USB key FAQ and error messages

To check if your USB flash disk (or other removable device) works with Rohos software, please check if Windows recognizes the disk as a removable drive. To check it, please, do the following:

  1. Connect your USB flash drive (or other device) to the computer, go to Windows Explorer and check if any new drive letter (G:/ F:/) appeared after you have connected the device.
  2. Right-click on this letter to select the “Properties” from the menu.
  3. In the General tab of the Properties window you should see the Type property. Make sure you have the Type: Removable disk string.

Note: Normally, Rohos software recognizes your removable device after you have connected it to the computer.

What does an error mean?

“USB Key was not configured for this computer, it will be ignored”

You may see it in the following cases:

  1. The USB key was not configured for this computer, i.e. it does not have a valid logon profile for this PC (no login profile with the local computer name or “” ).
  2. This is a ‘stranger’ USB Key and it is ignored by Rohos Logon because the computer owner has already configured his/her USB flash drive for this computer.
    By default, Rohos bounds up to the first configured USB Key. Even USB Keys that were configured with a USB Key management utility will be ignored.The following registry value enables this security option:
    HKEY_LOCAL_MACHINE\SOFTWARE\Rohos – CheckUSBserial=1

    To correct this error:
    – Clear the CheckUSBserial value or set up this USB flash drive on the local computer using Rohos Logon Key main window.

  3. USB Key was created by simple file copy operation from another USB flash drive. This is not allowed.

“The password in USB flash drive is invalid” error – Means that your system password or Rohos disk password were changed and you didn’t store new password on USB drive. Please, configure your USB flash drive again.

This error may happen if you reinstalled your Windows or changed Windows password using User Accounts dialog box from Control Panel.

To correct this error:
– Set up your USB flash drive again.

“USB Flash drive is write-protected” error – Means that you set a jumper on USB stick to make it read-only. You should turn-off this feature, configure USB drive for Rohos software and make it read-only again.

To correct this error:
– Switch a read-only jumper off.

This could be a NTFS permission issue, connected with Windows configuration or account rights.
Check your USB or HDD folder , for instance open folder f:\_rohos
1. Open properties dialog for f:\_rohos\rdisk.rdi
2. Choose Security tab
Check the permissions for file . “Write” should be enabled for user\group matched on client PC.


You may also check this permission right on the Client PC where you tried to open Rohos Disk.
Click on “Advanced” button and then “Effected Permission” tab will allow you to verify is a specific “User Name” has access to Rohos encrypted container file with write permissions.

“Demo USB Key has been found. Please register it.”
This USB Key was configured in the USB Key Manager tool without having a licenses list.

To resolve this error:
– Purchase a number of licenses and enter it into USB Key Manager tool. Then just open a Key using this tool and it will be auto-registered.

“Your Rohos license does not support this feature. Please upgrade your license.”

Usually it means that the USB Key contains several logon profiles and personal license is used.

To correct this error:
– Purchase PRO license or have only a single logon profile on the USB Key (clear it and re-configure again).

The benefits of PRO license:

  • Use a single USB Key to log into multiple computers/user accounts.
  • You can log into Remote Desktop login by USB flash drive.
  • Support for Novel Client for Windows
  • Support for Windows Domain, Active Directory.

“Your’s Rohos license does not support this feature. Please, upgrade your license.”

You may see it in the following cases:

Rohos Mini Drive is installed over Rohos Disk Encrytion. Virtual encrypted disk is opened and you try to connect other encrypted Rohos disk.

Note: if you have installed Rohos Mini Drive over registered Rohos Disk Encryption the software shows the interface of the Rohos Mini Drive and applies feature’s limits.

It may happen when use wants to encrypt USB flash drive. To avoid this error open Rohos Disk Encryption main window – select “Encrypt USB flash drive” option. In the opened dialog box choose the pen drive and set up configuration.

Disk Encryption and Secure Login bundle

Briefly: If you share your computer with someone else it means that others could access your Windows, see your private files, install games or software you didn’t want, or change your computer settings. Both Rohos Disk Encryption – robust encryption and flash drive security software, and Rohos Logon Key – two-factor authentication software, will keep intruders away from your PC and sensitive data it contains. Make your Windows access  protected and encrypt your saved files and all JUST for $79 instead of $128.

Special offer – SAVE 33$
use on 3 computers

Note: Secure Login and Disk Encryption bundle includes PRO licenses of Rohos Logon Key and Rohos Disk Encryption programs.

Security benefits:

  • Secure Windows login with electronic Key fob. You do not need to enter Windows password manually though the system is still password protected.
  • Unplug your Key and the Windows is blocked. Back at the computer, just plug the Key in and you may continue working.
  • Two-factor authentication with PIN code. After 3 wrong attempts to enter PIN (it can be a short one, e.g. 1234) the USB Key will be blocked.
  • Use a single USB token to log in your home PC, laptop and office computer securely
  • Rohos Logon automatically creates logon profile on your USB flash drive in encrypted form
  • Your data is safe since the passwords (to your Windows account and encrypted disk) are not saved on USB drive
  • You may continue to use USB flash drive as a storage device
  • Create hidden and encrypted partitions with Rohos Disk Encryption that are easily accessed like any other drive letter.
  • Automatically encrypt and decrypt files as you move them in and out of your virtual drives.
  • Guard access to your virtual drives using passwords or by requiring a physical key.
  • Hide sensitive information in plain sight using AVI movies or MP3, OGG, or WMA audio files.
  • Turn any USB device or Bluetooth enabled device into a security token.
  • Increase your computer’s security while minimizing the need to remember complicated passwords!

System Requirements:

* Windows 2000/ XP/ 2003/ Vista/ 2008 & Windows Seven (x86/x64)
* Internet Explorer 6 or later
* 32 MB RAM
* 2.5 MB free disk space

Supported devices

New! Special Offers

Comparison matrix Rohos Disk Encryption vs Rohos Mini Drive

Rohos Disk Encryption creates hidden and encrypted partitions on the computer or USB flash drive and also encrypt folders in cloud storage like Google Drive. Whereas Rohos Mini Drive – a FREE encryption tool that creates a virtual encrypted partition solely on the USB flash drive memory. Rohos Mini version may also contain some experimental features from Rohos Disk full version.
In this chart, we’d like to show applications’ features and emphasize the full version, i.e. Rohos Disk, advantages.

What is included
Rohos Mini Rohos Disk
 License type FREE
personal
Purchase
Create an encrypted partition on a USB flash drive
Virtual keyboard. Protect your encrypted disk password from a keylogger.
Unlimited encryption capacity 8 GB limit
Open (read-write) encrypted partition on a guest PC via Rohos Disk Browser
Restore Rohos disk
Change disk password
Create password reset file
Hide Folder or Application into the encrypted container and other experimental features.
Create an encrypted partition on Computer HDD
Encrypt folders on PC/Google Drive/Dropbox
Create disk shortcut on the desktop
File-shredder to erase the content of folders and files
Encrypted disk Auto-connection by Hotkey/USB Key
Set up the hardware security key for disk access without entering a password (USB drive).
Steganography. Hide your Rohos virtual disk container into any media file (AVI, WMA, MKV, TS).
Enlarge encrypted partition size.
Priority user support.

Special offer: Rohos Disk PRO license – allows using Rohos Disk on 3 computers and save $30. Order>

Rohos Disk licensing is a lifetime (perpetual), the price is a one-time payment. You can use the product forever. Minor updates are free (3.*). Major updates are optional and cost 40% of the original license price. Support by email is always free.
Refund policy and Sales FAQ

Comparison matrix Rohos Logon Key licensing

Rohos Logon Key software offers a complete password replacement solution for both home and corporate environments. Rohos Logon Key PRO License is a special offer license key that enables all program features for 3 computers. This chart compares the applications and features offered in each edition.

