Rohos Logon Key v.3.1 security features

Rohos Logon Key v3.1 introduces a number of significant changes. Now it allows to apply 2-factor authentication policy based on user list or user group membership in Active Directory. This will allow to test and implement 2-factor authentication step by step.

New features:

  • Improved  “Allows to login only by USB Key” option
  • New option “Check Key serial” that control the list of keys accepted for login.
  • Customizable text notices for a user: Rohos Logon installation notice, Rohos Logon main window notice, setup key notice and logon screen notice text.
  • Users and Keys dialog box to view and manage configured users and keys.
  • License policy changes:
    – Rohos Logon Key server license for Terminal Server was introduced.
    – License policy is per PC now.
    – RFID token license type is removed now.
  • “Rohos Logon Key Server” product was renamed into “Rohos Key Management Tools”.
  • Rohos Key Management Tools is now freeware.

Allows to login only by USB Key

Now  “Allows to login only by USB Key” option allows to set how Rohos Logon Key will apply 2-factor authentication policy. This option replaces the old “Allow login only by USB Key” option. It may be applied for Local and Remote Desktop login or only for Remote Desktop login.

The possible choices are:

  • None
    All users will be able to login by manual password entry as well as by using USB Key.
  • For any user
    This is the same as previous option “Allow login only by USB Key”. All users will be required to use USB Key in order to login or unlock Windows.
  • For a listed users
    Only users from a list will be required to use USB Key for login. Any other user will be able to login by a password. The list is created automatically when a USB Key is created for a user. Please look at Users and Keys dialog box chapter.
  • For ‘rohos’ user group in Active Directory
    Each user from ‘rohos’ group will be forced to use USB Key authentication. Rohos will check user for a ‘rohos’ group membership and will allow to login by password if user does not belong to a ‘rohos’ group.
    Please note: ‘rohos’ user group should be created by AD Administrator.
  • For Remote desktop login
    Local users can login with and without USB key. Remote login will be possible only with USB key.
  • For Remote desktop login outside LAN
    Remote desktop login inside LAN will be possible
    with and without USB key. Only users, who came through the dial-up, DSL connection, and from other networks, will be ought to use USB keys.

Users and Keys dialog box

Now Rohos Logon Key maintains it’s own list of users who have a Key for Windows authentication. And a list of registered Keys. Click ‘Users and keys’ link from the main window:

Users and keys dialog allows to :

  • Review the list of users who has registered to login with an electronic Key.
  • Review the list of registered keys (the list of serial numbers).
  • Display the serial number of currently connected key and finds it within a list.
  • Delete user name from the list. Thus allows user to login by regular password if 2-factor authentication control is set to ‘Required for a listed users’
  • Delete key from the list – thus prevent the key from being used to login into local PC.
  • Temporary block the user to prevent him from logging to this computer with a Key.
  • Export and import the list of users and keys from and to another computer.

Advanced options updates

Click on More button in Options dialog box. It helps you to configure some important options.

  • Check USB Key serial – if enabled, Rohos will accept only USB keys that is listed in Users and keys list. It is OFF by default . And turned ON automatically when 1st key configuration is made.
  • Protect Safe mode boot with USB key also – In save mode is possible to log in with USB key, and impossible to login whithout a key, if for your user account is installed this condition.
  • Logon Notice – a text that will be displayed on the Windows logon screen next to the rohos icon. You may customize the instructions for users on how to login with a key.

Displaying Custom notice to a user

Rohos Logon Key v.3.1 allows to  provide a custom notices to a user installing and using the rohos logon key.

The file setup-info.txt contains customized text notices. If you place this file to the same folder with Rohos Logon Key setup file (rohos_welcome.exe) it will be used by setup script.

How to correctly uninstall Rohos Logon Key.

Before you uninstall Rohos Logon Key application, open its settings, select None from the list Allow to login only by USB key. Save settings and close the application. After that you can use the standard uninstall procedure.

If you forgot to do this, the ordinary logon will not work. Start your computer in Save mode or launch it from Live CD. Modify the registry:

In the folder

HKEY_LOCAL_MACHINE, ‘SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

create key {6f45dc1e-5384-457a-bc13-2cd81b0d28ed}

default value = ‘Password Provider’

Then restart the computer.

Registered users may upgrade now for free or try 15-day trial.

Learn more about Rohos Logon Key.