Protectimus DSPA
Protectimus DSPA (Dynamic Strong Password Authentication) is the first database security solution that provides two-factor authentication for account protection directly in Active Directory and other user directories (LDAP, databases).
Scheduled password changes
On-premise platform
Hassle-free administration
What problems does Protectimus DSPA solve?
1. Existing MFA solutions protect only part of the Infrastructure
2. Administrators need to install and support 2FA plugins on multiple platforms
How does it work?
Protectimus integrates directly with Microsoft Active Directory (or any other user directory) to add a six-digit password onto users’ static passwords. The six digits are a one-time password generated using the TOTP algorithm, so they constantly change. Active Directory users’ and computers’ passwords now look like this: P@ssw0rd!459812, where P@ssw0rd! is the fixed part, and 459812 is a one-time password.
The administrator sets the one-time password change interval, which can be 30 seconds or longer. The interval must be a multiple of 30 seconds. The Active Directory change password frequency can be set individually for each user. It is also possible to choose which groups of users are required to use Protectimus Dynamic Strong Password Authentication (DSPA) and which are not. The Protectimus DSPA component regularly changes users’ passwords on the schedule set by the administrator. In this process, only the six final digits are changed.
Thus, Active Directory user authentication looks like this: users can gain access to their accounts by entering their fixed passwords and the one-time code all in one go. To generate OTPs, users can use the in-app one-time password generator Protectimus SMART; a chatbot on Telegram, Viber, or Facebook; or special hardware tokens for Protectimus DSPA.
OTP tokens to choose from
The Protectimus DSPA component for database protection allows administrators to specify any password change interval in multiples of 30Â seconds. The same functionality is available with the Protectimus Smart OTP and Protectimus Bot tokens, as well as certain hardware tokens
Protectimus Smart app
Hardware tokens
Messaging chatbots
On-premise platform or Private cloud
Before implementing the Protectimus Dynamic Strong Password Authentication component, the client will need to install the Protectimus two-factor authentication platform on their premises or in the client's private cloud
On-premise Platform
Private Cloud
How to set up two-factor authentication 
in Active Directory
Install the platform and the DSPA component
Create a user
Create a resource
Assign a user to a resource
In the Resources tab, click Assign, then User. Only LDAP users can be assigned to an LDAP resource