  Standard
(RLK-STD)
  Server
(RLK-SRV)
What is included Purchase 

32$

  Purchase 

350$

Secure Windows workstation/laptop login with two-factor authentication.  
Protect authentication Key with PIN code.  
Using any supported security device like: PKCS#11 tokens, smart-cards, OTP, RFID, FIDO U2F, Yubikey, Rohos smartphone app.  
Windows Remote Desktop 2FA login on workstations on Windows 7/8/10²  
2FA support for Windows Active Directory.  
Use a single Key to log into multiple computers/user accounts.  
Console and Remote Desktop 2FA login on Windows Server OS¹.
 
Use a single license on 3 different computers².  


Notes:

  1. Rohos Logon Key Server license type is required for Windows Server OS versions: Windows Server 2012 / 2016 / 2019/ 2022/ etc.
  2. Rohos Logon Key PRO is a special offering for personal use that covers Rohos licensing use for up to 3 personal computers/laptops (individual customers only).
  3. Secure Login and Disk Encryption bundle includes licenses for Rohos Logon Key and Rohos Disk Encryption programs (PRO offering)

 

Windows Credential Provider in Rohos Logon Key

This article describes a new Credential Provider for Windows Vista/Seven, available in Rohos Logon Key. With this component, Rohos Logon Key adds two-factor authentication for Windows login: USB Key and optional PIN code password.

 

Contents:

  • What is Rohos Credential Provider?
  • Allow to log in only by using USB key
  • Windows Safe Mode support
  • Emergency Logon in case of loss of the USB Key
  • Changing Password
  • Accessing a Windows Remote Desktop with a USB Key
  • Windows Active Directory support
  • User Account Control (UAC) with USB Key
  • Troubleshooting USB key logon

Rohos Logon Key offers complete support for the new Windows Seven authentication.
A new component, Rohos Credential Provider, has been designed specially for Windows Seven. It integrates into the Windows logon screen.

With this component, Rohos Logon Key makes it easy to use USB Flash drive as a new means of hardware-based authentication for Windows login.
Thus, the program solves the problem of “weak passwords” by moving to secure two-factor authentication on the basis of a physical USB key.
Rohos Credential Provider can be used both on individual PCs, and on computers connected to Windows Active Directory.

What is Rohos Credential Provider?

Credential Provider is a special authentication component for Windows Seven, which implements a new user authentication method.

Rohos Credential Provider appears on the Windows logon screen in the form of an icon of a USB key. Connect a configured USB Key, and the Rohos Logon Key  will perform user authorization into Windows. If necessary, it will also request user to enter a PIN code for  the USB drive security (two-factor authentication).

Supported authentication tokens in Rohos Logon Key: USB Flash drive, OTP tokens, PKCS#11 tokens etc…

 

Rohos Credential Provider

Rohos Credential Provider automatically detects your USB drive and reads logon profile data from it. When you press the arrow button, the program scans all connected USB drives and searches for a valid USB Key.

The Option “Allow to log in only by using USB Key”

This option makes Windows login possible only by means of the USB drive; manual login with passwords becomes impossible both for local and Remote Desktop login.

When this option is ON – Rohos disables existing Credential Provider. Thus, all user icons disappear, and only the Rohos Logon Key green icon remains active.

This function can be configured in the ‘Rohos Options’ dialog box by checking ‘Allow to log in only by using USB key’.

Note: Disabling the standart Credential Provider also affects the following Windows elements:

  • In the User Account Control dialog (requesting the administrator’s password) the administrator’s icon will not be available. Instead you need to use the USB key.

Now whenever you log in, the logon screen will show only the Rohos icon. If the USB flash drive is lost or damaged, you will be able to log in only with the help of ‘Emergency Logon’ function or by Safe Mode.

Note: Safe Mode on default will also be blocked by the program and it will be impossible to login by a regular password entry.

Windows Safe Mode support

When starting Windows Seven in Safe Mode, only the built-in Credential Provider will be available on the logon screen. Other 3rd party credential providers providers do not work in Safe Mode. Rohos Logon Key integrates into the Safe Mode logon screen a special icon of the USB key which performs two tasks:

  1. Allows using the configured USB key for the login.
  2. Disables manual password login when option “Allow to log in only by using USB Key” is ON.

