Why local authentication on thin client is a very bad idea
Our endpoints are dumb and we are proud of it
Whereas we are always ready to provide a tailor-made service to our customers and provide them the best possible service, when people ask us to implement local authentication on our endpoints, it’s always a strong no. Here is why.
Imagine someone saying: “There is no authentication on our systems at work!”. The first thing that would come to mind is: “Wow! How thoughtless is that”. Thoughtless, indeed, if the company is providing a traditional desktop to its employees, with all the applications and data on the machine.
However, if the enterprise has adopted virtualization along with thin client endpoints for its employees, it completely makes sense not to have a local authentication system.
Thin clients are called dumb terminals for a reason. Below are 3 reasons why local authentication on thin clients should be avoided.
1. Adding user information on a thin client defeats its actual purpose
Their particular job is to allow the users to connect to their virtual workspace. The authentication is already taken care of on the remote server. Adding local authentication on the thin client will lead to the presence of the user’s profile locally on the device. For maintaining the local authentication session, the user’s data will also be required to be stored on the device: precisely what you want to avoid with thin client, VDI or data virtualization.
Local authentication on a thin client
2. Extra work for the IT team
Secondly, the user has to authenticate twice, once locally on the endpoint and a second time on the virtual workspace. As a result, the user has to remember two credentials for getting into his workspace. And, in the majority of the cases, users tend to use the same password. As a result, it can also lead to his workspace account being compromised. The IT team must enforce different and robust password policies to tackle this, increasing their work load. One of the ways to tackle this is to have SSO between the thin client and VDI. However, it also means that thin client OS should have SSO apps installed, making the OS heavier and adding one more component for the IT team to maintain.
3. A serious security breach
Lastly, the local credentials provided by the user would be validated against an authentication service such as a backend connected to a user database, active directory, LDAP, etc. This process will leave traces of the authentication service locally on the device. In the event that, the endpoint is compromised, it can have severe security repercussions. Along with this, if the user cannot access the workspace, the support team has to troubleshoot at two different places, locally and VDI, to pinpoint the issue. This increases the amount of work and the time required to get things back up and running.
Local authentication might seem like an extra layer of security, but having it on a thin client endpoint defeats the actual purpose of adopting virtualization and deploying thin clients for a better, secure, and unified user experience.
To sum it up, having a local authentication system on a thin client is a bad idea because:
- User’s personal data (profile) will be stored locally on the device: potential security breach
- The user has to remember multiple credentials, and if he uses the same credentials, it can be a security issue
- The endpoint device will have traces of the authentication system, which people with corrupt intent can easily exploit
- It will increase the workload for the support team for the wrong reasons
For all of these reasons, ZeeTim has created ZeeTerm, a new gen completely secure and lightweight thin client endpoint, precisely tuned for virtual workspaces, with full management console. With ZeeTim, the endpoint is secure by design, having a read only OS, minimal and completely segregated app packages for unrivaled security.
Get in touch with us right away to know how we can help you deliver a more secure experience to your users. You can also test our ultra-secure operating system on the PC of your choice within 15 minutes, by downloading ZeeTransformer here.
- Introducing ZeeScan, a scanning solution for VDI / DaaS 23 May 2023
- Perform troubleshooting on your Thin Clients from a centralized remote management console 11 May 2023
- The impact of cloud endpoint / Thin Client on the environment – Earth Day 2023 20 April 2023
- Learn how ZeeTim enhances the Nutanix Frame experience 18 April 2023
- Streamlining the Education Industry: How Thin and Zero Clients Simplify User Experience and Admin Workload 1 March 2023