In Google Chrome and Internet Explorer with Integrated Windows Authentication, enabled users are automatically signed in to Secret Server when they visit the site using their Active Directory credentials. This feature reduces the number of passwords that a user has to type, and the possibility of a forgotten password. This also allows domain administrators to specify a password policy that Secret Server will adhere to, such as password strength and password history.
Two-Factor Authentication in Secret Server forces users to enter another form of authentication on login, such as a pin or token. Secret Server comes with its own built-in email two-factor authentication, and supports the existing infrastructure to make use of RADIUS two-factor systems. This adds another layer of security to user accounts, however, it increases the number of steps required to access Secret Server. Using two-factor authentication helps prevent a scenario where a user might walk away from a workstation while logged in and an attacker could walk up to it and login to Secret Server.