Rohos Credential Provider. Настройка входа только по USB ключу

Safe Mode Support

How Rohos Logon Key works in Safe Mode

Emergency Logon in the case of loss of the USB Drive

‘Emergency Logon’ provides login to Windows, if the USB key is lost or damaged or you forget PIN code.
To use this function, you must simply answer a few questions. Only you should know the answers to these questions – otherwise, access to your account would be open to everybody.
You can configure this function in the main window of the Rohos Logon Key program. (Configure USB drive -> Configure Emergency Logon). This will open a dialogue asking for answers to suggested questions (it is also possible to choose your own questions).

The Emergency Logon also works differently across different versions of Windows. In Windows Vista, clicking the ‘Emergency Logon’ link on the login screen will open a window. In this window you can first choose a user name, and then answer the questions.

 

After this you can:
* Choose a new password – if you want to set up a new password and then continue to use it.
* Leave it blank, to preserve your existing password

After restarting Windows, the login screen will show the user icons that were previously dormant (if you chose the ‘allow to log in only by using USB key’ option). Now you can log in under your name just by entering a simple password.

Changing Windows password

With Rohos Logon Key 2.4 it is possible to change your password by pressing the keys Ctrl + Alt + Del and selecting the option “Change Password”. Once the password is set, it will be immediately synchronized with the USB Key.

If your computer is connected to a Windows Active Directory, then the Update Password policy will be followed as usual. Users will be prompted to change their password on the logon screen.

The ‘Other Credentials’ button on the change password screen allows you to change a password using the standard credentials provider. Please note that this password will not be saved to the USB key.

If the option ‘allow to log in only by using USB key’ is set, users will be unable to set a password using the standard credentials provider in Windows Vista. The ‘Other Credentials’ button will not be shown.

Accessing the Windows Seven Remote Desktop with a USB key

Rohos Logon Key makes it possible to access a Windows Seven Remote Desktop with the help of a USB key connected to your local computer.

NOTE: For this, the USB key must be correctly configured in the key management utility (the Domain field should contain the name of the terminal servers, or “\\Domain Name”

Login Windows Remote Desktop in a secure way by USB key

 

Logon to a Windows Seven computer connected to a Windows Active Directory

Windows authentication by USB key can also be used on computers connected to Windows Active Directory (Windows domain). For this it is necessary to install the Rohos Management tools (freeware), and to correctly configure the USB key.

This is the screenshot for Rohos USB Key manager setting up Usb Key logon profile for AD login:

 

 

Rohos Management Tools

User Account Control (UAC) with USB Key

User Account Control (UAC) automatically limits the permissions of all the programs that the user is going to run. User need to confirm privileged operation or program by his password.

The icon of Rohos Logon Key is already integrated in this dialog:

Rohos Logon Key. Утилита администрирования ключей. Настройка профайла

User Account Control

The administrator’s password for the requested action will be taken from the USB key.

USB key can be configured for two accounts:

  • Regular User – login under regular user without administrative priveleges.
  • Administrator – is used in the User Account Control and the request of the the administrative password.

Now increasing of the permissions works by one click on the button OK, without typing the administrative password each time.

This feature also works on the Remote Desktop.

Note: In case of using the option “Allow to log in only by using USB Key” the administrator’s icon in the given dialog will be absent.

Troubleshooting

It is very important that the username and domain name be correctly written in the Logon profile if the user’s connection is through a domain, since this is often a mistake in authorization

If such an error occurs, the welcome screen will show the user name and domain name, which caused the error. The parentheses contain the username, followed by the name of the computer or domain.

Furthermore, the Administrator can check any key in the USB Key Management utility, and can troubleshoot problems.

Site Map

Pages

Posts by category

File-Shredder

In Rohos Disk ciphering program there is File-Shredder, which allows you to move files and directories to your secret Rohos disk. After files were moved they are deleted by shredder without moving them to the basket.

