Two-factor authentication (2FA) enhances security by requiring two separate methods of verification to confirm your identity. These typically include:
1. Something you know (e.g., a username and password).
2. Something you have (e.g., a smartphone app to approve requests).
2FA safeguards against phishing, social engineering, and brute-force attacks, and protects accounts from unauthorized access, even if credentials are compromised.
Duo, a third-party solution by Cisco, integrates with Microsoft Windows systems to enable 2FA for Remote Desktop and local logins. Note: We are not affiliated with Duo; this guide is for informational purposes.
How to Set Up Duo for Your VPS
1. Sign Up for Duo
• Visit Duo’s website and create an account.
• Set up 2FA for your mobile device (recommended).
• Free for up to 10 accounts (no payment method required for free use).
2. Add Microsoft RDP to Duo
• Log in to Duo’s dashboard and click Protect an Application.
• Search for RDP and select Microsoft RDP.
• Click Protect this Application to obtain your integration key, secret key, and API hostname.
Treat the secret key like a password for security.
3. Install Duo on Your VPS
• Download Duo Authentication for Windows Logon:
• Run the installer with administrative privileges.
• During installation:
• Enter your API hostname, integration key, and secret key.
• Ensure your VPS can communicate with Duo’s service over HTTPS (port 443).
• Complete the installation and enable the following options for optimal performance:
• Only prompt for Duo authentication when logging in via RDP.
4. Add Your VPS User to Duo
• In Duo’s admin panel, go to Users and click Add User.
• Add the username for your VPS (must match exactly).
5. Enroll Devices
• Send an enrollment email to your user from Duo’s interface.
• Follow the email instructions to register devices.
6. Test Your Setup
• Attempt to log in to your VPS as a Duo-enrolled user.
• Confirm Duo authentication options appear:
• Duo Push: Approve via a smartphone app.
• Call Me: Authenticate via phone call.
• Passcode: Use a passcode generated by the app, SMS, or token.
Recommendations:
• Ensure devices and users are enrolled before logging out.
• Keep a backup method (e.g., passcodes) to prevent lockouts.
By enabling Duo, you add a robust layer of security to your VPS, protecting sensitive data and ensuring only authorized users gain access.
🤝 Need Assistance?
If any part of the setup feels unclear, the QuantVPS team is happy to help. If you’d like us to verify your environment from our side, feel free to open a support ticket and get connected with the team: https://www.quantvps.com/