Windows logon with YubiKey

Briefly: The popular YubiKey OTP authentication device now can be used in Rohos Logon Key and Rohos Disk as an access Key for Windows/Mac and security token for the personal encrypted disk.

Security advantages with YubiKey:

  • Secure authentication in Windows XP/Vista/2008/Seven
  • Two-factor authentication with PIN code.
  • Replaces weak password based login with a hardware key
  • Uses big password, without the need for remembering it
  • The system is password protected but you don’t need to enter it manually each time you log in or unlock Windows
  • Login with YubiKey is fully automatic and fast!
  • Cross-platform: Use a single YubiKey to log into Windows and Mac
  • Windows is protected even in Safe Mode
  • Login into Windows remote desktop
  • Secure access for personal encrypted partition

Windows logon with YubiKey

Allows to access Windows and Mac in a secure way by YubiKey replacing the regular password based  login. All that the user should do is to insert YubiKey into the USB port and press it.

Rohos Logon Key is the only program that fully works with any Windows, Mac OS X and supports Windows remote desktop authentication by using YubiKey.

Advantages of using YubiKey in Rohos Logon:

Full support of Windows XP, Vista and Windows Seven including: remote desktop access and automatic password renewal, works  also under Windows Active Directory.

Completely replaces password based login with Yubikey.

  • Emergency login – helps to log into Windows if YubiKey is broken or lost.
  • Protects computer even in Safe Mode
  • Possibility to use several YubiKey to log into one computer, and vice versa one YubiKey for several computers


Setting-up YubiKey in Rohos Logon Key:

  • First you have to install Rohos Logon Key
  • In the main window open “Options” and choose YubiKey as USB Key device type for Rohos Logon:

  • In this dialog choose YubiKey in USB Key device type list.
  • After you have chosen Yubikey, re-open this dialog box and click YubiKey options… link under ‘USB Key type’ list box, to set up OTP validation method. By default Rohos Logon does not validate OTP.

Go back to main Rohos Logon window and click “Set up USB Key”:


After you enter your current user password > Click OK and Rohos Logon will ask you to touch YubiKey. Now restart Windows into order to apply.

Please note by default PIN is not set and “PIN:” field should be blank.

For non-English users it’s important to know that during generating and typing YubiKey’s OTP the current system language is used. So make sure that during the Rohos Logon setup process and upon login the language that is used, e.g. Russian, German, Spanish, etc. remains the same. Otherwise the program displays the error: “The given USB key has not been configured for this computer”.

Yubikey security in Rohos:

Rohos Logon and Rohos Disk are able to work with any type of YubiKey - with Static or dynamic OTP mode.

  • During USB Key setup the program is bound to YubiKey IDs (first 12 chars).
  • OTP validation is supported.
  • Rohos Logon stores your Windows login (user name and password) in encrypted form in Windows registry
  • During accepting a string from YubiKey Rohos Logon allows only 4 sec to enter it, or it will deny it thinking that user enters it manually (Copy/Paste disabled also)
  • The program allows to set up 2 and more YubiKeys for login into the same PC
  • If you forget or lose YubiKey you can use Emergency Login

Windows Remote Desktop authentication

Rohos Logon supports YubiKey OTP security and offers a flexible hardware based authentication for both Windows local login and Remote Desktop:

  • Supports both OTP verifications methods: local - by encryption OTP ( AES key should be provided) and remote - by validating OTP on any Yubikey enabled web site (according to Yubico validation API).
  • Remote Desktop Logon.

 

Rohos Logon Key for YubiKey integration guide - Step-by-step guide on how to set up Windows remote desktop logon with YubiKey.


Yubikey + PIN code for two-factor authentication

Pin code allows to protect your Yubikey against unauthorized usage for Windows login. Please note:

  • This PIN code is not the same as on Yubico server.
  • PIN code applies only to a single PC where you setup yubikey for login.
  • User has only 3 attemtpts to enter valid PIN code. After that the Yubikey will be blocked for login. You can login manually or by using Emergency Login dialog.

To setup PIN code:

1. Open Rohos Logon Key > Setup USB key dialog

2. Click Change PIN code

3. Touch your yubikey in “Please enter your OTP” dialog


 

4. Enter your PIN code with confirmation

Next time you login with Yubikey you need to enter PIN code first:

To disable PIN code - Change PIN code to an empty one (”").

System requirements

In order to run Rohos Logon properly the requirements are the following:

  • Windows 2000/2003/XP/Vista/2008/Seven (x86, x64 editions)
    or Mac OS X 10.4 , 10.5
  • 2Mb free space on disk
  • Admin’s privileges to install the program
  • Yubikey 1.0 or 2.0 (with 44 chars OTP, where first 12 chars is Yubikey ID)

Knowledge Base

Videos:

+ Windows login with Yubikey
+ Windows Remote Desktop login with Yubikey
+ Rohos Disk Encryption + Yubikey

Library:

Rohos Logon Key for YubiKey integration guide - Step-by-step guide on how to set up Windows remote desktop logon with YubiKey.

Yubikey 2.0 Setup Dynamic configuration for Rohos Logon with static AES

Get your YubiKey now: