practice of using a separate account for administrative tasks. For example, an administrator would need a separate card for his normal user account, his database administrator account, his network administrator account, his administrator account on server1, and his administrator account on server2. Providing 5 or more cards to each administrator represents a significant investment and becomes very cumbersome for administrators.
Starting with Windows Vista, Microsoft supports multiple logon certificates and containers on the same smart card. During interactive logons, tiles are generated for each logon certificate on the smart card, allowing the user to choose which account to use. The number of certificates and containers depends on the space available on the smart card. This enhancement allows administrators to use a single card containing logon certificates for all their accounts. Furthermore, some smart card management solutions are also supporting multiple logon certificates on a single card. These enhancements will go a long way for supporting the security of the most privileged user.
View All 
