By default, users log in to DirectAccess client machines using only their username and password. To improve the overall security of the solution and to provide a higher level of assurance for remote users, two-factor authentication can be enabled.
DirectAccess supports multifactor user authentication using either smart cards (physical or virtual) or RADIUS-based one-time password (OTP) solutions . Each has its own unique advantages and disadvantages.
Smart cards are an effective way of providing a high level of assurance ...