How File-Shredder works:

To delete a file reliably and be sure that nobody can recover it and get access to data you wanted to destroy forever, you need to use another approach. This approach is implemented in programs called file-shredders.

Such programs work in this way:

  • File content is polished, i.e. disk space it occupied earlier is filled with other data (random number sequence). In this way, you may fully destroy data presence by saving other data over it.
  • Then the file is deleted

File-Shredder in Rohos:

File-Shredder is installed with the Rohos program and integrated into the Windows Explorer Send-To menu.

File-Shredder allows not only to delete unnecessary files but to move files into wanted place (for example into another directory, into the outside hard drive, or into a USB drive) and to destroy information about deleted files.

file shredder

File-shredder works in this way in Rohos Disk:

  1. Choose files you want to move or simply delete
  2. Right mouse button click on chosen files
  3. Choose the «Send To» sub-menu. Then click on Rohos File-shredder. Rohos Disk shredder window, where the chosen files list would be, will open.
  4. Specify, if necessary, where the chosen files and directories are to be placed before destroying. This can be another directory, USB flash drive, or virtual cipher disk made by the Rohos program;
  5. Choose the action type:
    a. Copy and delete
    b. Delete only
  6. Click the OK button to confirm the chosen action.

Tesline-Service GINA. Advanced authentication module for Windows 2000/XP/2003.

Summary:
GINA is a replaceable DLL component for Windows NT/2000/XP. GINA implements the authentication policy of the interactive logon model, and is expected to perform all identification and authentication user interactions.
Rohos Logon Key replaces Windows MSGina.dll by Rohos GINA module that implements standard login/password authentication as well as two-factor authentication by using USB flash drive.

The following topics cover conceptual information about GINA DLL module developed by Tesline-Service SRL, USB flash drive identification mechanism, PIN code entry and product related issues.


About Winlogon and GINA

Logon into Windows is performed through the interactive login process (Winlogon). Winlogon is a trusted process for managing security related user interaction, MSGina.dll and network providers. To alter the interactive logon procedure, MSGina.dll can be replaced with a customized GINA DLL.
Rohos Logon Key modifies the following registry value to replace typical GINA component:

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Key: ginadll
Value: rohos_ui.dll

  • It creates three desktops: an application desktop (used by the user), a winlogon desktop (used by the winlogon to display the login UI), and a screensaver desktop (to run the screensavers). Only the winlogon process has access to the winlogon desktop. This means that whenever winlogon desktop is active, no other process has access to the data associated with the desktop. This prevents any other processes from getting the password that is used to logging and unlocking the desktop. The screensaver is run in a separate desktop so that if the screensaver is marked secure, the winlogon switches to the winlogon desktop on its termination, thus locking the system.
  • Registering CTRL+ALT+DEL makes Winlogon ensuring that no other application has hooked that key sequence.
  • When user enters the password, the Winlogon sends user credentials to the Local Security Authority Server (LSA) which authenticates user. Then it generates the access token of the user. This access token is then used to create the user shell.

Windows Login dialog and list of user accounts


When Windows starts User Authentication dialog appears. Rohos GINA provides enhanced Login dialog with customized list of user accounts, date and time, shutdown button, typical login dialog.

  • The list of user accounts is displayed according to Windows XP welcome-screen specification. Each user item has a picture and password hint. Users with blank password can log in by a single click.
    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts \ UserList \
    Key: %USER NAME%
    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\%USER NAME%
    Key: Picture Source
    Tip: To add or remove users from the login window (welcome screen) open Rohos Logon main window and click Setup Users link.
  • Full Name for user account is supported. User account contains system name for internal system purposes and user-friendly name that can be displayed on the login screen. This name can be changed any time without affecting the system.
  • Date and time is displayed on the login dialog box.
  • Shutdown computer button allows to Shut Down, Restart, Hibernate, Stand-by from Authentication Dialog Box.

    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system Key: ShutdownWithoutLogon (0 = disabled, 1 = enabled)

  • Legal Notice Before Logon Gina uses these fields to display a text to any user before logging onto the system. This is useful when it is required by law to warn people that it is illegal to attempt to log on without being an authorized user.

