DigitalPersona's Windows 2FA is Golden
February 07, 2021

DigitalPersona's Windows 2FA is Golden

Ken Grimes | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with HID DigitalPersona (formerly Crossmatch)

We use it in our Police Department. We had to have a way for users to use two-factor authentication at the Windows login prompt in order to solve CJIS requirements.
  • I integrates into Windows at the login screen, unlike most other products.
  • Easy to administrate biometrics, SMS, Authenticator apps for smartphones, etc.
  • Gives avenues for Service Desk personnel to help users login if needed.
  • Difficult to log in with a local administrator account. We have to boot into Safe Mode and disable DigitalPersona.
  • DP has not ever worked with Dell integrated fingerprint readers.
Before we had the fingerprint readers, we could use SmartCards. Then when we went to fingerprint readers, DP already worked with that. Then when the whole department got cell phones, we went to an authenticator app and again DP already had it so no provider change was necessary. It has grown with us as our needs change.
That was a must-have from the beginning, as our small IT staff did not need another application to separately administrate. As we enable or disable a user in Active Directory, they are immediately set the same way in DigitalPersona. Easy administration equals staff augmentation for our team.
All CJIS applications in our Police Department are protected and that helps us with compliance. As the officers would not be able to login to interface with their computers at the Operating System level, all applications on their mobile patrol computers are protected. Some are local web, some are cloud-based, and some was even legacy mainframe... without authenticating through DP, none were available.
We have not yet tried to put it to work with Azure AD. We may have some need of that in the future.
  • I believe this product gave us a return on investment in the first year, and we have used it for 8 years!
  • It was bundled with other software tokens at the time, and the price was unbeatable.
We have used One Identity for software tokens. The Defender software tokens were originally included with our bundle and work pretty well for integration into the AnyConnect VPN client with Cisco. All that said, we use the two products for different applications and DP does what it does very well.
I looked at a few different products at that time, and DP handled the Windows login screen the best overall. Plus the price was excellent for all that was included (Biometrics, proximity cards, Authenticator apps, etc).