AuthLite

AuthLite is a two-factor authentication (2FA) solution designed specifically for Windows Active Directory environments. The product integrates natively with Active Directory, extending it to understand and enforce two-factor authentication without requiring replacement of existing software or infrastructure. AuthLite supports hardware tokens such as YubiKeys and software-based OATH tokens compatible with applications like Google Authenticator. Its core approach involves embedding 2FA directly into the Active Directory authentication process, rather than layering it on top as a proxy or gateway. Key capabilities include protection of privileged Domain Administrator accounts by restricting group membership (including the Domain Admins SID) until a second factor is verified, mitigating Pass-the-Hash (PtH) attack vectors. AuthLite also supports two-factor authentication for Windows Remote Desktop Protocol (RDP) sessions without requiring changes to RDP client software or drivers. The solution includes offline and cached logon support, using the HMAC/SHA1 challenge-response feature of YubiKey tokens to maintain 2FA protection on mobile workstations even when disconnected from the network. Additionally, AuthLite integrates with Microsoft RADIUS and LDAP to add 2FA to VPN authentication workflows, working with existing VPN infrastructure. AuthLite is marketed toward Windows enterprise environments seeking an affordable multi-factor authentication solution. The company offers free evaluations and sells licenses directly through its website. AuthLite, LLC is a Yubico partner and aligns with the OATH open authentication standard.