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Key: LegalNoticeText

Learn more about Rohos welcome screen customization: How to change text based notices in various parts of the welcome screen?

Authentication and Login

When you start your computer Rohos welcome screen (gina) appears and user can choose user account to log in. Tesline-Service GINA supports various login methods:

  • Users who do not use password – log in by clicking on their icon
  • Automatic Logon to Windows is supported (AutoAdminLogon=1)
  • User accounts that are not displayed on the welcome screen can log in by typical login dialog box by clicking on the User account link.

Using two-factor authentication with USB flash drive & PIN code. Learn more How to use USB flash drive for Windows login?

Supported security policies:

  • Password expiration – if user account has an option to periodically change password Tesline-Service GINA will force this policy according to system settings
  • Disabled/Locked user accounts are supported
  • Disabling user to change his/her password is supported
  • Shutdown without logon. You can run hibernate/Standby mode using shutdown computer button (if enabled by security policy).

Authentication in Windows Active Directory (Windows domain)

Active Directory is an essential and inseparable part of the Windows 2000 network architecture, an integrated set of directory services that improves the management, security, and interoperability of the Windows network operating system.

On a computer that is a part of a network domain, a user must be a member of at least one group. The permissions and rights granted to a group are assigned to its members.

Tesline-Service GINA allows to easily satisfy the needs of both the administrators and users, making the access to the Windows Active Directory (ex-Domain) resources easier, faster and more secure. If the computer has already been configured by the administrator to work with the Directory, then accessing to Active Directory becomes just a few clicks away. After installing Rohos Logon Key and restarting the computer you will see the welcome screen.

  • Rohos uses default domain setting to display domain users on the welcome screen for easy login into domain:
    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Key: AltDefaultDomainName, AltDefaultUserName
  • Tesline-Service GINA provides additional login dialog box to log into Domain under user account from domain that is not represented on the Rohos welcome screen. To use it press Ctrl+Alt+Del. Here you can enter your login password and Active Directory domain name.
  • Two-factor authentication with USB flash drive is supported
  • Map User Home Folder (drive) and setting environment variables are supported
  • UPN format for domain login is supported (user-name@domain-name.com)

Windows Security Dialog Box by Ctrl+Alt+Del

The dialog box, which appears when you press the secure attention sequence (SAS i.e., Ctrl+Alt+Del), has a title of Windows Security. Windows XP doesn’t display the security dialog box when user presses Ctrl+Alt+Del. Tesline-Service GINA supports this dialog (as Win+L to lock Windows). Security Panel Functions:

  • Here you can see: icon of the current user, current working hours that you have spent at computer
  • Change of Windows password
  • Lock desktop (log off user and turn off computer as well)
  • Open Task Manager
  • Review network security (shared folders, opened files, connections)
  • View free space on hard drives and USB flash drive

To customize the title of this dialog box Gina uses the following registry key:

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Key: Welcome (e.g., Windows Security for JoelTech Domain)

To disable buttons in the Windows Security Dialog Box Gina uses the following registry key:

Path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
Keys: DisableChangePassword (1= disabled), DisableTaskMgr (1= disabled), DisableLockWorkstation (1= disabled)

Tesline-Service GINA provides additional security items: Network Opened Shares, Active connections.

Locked Window

When you lock your computer by Win+L shortcut or Lock Workstation button on the Ctrl+Alt+Del dialog the locked desktop window appears. Supported actions on this window:

  • Unlock workstation by User password
  • Unlock workstation by Local Administrator password
  • Unlock workstation by using USB flash drive (Using USB flash drive for login)
  • Run Hibernate/Standby mode using shutdown computer button (if enabled by security policy).

