Rohos Logon Key converts any USB flash drive into a security key for your computer and allows logging in Windows securely by USB key, replacing the password based Windows login.

Why to use USB flash drive for Windows login?

  • You don’t need to remember and type your Windows password (but your system is still password protected.)
  • You can use Long secure passwords that comply with the “security-enhancing” principles.
  • Enjoy fast and automatic login into Windows. Users can be automatically logged into Windows as they insert the USB flash drive into the USB port.
  • Automatic Windows lock-out when user unplugs USB drive from computer.
  • Two-factor authentication with PIN code + USB key – to stop anyone else logging in with it.
    • PIN code is defined by the user to protect USB Key from unauthorized usage for Windows login.
    • PIN code can be short like “576” because,
    • The number of attempts to enter a PIN is limited to 3.
    • Also PIN code allows you to avoid re-inserting USB-stick in “sign-in – lock-unlock” use cases. Just press Win+L to lock the desktop, then click on USB icon on the login-screen to unlock Windows by USB Key – enter PIN and you are in.
  • Remote Desktop login with USB Key, require a credential dialog.
  • Windows Safe Mode boot protection.
    By default, Rohos Logon Key works even in safe mode.
  • A few USB drives can be configured for each user account on a computer.
  • One USB drive can be used to log in Windows and Mac.

How a user logs into Windows with USB drive:

Rohos Logon Key adds USB key login icon to the Windows Vista\Seven logon screen.

1. The user plugs in his USB flash drive to the computer (prompted for a PIN code if it has been set If an invalid PIN is entered more than 3 times, the USB drive is blocked, thus the USB Key login is not further possible.)

2. Immediately he is logged into Windows and has access to his Windows user account without having to type in username or password.

3. Whenever the users temporarily leaves the computer, they can temporarily lock the computer by simply disconnecting the USB flash drive. Also, Rohos Logon Key can be configured to log off or activate screensaver upon unplugging USB Key.

Rohos Logon Key is a user authentication software that is specifically designed to strengthen the security of the Windows Seven logon process and keep intruders out.
Rohos Logon Key protects your personal information and data with a Two-Factor Authentication technology by using USB flash drives and PIN code.
You may also use a Rohos encryption solution that encrypts applications/folders inside your user account by using a virtual encrypted disk.

Setup two-factor authentication with USB Key

Open Rohos Logon Key and click Setup USB Key link. In the following dialog box select the desired USB drive, user(if necessary) and write your password.

In this window you can also assign a PIN-code for this USB key.

If you don’t write the password, the user should write it each time along with USB key using. Now you can disable log in without USB key, but before this we recommend you to set up the Emergency logon.

Note: If you use a Microsoft account with a PIN code on your Windows computer, you can not use this PIN code to setup a key! You have to insert the password of your Microsoft account!

Emergency Logon

The program has an Emergency Logon feature that helps you to log into Windows in case you lost USB key or forgot PIN code. Click Options, Setup emergency logon:

Select questions and write the answers to login Windows in case if your USB key is stolen or broken.

Disabling manually password entry

Rohos Logon Key has a special feature that hides all user icons from the logon screen and allows using only USB Key based login.

Click Options and select who are forced to use USB key to log in Windows:

The possible choices are:

  • None
    All users will be able to login by manual password entry as well as by using USB Key.
  • For any user
    This is the same as previous option “Allow login only by USB Key”. All users will be required to use USB Key in order to login or unlock Windows.
  • For listed users
    Only users from a list will be required to use USB Key for login. Any other user will be able to login by a password. The list is created automatically when a USB Key is created for a user. Please look at Users and Keys dialog box chapter.
  • For ‘rohos’ user group in Active Directory
    Each user from ‘rohos’ group will be forced to use USB Key authentication. Rohos will check the user for a ‘rohos’ group membership and will allow logging in by password if the user does not belong to a ‘rohos’ group.
    Please note: ‘rohos’ user group should be created by AD Administrator.
  • For Remote desktop login
    Local users can log in with and without USB key. Remote login will be possible only with USB key.
  • For Remote desktop login outside LAN
    Remote desktop login inside LAN will be possible with and without USB key. Only users, who came through the dial-up, DSL connection, and from other networks, will be ought to use USB keys.

Setup USB key removal behavior

Select an action, that occur, when you unplug USB key:

Customized USB Key login

The Rohos icon image on the logon screen can be changed or hidden at all. Open Options, More:

Advanced options:

  • Check USB Key serial – if enabled, Rohos will accept only USB keys that is listed in Users and keys list. It is OFF by default . And turned ON automatically when 1st key configuration is made.
  • Protect Safe mode boot with USB key alsoIn save mode is possible to log in with USB key, and impossible to login without a key, if for your user account is installed this condition.
  • Logon Notice – a text that will be displayed on the Windows logon screen next to the Rohos icon. You may customize the instructions for users on how to login with a key.

Users and Keys dialog box

Now Rohos Logon Key maintains its own list of users who have a Key for Windows authentication. And a list of registered Keys. Click ‘Users and keys’ link from the main window:

Users and keys dialog allows to :

  • Review the list of users who has registered to log in with an electronic Key.
  • Review the list of registered keys (the list of serial numbers).
  • Display the serial number of the currently connected key and finds it within a list.
  • Delete username from the list. Thus allows a user to login by regular password if 2-factor authentication control is set to ‘Required for a listed users’
  • Delete the key from the list – thus prevent the key from being used to log in into a local PC.
  • Temporary block the user to prevent him from logging to this computer with a key (for USB flash drives only).
  • Export and import the list of users and keys from and to another computer.

How to use another USB devices and technologies with Rohos Logon Key?

Rohos logon key application allows you to use big number or USB devises and technologies for Windows authentication. Open options and select the type of USB key:

How to correctly uninstall Rohos Logon Key.

Before you uninstall Rohos Logon Key application, open its settings, select None from the list Allow to log in only by USB key. Save settings and close the application. After that you can use the standard uninstall procedure.

If you forgot to do this, the ordinary logon will not work. Start your computer in Save mode or launch it from Live CD. Modify the registry:

In the folder

HKEY_LOCAL_MACHINE, ‘SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

create key {6f45dc1e-5384-457a-bc13-2cd81b0d28ed}

default value = ‘Password Provider’

Then restart the computer.