MFA for Remote Desktop access with U2F FIDO security keys in Rohos Logon Key v.4.7

Rohos Logon Key v.4.7 now has multiple improvements, allows using U2F FIDO security keys as a second authentication factor for Remote Desktop access. This makes Rohos absolutely unique solution that allows using U2F keys for Remote Desktop 2FA login as well as console-based login.
We also added an experimental feature to Rohos Logon to work as a password filler for the LastPass browser extension (experimental).

During pandemic remote access became very popular and sometimes mandatory due to restrictions. Rohos Logon Key allows protecting remote access with convenient two-factor authentication. Rohos may easily work over a classic Microsoft RDP as well as other popular solutions like TeamViewer, AnyDesk, VNC, UltraVNC, MagicConnet , Proxy Networks, LogMeIn, pcAnywhere etc. Currently Rohos Logon Key is the only solution that allows to protect Terminal Server remote access with U2F security keys which is being considered as the strongest authentication factor today.

What’s new in Rohos Logon Key v.4.7 :

  • Added a possibility to use U2F FIDO security keys for Windows remote desktop access. RemoteFX device redirection option in MS RDC should be used by Network Admins, to setup U2F keys on TS host side. “Rohos Logon Key compact” setup should be installed on client PC. More details read below.
  • Added support of 16/32 bytes HOTP tokens/keys and other minor improvements for One-Time-Password MFA method.
  • Added support for Omnikey RFID readers.
  • Added support for LastPass automated login with Rohos MFA Key, by inserting a password right to LastPass plugin via web browser extension. Rohos may enter your password right to LastPass login screen in Chrome/Firefox or some website. Current MFA Key is used as password storage. This is an experimental feature for those who prefer to keep LastPass locked after inactivity timeout.
  • Minor Improvements in Rohos Logon Key Push token MFA method. Added possibility to setup Smartphone login without entering user account password.
  • Added a possibility to enter a specific Username in the “Setup Key” dialog box, which allows to setup a key for users which cannot be resolved with the “Select Users” dialog provided by Windows API.
    Improvements with Emergency Logon functionality with an online user account (email address is used).
  • Improvements with Emergency Logon functionality with online user account (email address is used).
  • Added a possibility to display Message Box in RDP login screen, thus populating Remote Access dialog full screen allowing user to enter OTP credentials (by using RDP_notice registry value).
  • Fixed issue with “Setup Key” dialog box when user password is empty
  • Added a possibility to Add MFA keys with a flag “user must enter password during next MFA login”. That allows to setup keys/cards without entering user account password.
  • Rohos Management Tools update.
  • Other bug fixing.
Read more

How to block Skype and encrypt Skype profile folder

Today Skype offers cool features like chatting, file sharing, video calls, and even calls to landlines.  However, your instant message history, contacts list, phone numbers, etc, are stored in plain form. Anyone who is using your PC could read this information with a special tool. Also, children are exposed to on-line dangers such as bullying, viruses, and obscene material.

Here is the solution on how to lock your Skype application from kids and encrypt your Skype profile folder with your IM history and other private data. This solution is also applied for such applications as Google Chrome, Mozilla Firefox, and Opera.

So why do you need to lock Skype Application?

Your Skype profile contains a lot of confidential data like the contact list, IM-history, calls history, etc. This data is not encrypted by default. It means anyone who uses your PC can use this information easily.  If you have one computer to use for all 5 members of your family or live with a roommate then you’d probably like to have a higher level of privacy for your Skype chat logs, received files, and many others.

Here is the list of private data stored in skype profile in a plain form:

  • http://www.scribd.com/doc/9676016/Skype-Log-File-Analysis.
  • http://dmytry.com/texts/skype_chatlogs_friday_13.html

Your kids are one of those from whom you’d want to “hide” Skype.

Why you must lock Skype from kids?

With over 200 million Skype users worldwide, it remains a cheap, cost-effective alternative to expensive international calls.  Statistics show a considerable percentage of Skype users are 14 years of age and older.

Kids are mainly using Skype to:

  • Stay in touch with family and close friends
  • Catch up with friends outside their local calling zones
  • Connect with other students or classrooms across the country or globe through video conferencing
  • Connect to a virtual classroom or webinar for distant learning

The dangers of using Skype by Kids

Like any online community, some Skype users engage in inappropriate behaviors. Young people may be exposed to material that may be sexual, hateful, violent, or illegal. Viruses and malware: File sharing in peer-to-peer networks like Skype is a popular channel for the spread of malware (e.g., worms, viruses, Trojans).  Malicious software may be embedded in file attachments sent through email or chats to damage a computer or collect personal data like credit card information and passwords.