Additional features:

  • Opened Programs counter is displayed on the locked screen
  • Date and Time displayed on the locked screen
  • Working time (how many hours for today a user has spent while working on the PC, excluding pauses like: screen saver, restarting, hibernate, locked desktop)
  • Auto shutdown/hibernate feature (see tweaks AutoShutdownWhenLocked)

Shutdown dialog

Native Windows MSGina.dll component contains Computer shutdown dialog, and GINA specification rules do not allow to replace this dialog. However, Tesline-Service GINA sets up its own shutdown dialog with additional features:

  • Current User picture (also supported for Windows2000)
  • Working time information (how many hours for today user has spent while working on the PC, excluding pauses like: screen saver, restarting, hibernate, locked desktop)
  • Hibernate button (no need to press Shift button to use hibernate).

Note: Shutdown dialog is replaced by injecting special code into Explorer process. If this causes troubles then this ability can be disabled (see Rohos tweaks.)

Rohos Logon Key
Replaces password based login into two-factor authentication by using USB flash drive

How to Hide Folder in a most secure way.

Summary: There are a lot of utilities over the web that can hide particular files or folders on the Windows. These utils offer an easy way for hiding files – by means of file system request filtering. But it does not mean 100% data security. Actually the hidden files and folders can be seen in other way. If you need a more effective security you should choose virtual encrypted disk tools.

How to hide folder or restrict access to it for other users

It’s reasonable that everyone wants to hide private documents, programs or other data from too curious persons, especially if your information is secret. You can use:

  1. Special programs for files\folders hiding. Such programs like Folder Lock, Hide Folders XP and others can hide folders and files or lock them by a password.
  2. Windows built-in features: Set folder\file attributes as hidden. Or use NTFS permissions. This feature is used to set up access rights to particular folders or files on NTFS volumes.

Folders and files with “hidden” attribute:

  • Invisible in File Explorer to the other users, if the user has turned on the option “Do not show hidden files and folders”
  • Visible through Total Commander or FAR file manager  that don’t use standard dialog to display folders and files.

It’s convenient to use this method because no additional efforts are needed to hide information. One mouse click is enough to make folder or file invisible.

How to hack hidden folders (reveal them)?

Not all the “Hide Folder” tools will securely hide your data.

A lot of such programs can hide files only for a current operating system. But what happens if two or more OS are installed on the computer? What if you need to hide a folder on USB flash drive or portable HDD ? Information will be hidden on your Windows, and visible in another one.

Simple hiding or changing access control can be broken in the following cases:

  • Your computer was loaded in other operating system (OS) or the other OS was loaded with CD-ROM, e.g. Live CD with Windows or Linux. All the files and folders will be visible. In other Windows which will be linked up to your HDD disk, all the files will be visible because there will be no security and any limits.
  • Windows startup in Safe Mode. All the files and folders are visible in Safe Mode, even those ones that were hidden by hiding programs. While loading in Safe Mode Windows is loading the drivers necessary for system work, and leave out the driver-filters in order to prevent all possible soft faults.
  • If you use Portable HDD or USB flash drive
    If you hide a folder on USB flash drive and connect it to other computer, you can see and open all the hidden files and folders. You may also see the folders the access to which was prohibited (in NTFS). There is the other way to see the files hidden by the hiding programs. You should have the Admin’s rights (an account with admin’s authorities). Thus, if you are a system administrator, you can uninstall (delete) the hiding programs, or to load the computer in safe mode. In that case all the hidden files will be visible.

Data Encryption for strong security

How to avoid the difficulties aforesaid (to hide a folder and protect it from unauthorized access)? Encryption is one of data security methods. You select the data and enter the password to access it. If you are the only password keeper, only you will access the information!
Data can be encrypted for robuster security. By means of special encryption algorithms the data is changed so that even if the file is open, it will be impossible to read it – it will look like a mess. In order to see the original data, it must be decoded by the same encryption algorithms.

Using disk encryption you can:

  • Hide your sensitive files and folders
  • Protect your information from unauthorized access

Rohos Disk: Encrypts and hides

If you use several methods of security, your information will be stored more securely. This method was used in Rohos Disk.

