We are working towards to add new authentication experience for Windows login and now Rohos Logon Key v.3.8 allows to use any supported 2FA authentication device in combination with One Time Password authentication method (Google Authenticator). This will help to apply strong two-factor authentication with local or remote access. With this features we will start to introduce rule-based multi-factor authentication decision framework into Rohos Logon Key.
Whats new in new Rohos Logon Key v.3.8 in brief:
- Allows to combine 2FA methods: physical access Key with One Time Password codes;
- Redesigned “Setup authentication key” dialog box;
- Redesigned “Options” dialog box;
- One Time Password entry field on a logon screen;
- (In progress) Allows to combine any types of 2FA methods for Windows login; This option allow to introduce new 2FA method in parallel with already used one. For example you are using OTP 2FA technology now and you will be able to add new users with U2F authentication keys while keeping existing OTP users untouched.
Main window now allows to setup both login methods: by physical keys and One Time Password.
In Options you can review now what kind of MFA methods were used in past to configure authentication keys/cards/devices for Windows login:
The “Setup authentication key” dialog box now let you to select the type of authentication device you are going to setup. Rohos supports a variety of authentication media: regular USB flash drive, SD-memory cards, U2F keys, Yubikey, PKCS#11 security dongles like SafeNet iKey and popular RFID cards.
The future of authentication systems with MFA decision support possibilities
Nowadays when two-factor authentication is being recognized and integrated by Microsoft/Apple/Google/Facebook it is a necessary feature to allow systems to support a variety of MFA methods it parallel. This will allow services to migrate to a new MFA methods into a seamless way to ensure continuity for end-users access. Rohos Logon Key is one of first product that implements this approach.
Rohos seamlessly integrates into Windows Logon framework including Windows Hello authentication methods thus allowing user to choose and use appropriate authentication means or device for each use case: Local login, Password prompt (UAC dialog) or Remote Desktop access; Strong two-factor authentication device or password replacement key;
It demands to intorduce a decision framework that allows to control MFA by using a rules, authentication methods, access context and type of user account. For example depeding on a threat modelling and security risk in a certain access context it is possible to apply a ‘weak’ authentication method inside a security perimeter. This may reduce the role of human factor for standart user account login.
About Rohos Logon Key software
Rohos replaces password based Windows login with a security key or adds strong two-factor authentication policy. As a key you can use regular USB stick or Smartphone as well as authentication devices like U2F key, Yubikey, Google Authenticator one-time codes, SafeNet iKey tokens or RFID cards. With Rohos you can protect standalone computers and Active Directory workstations as well.