Now you can use popular U2F FIDO security keys for Windows logon. Both multi-factor and single-factor authentication use cases are supported as well. It means you can use your U2F key as a password replacement or you can setup true multi-factor authentication to unlock your dektop: U2F Key + your Windows password.
We have tried out Terminal Services Plus (TSPlus) solution for Remote Desktop access for Windows 7/8/10 with Rohos Logon Key installed. Both TSPlus web based access and MS Remote Desktop Connection application uses target Windows authentication system. This is the point where Rohos Logon Key applies 2-factor authentication control. The following screenshot demonstates 2FA requirement upon successfullt password based remote access with TSPlus web :
Learn more about Rohos Logon Key benefits with TSPlus remote desktop solution.
Rohos Logon Key v3.5 announce now support of RFIDeas pcProx reader and KCY-125 RFID reader. This allows to implement multi-factor authentication by using a variety of RFID cards, tags, bracelets and employee ID badges of Emarine, Indala, HIDProx and other standards in Active Directory and standalone Windows workstations as well. Rohos Logon Key replaces weak password based login with a physical key and PIN code or physical key and Windows password. This improves organization security controls and brings regulatory compliance such as HIPAA, HITECH, PCI DSS, FFIEC and others.
Rohos Management Tools provides a secure way to setup multiple users or authentication devices. Now it is easy to setup a list users with Google Authenticator 2FA. It is also possible to automatically send an email message to each user that includes Google Authentication setup instructions. The most secure way is to use corporate email.
New ways to register multiple user or 2FA tokens: by using CSV file or PowerShell script.
Rohos Logon Key allows to protect Windows Terminal Server by using 2-factor authentication with One-Time-Passwords. Using Google authenticator as OTP generator requires to deliver and store OTP secret key on the mobile device of end-user in mobile email, SMS or Google Authenticator application.
In order to improve security you can setup your Windows Server to generate and deliver One-Time-Password to the end-user by using SMS messages or Email which is also reliable and free. With this feature there is no need to send OTP secret key and setup Google Authenticator on mobile device of end user.
Updated: 15 March 2018
Dear users and customers, we are glad to announce first release for a major update of Rohos Logon Key for Windows. Now Rohos Logon Key automatically detects Active Directory environment and uses Active Directory storage to keep domain-wide settings and list of authentication keys and devices. We have completely refactored Rohos Remote Config utility and Key manager. Applying multi-factor authentication in Active Directory has never been so easier!
We are happy to announce Rohos Logon Key v.3.3 with many improvements and one nice feature.
In Version 3.3:
Rohos Logon Key v 3.1 allows you to implement a two-factor authentication policy, based on a user list or user groups in Active Directory. This allows you to verify two-factor authentication and apply it step by step. New features:
- Improved option Allow login only using a USB key
- Added function Check Key Serial Number. It restricts the keys allowed for login.
- Configurable messages for users have been added: in the login window, in the Rohos Logon Key main program window, and in the key settings window.
- Added Users and Keys dialog box for viewing and managing the list of created keys and users.
- Changed licensing policy: a Server License for Windows terminal service has been added. Now the license covers the computer. The RFID token license has been withdrawn.
- The Rohos Management Tools program suite is now provided free of charge.
We would like to turn your attention to one more device designed for secure user authentication on Windows and compatible with Rohos Logon Key. This is the RFID tag from the Swiss company Addimat.
It was originally designed for identifying wait staff in pizzerias, restaurants, and cafés. It consists of an RFID reader with a round magnetic opening and a set of matching cylindrical keys. Each key has a rugged and waterproof body. Woven into the body of the key is an individual 48-byte serial number and a PIN code, which in some models can be reprogrammed.
Authenticating for Windows and accessing a secret disk with a ruToken key.
In short: now the popular ruToken identification device can be used in Rohos Logon Key and Rohos Disk as the one key needed to log in to Windows and your protected data. Rohos Logon Key works fully on Windows Vista/7 and also supports authorization for remote desktops using a ruToken. User authentication and identification with USB keys.
- Windows login with U2F FIDO security key 24th March 2018
- Two-factor authentication by OTP for TSPlus remote desktop access 13th February 2018
- macOS High Sierra support in Rohos Logon Key 9th February 2018
- An Overview of U2F security keys’ capabilities: Principle of Operation and Details of the Protocol 5th February 2018
- U2F and Google Authenticator support for Windows Active Directory 2-factor authentication 4th February 2018