This is how Rohos Disk works:

  • All the data is stored on the virtual encrypted disk created by Rohos. The data is being encrypted on the fly with an AES encryption algorithm.
  • When you stop working with files from virtual encrypted disk, you just turn off the disk. The disk and all the data stored in it becomes inaccessible until you turn it on again. The disk is a file having the size of the same disk This file can be seen, but it can be encrypted, thus the data stored in it is inaccessible.
  • You may have a USB token instead of a password in order to open virtual encrypted disk.
  • Portable encryption allows to hide and protect a part of USB flash drive.

    See also:

    Virtual encrypted disk inside-out

How to increase password security with 2-factor authentication for Windows logon

Summary:
It is not true when they say that security improves as password complexity increases. In reality, users simply write down difficult passwords, leaving the system vulnerable. Security is better increased by using two-factor authentication solutions. Rohos Logon Key program offers excellent password replacement solution for home and company.

“Secure” Passwords Facilitate Breaks-In

Passwords that comply with “security-improving” principles (long and random generated, forcing users to change passwords frequently) lead to one outcome:
– users write down their passwords or avoid using them at all

Two-Factor Authentication Basics

Two-factor authentication is a security process in which the user provides two means of identification:

  • One of them is a typically physical token, such as USB flash drive or smart-card
  • And the other one is typically something memorized, such as a security code or PIN code for USB flash drive.
    In this context, the two factors involved are sometimes referred to as something you have and something you know.

A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it. To access to the account (get money) the user needs to provide both of them.

Why is it necessary to use two-factor authentication?

Two-factor authentication reduces the incidence of identity theft and other on-line fraud, because the victim’s password would no longer be enough to access to user information.

Rohos Logon KeyAllows to access Windows computer in a secure way using USB flash drive:

  • Rohos Logon replaces password based Windows login with a USB Key
  • Supports USB flash drives, U3 Smart flash drives, SD/MMC memory cards, OTP tokens, PKCS#11 tokens
  • Automatically logs in or unlocks when USB Key is detected
  • Automatic Windows lock when user unplugs USB Key from computer
  • USB Key security: 2-factor logon with PIN code, USB key copy-protection. Logon data are encrypted.
  • Password based login can be prohibited. Learn more…

User identification via USB Key (flash drive)

Corporate Windows 2-factor authentication solutions such as GemSafe, GemPlus smart card software store user credentials on smart-cards and USB tokens with smart-card chip inside it (Rainbow, Alladdin eToken, etc). These solutions are expensive to install, maintain and support. Around $25-$50 for the smart card or token and the associated software, plus an additional $25 for each smart card reader.
For small offices and home users we recommend using USB flash drive for Windows login.

About Smart-card: a small chip with integrated CPU, memory (4-100 Kb) and organized data access system with advanced security options such as PIN code, access conditions, cryptographic features: encryption, HASHing and signing algorithms.

USB Key security in Rohos Logon Key program:

  • USB Key copy protection. Logon profile is bound up with a USB flash drive serial number. Thus USB Key cannot be duplicated by unauthorized person.
  • USB Key originality. By default, USB Key is bound up with a computer where it was created for login. Another USB Key will be ignored by the program (even with a valid logon profile). Computer owner can forbid to use any other USB Key except one for login.
  • Protected password. By default, USB Key does not contain your Windows password in plain form, but only Encryption Key pair that is used to reconstruct password for login operation.
  • Two-factor authentication using PIN code for USB Key. This is a small password with only 3 attempts to enter, that is required when performing login by using USB Key.

Security options are the same when using Smart Card:

  • You can set up PIN code protection for USB flash drive as well as for Smart Card
  • Malefactor or a thief will not be able to create a copy of your USB key or Smart Card just by copying key files from one USB flash drive to another.

What is different:

Smart cards support advanced PIN code features such as: total device is blocked after 3 wrong attempts of PIN code entry. Separate PIN code for a regular user and a key Administrator.

How to configure two-factor authentication for Windows?

Some people are puzzled by the phrase “Setup your USB flash drive for Windows login”. The detailed step-by-step instructions are available here.

Rohos Logon Key – Password replacement solution for Windows login. Turn regular USB drive into security token.


How to use USB flash drive for Windows login?