IA-2 Identification and Authentication (organizational users)
« The information system uniquely identifies and authenticates organizational users
(or processes acting on behalf of organizational users). »
AC-9 Previous Logon (Access) Notification
« The information system must notify the user, upon successful logon (access) to the system, of the date and time of the last logon (access), the number of unsuccessful logon (access) attempts since the last successful logon (access) and the location of the last logon. »
UserLock displays a welcome message to users at every logon, which includes information about previous connection events involving their credentials. Your IT team can also personalize this message to include:
- Date and time of the last successful logon
- Number of logons denied by UserLock and by Windows since the last successful logon
- History of all logons denied by UserLock and Windows since the last successful logon including date, time, location and reason
In addition, UserLock extends security further by warning users in real time of all connection events (successful or not) involving their credentials. When their own credentials are used somewhere else on the network, users receive a pop-up notification. This alert enables users themselves to assess the situation and inform their IT department who can react immediately to any fraudulent use of compromised credentials.
AC-10 Concurrent Session Control
« The information system must limit and enforce the number
of concurrent sessions for each account. »
There is no way in Windows native functionality to limit a given user account from logging on at one computer or device at a time, which remains a serious security flaw and significantly increases network vulnerability.
With UserLock organizations can prevent or limit concurrent logins to a Microsoft Windows Server-based network, per user or user group and per session type (workstation, terminal, interactive, Wi-Fi/VPN or IIS). IT administrators can set granular limitations and can vary from one user to another or one group to another.