Why local authentication on thin client is a very bad idea
Our endpoints are dumb and we are proud of it
Whereas we are always ready to provide a tailor-made service to our customers and provide them the best possible service, when people ask us to implement local authentication on our endpoints, it’s always a strong no. Here is why.
Imagine someone saying: “There is no authentication on our systems at work!”. The first thing that would come to mind is: “Wow! How thoughtless is that”. Thoughtless, indeed, if the company is providing a traditional desktop to its employees, with all the applications and data on the machine.
However, if the enterprise has adopted virtualization along with thin client endpoints for its employees, it completely makes sense not to have a local authentication system.
Thin clients are called dumb terminals for a reason. Below are 3 reasons why local authentication on thin clients should be avoided.
1. Adding user information on a thin client defeats its actual purpose
Their particular job is to allow the users to connect to their virtual workspace. The authentication is already taken care of on the remote server. Adding local authentication on the thin client will lead to the presence of the user’s profile locally on the device. For maintaining the local authentication session, the user’s data will also be required to be stored on the device: precisely what you want to avoid with thin client, VDI or data virtualization.
Local authentication on a thin client
2. Extra work for the IT team
Secondly, the user has to authenticate twice, once locally on the endpoint and a second time on the virtual workspace. As a result, the user has to remember two credentials for getting into his workspace. And, in the majority of the cases, users tend to use the same password. As a result, it can also lead to his workspace account being compromised. The IT team must enforce different and robust password policies to tackle this, increasing their work load. One of the ways to tackle this is to have SSO between the thin client and VDI. However, it also means that thin client OS should have SSO apps installed, making the OS heavier and adding one more component for the IT team to maintain.
3. A serious security breach
Lastly, the local credentials provided by the user would be validated against an authentication service such as a backend connected to a user database, active directory, LDAP, etc. This process will leave traces of the authentication service locally on the device. In the event that, the endpoint is compromised, it can have severe security repercussions. Along with this, if the user cannot access the workspace, the support team has to troubleshoot at two different places, locally and VDI, to pinpoint the issue. This increases the amount of work and the time required to get things back up and running.
Local authentication might seem like an extra layer of security, but having it on a thin client endpoint defeats the actual purpose of adopting virtualization and deploying thin clients for a better, secure, and unified user experience.
To sum it up, having a local authentication system on a thin client is a bad idea because:
- User’s personal data (profile) will be stored locally on the device: potential security breach
- The user has to remember multiple credentials, and if he uses the same credentials, it can be a security issue
- The endpoint device will have traces of the authentication system, which people with corrupt intent can easily exploit
- It will increase the workload for the support team for the wrong reasons
For all of these reasons, ZeeTim has created ZeeTerm, a new gen completely secure and lightweight thin client endpoint, precisely tuned for virtual workspaces, with full management console. With ZeeTim, the endpoint is secure by design, having a read only OS, minimal and completely segregated app packages for unrivaled security.
Get in touch with us right away to know how we can help you deliver a more secure experience to your users. You can also test our ultra-secure operating system on the PC of your choice within 15 minutes, by downloading ZeeTransformer here (no forms to fill!).
- How can you use Citrix UPD to solve your remote printing challenges? 19 April 2022
- What is the best licensing model for your cloud endpoints (thin clients)? 31 March 2022
- Webinar ZeeTim/CUGC – 24th March 2022 – Transform, secure & remotely manage thousands of Endpoints for Citrix Workspace 18 March 2022
- ZeeOS now supports the latest Citrix client 2202 22 February 2022
- FAQs about Thin Clients 22 February 2022