Your kid might not even be aware of these dangers. So it’s your responsibility to protect your kid. But doing something is far better than nothing, and you have to start somewhere.

Some may say – “Well, do not let your kid use Skype.” Easier said than done. Nowadays kids are very tech-keen thus it would be a piece of cake for your kid to download the application and create an account. But what if you close/block access to the application completely!?

Rohos Mini Drive, a free encryption utility now gives its users an opportunity to block Skype and encrypt its contents, so no one can open it and use it.

There are also those who want to keep their Skype data confidential so roommates or employers do not have access to it. Understandable when it comes to roommate but not legible when we talk about using Skype on the office computer and depriving your boss of the right to look through chat logs for security purposes. On the other hand, when the CEO of a company is holding a video conference or sending files it’s here that Skype’s history and chat logs are highly vulnerable. Thus, password protecting and encrypting Skype is especially useful in corporate and business communications.

The chat log, call log and almost all data that Skype puts on your hard disk are not encrypted. Rohos Mini Drive gives you one of the best solutions to password protect and encrypt Skype using its feature “Hide folder“.

How to encrypt the Skype profile folder

Requirements:

  • Installed Rohos Mini Drive (freeware) or Rohos Disk Encryption (shareware).
  • Created virtual encrypted disk.
  • At least 100 Mb free space on the virtual encrypted disk.
  • Skype application should be closed.

Step by step:

  1. Open Rohos Disk Encryption application.
  2. Connect encrypted Rohos disk.

Once Rohos disk is connected you should click on the Encrypt Application link

In Encrypt Application dialog select Skype and Rohos will automatically display your Skype profile path.

  1. Click Encrypt Application button.
    From now on Skype profile folder will be physically moved into an encrypted Rohos disk. Then it will be replaced with a shortcut. This will allow the Skype application to work as before.

Please each Windows User Account has its own Skype profile folder. If you wish to lock the Skype application from Kids you need to “Hide Skype Profile” under each user account in Windows dedicated for Kids login.

How to lock/unlock your Skype profile

Now you can start Skype and make sure everything works well:

  • Without Rohos encrypted disk being connected the Sign-in window pops up blank (when the disk is on, the same window appears with the Skype name that was used the last)
  • You can start Skype but without first typing in the correct password for encrypted Rohos drive it will not be accessible

With Rohos Mini Drive, your recently in-transit and all stored data are encrypted and password protected. So now you may have some nice little privacy at your computer and not worry about SECRECY.

To unlock access to Skype just connect your Rohos encrypted partition and work as usual.

Skype autorun issue

Most users set Skype to auto-start on Windows start. You need to change this setting in order to comply with a new security rule:

  • Disable Skype autostart and start Skype only after you connected the virtual encrypted disk.
  • Or set up a USB Key for Rohos Disk that will connect Rohos disk immediately as you connected the USB Key. If you connect the USB Key during your Windows login Rohos Disk will be ON as you log in. And Skype will autostart successfully.

In case Skype started when Rohos virtual disk is OFF, you need to :

  1. Close Skype by using the Skype menu near the system clock.
  2. Connect Rohos Disk by using a Rohos menu near the system clock or a roots’ disk shortcut on the desktop.
  3. Open Skype again.

Security benefits for your Skype:

  • Your chat logs and instant message history are encrypted.
  • Skype contacts list is encrypted
  • Files that you have received via Skype are encrypted also.
  • Nobody can access your Skype database files with any 3rd party tool.
  • Your Kid will not be able to start the Skype application under your user account.

Rohos Disk Encryption offers security solutions to:

  • Keep all of your private files (movies, music, credit card info) on Rohos encrypted drive;
  • protect with a password any Application folder within C:\Program Files\folder;
  • Keep Opera, Firefox, Chrome browser locked and encrypted when you are away from PC;
  • Have a single USB key (USB flash drive) to access your secure virtual drive, so you don’t need to remember your password of the Rohos disk.

Beware that private data is always meat for outside hunters, so try to keep it as inaccessible as possible. If you wish to improve your Skype profile security, Rohos Mini Drive comes in handy in this situation.

Download and install Rohos Mini Drive (freeware) or Rohos Disk Encryption (30-day trial shareware)