A good solution with one fatal flaw.
Updated August 06, 2024

A good solution with one fatal flaw.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review

Modules Used

  • WatchGuard AuthPoint

Overall Satisfaction with WatchGuard AuthPoint

We use Authpoint at various sites for adding MFA to applications like remote desktop, PC Login, and Email access. It does a good enough job, and users are generally able to self-enroll and use it without much issue. The one fatal flaw is that it does not support standard OTP generation, so we are unable to add it to our third-party password/login management solution. That means for all the techs that support the site, there is one shared login on one phone. If that person is unavailable, we are unable to access the site. For the majority of cases, that will be an acceptable compromise and the positives of the product are considerable.

Pros

  • Ease of use.
  • Lots of options for application support.
  • Integrates well with other Watchguard products.
  • High Quality Support

Cons

  • Lack of OTP support.
  • Flexibility for non-standard AD integration.
  • Better documentation for third-party VPN integration.
  • It has increased security and lowered our Cyber Insurance premiums.
  • It has offset that by requiring licensing for each member of our tech team.
  • It has very little maintenance costs.
TIS has enhanced ours and ours user's security by making the concept of easy to remember passwords obsolete. Gone are the days of adding a 1 to the end of the password when forced to reset. Will all passwords randomized, complex, and hidden, the instances of the password on a post-it has dropped to zero.

TCO

10
Aside from the ease of management, the biggest savings has been in the consolidated support. No longer dealing with separate vendors has made support easier and more likely to be resolved on initial contact. Also the licensing costs are less than our secondary choice for MFA combined with a different password management system.
We use TIS's password manager to ensure that all users are complying with password policies regarding complexity and reuse. The reuse of passwords had been an issue in the past where employees were using the same password for almost all personal and professional accounts. We aren't yet taking full advantage of the darkweb features.
In the aforementioned issue regarding password reuse, we had a former user have their personal email password compromised but because they reused said password it allowed them into some work systems and caused some major downtime due to ransomware. TIS will prevent that going forward.
We worked with Vision33 Canada. They were great to deal with.
We have not transitioned our firewalls to the cloud-managed console, so we are currently not using the single pane of glass interface. That is something that we do intend to make use of.
The watchguard products are becoming easier to manage on a single control panel. We are in the planning stages of moving all of our firewalls into clound management.
I would slot Authpoint (as a product) as better than ESET but not Duo. ESET has the same limitations as Watchguard in the OTP support. It also is an on-prem installed console rather than a cloud, which increases cost and maintenance requirements. The duo now supports standard OTP for admin accounts, so it can be managed by a team. Duo support however leaves a lot to be desired and gives Watchguard the edge.

Do you think WatchGuard AuthPoint delivers good value for the price?

Yes

Are you happy with WatchGuard AuthPoint's feature set?

Yes

Did WatchGuard AuthPoint live up to sales and marketing promises?

Yes

Did implementation of WatchGuard AuthPoint go as expected?

Yes

Would you buy WatchGuard AuthPoint again?

Yes

Authpoint is great for a situation where each individual has their own login but for an outsourced IT department with an MSP, either each technician would need their own account (which raises licensing costs for the client) or the primary tech with the app will always need to be available for other members of their team to login.

Comments

  • Nicolas Chaves | TrustRadius Reviewer
    Dear user, we are sorry that you see this capability as a disadvantage because it is actually a security feature that we use as a differentiator. Because when the user activates the AuthPoint mobile token, it is tied to the user's mobile phone and is individual and cannot be activated elsewhere, copied or cloned. This way we ensure that the user is the only person who has access to the token, not only for OTP generation but also for receiving the Push notification and generating the QR code for authentication. Even using a shared credential to access some kind of resource, multiple tokens can be assigned to the same user. Say, it's a user called "admin", and each real person who logs in with the "admin" user can use their own token on their cell phones. This is what some of our partners do for this same scenario. In short, using a standard OTP can bring more security risks, as the standard OTP can be copied by anyone who has the activation code or token seed.

More Reviews of WatchGuard AuthPoint