Learning lessons: Fully implement multi-factor authentication

In brief: Recently a report of the cyber-attack (October 2023) on the British Library was published and it shows that on some on-premise servers multi-factor authentication (MFA) was not fully implemented, and the absence of MFA contributed to the attackers’ ability to enter the system.

The 18 pages report contains 16 Learning lessons from the attack and lesson nr. 3 is Fully implement multi-factor authentication –

“Multi-factor authentication needs to be in place on all internet-facing endpoints, regardless of any technical difficulties in doing so. The Library had MFA in place for all end-user technologies, but not on certain supplier endpoints”.

Link to full report>

About Rohos Logon Key

Rohos Logon Key adds strong two-factor authentication control for Windows Remote Desktop login by implementing multi-factor authentication control, where you can combine different MFA methods: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or Apply MFA on top of other remote assistance solutions like TeamViewer, and AnyDesk.
Rohos is the only MFA solution that allows the detection of MFA bypass, reporting to SIEM, and creating push notifications in case of any MFA discrepancies.

Download and try the latest Rohos Logon Key for 15-day (full version) >>

Get your copy of the Rohos Logon Key>

View the list of supported 2FA methods > 

Rohos Logon Key v5.3

We continue to work under Rohos Logon Key development and now implemented our customers’ latest feedback and bug reports. A new minor update contains several important improvements.

What’s new in Rohos Logon Key 5.3:

  • Improvements for Mifare RFID cards to support quick card swipe in some scenarios.
  • Improvements on Azure workstation login via RDP to correctly reuse NLA credentials in some scenarios.
  • Improved LDAP queries after LDAP_REFERRAL error code.
  • Improved 1FA login possibility by using NLA credential for Remote Desktop access when user account have 2FA methods such as Yubikey, FIDO U2F, which in some cases lead to 2FA enforcement.
  • Improvements for Mifare RFID Cards login method to use full-size card UID number.
  • Added new option for 2FA bypass control feature – “Notify any successful login (2FA/1FA)” which will create push notification for Rohos Logon Key Android/iOS app in case of any login into your Server.
  • Improved Emergency Login mode that now allows to use all possible login methods after a successful Questions/Answers procedure. You need to restart Windows after the Rohos Emergency Login procedure to access all possible credentials methods, such as Face Login, PIN code, etc, for normal login. These changes apply only for console based computer access.
  • Improved Rohos Logon Key for Android app, new version 2.17 now has been published on Google Play Market. Added “2FA events list” and “Copy Push URL to clippboard” commands.

Download and Install over the existing Rohos Logon app to try new features:
Download the latest Rohos Logon Key v.5.3 (15-day trial full version) >>
Install Rohos Logon Key app for Android >>


About Rohos Logon Key

Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, and AnyDesk.

Get your copy of the Rohos Logon Key>

View the list of available 2FA methods in Rohos Logon Key> 

Windows ARM support in Rohos Logon v.5.2

We are glad to announce Rohos Logon Key 5.2 beta release with Windows on ARM support that now works on Microsoft Surface PRO X2 based on SQ1,SQ2,SQ3 CPU and other Windows laptops based on Snapdragon CPU.

What’s new in Rohos Logon Key 5.2:

  • Improved AD group lookup code
  • Fixed policy to require 2FA in case of AD group lookup failed.
  • Set to ignore NLA credentials over RDP and require user password entry again if the following option is enabled – “require a password with the 2FA key”.
  • Added support for ARM64 Windows for Windows Surface 
  • MSI setup package updated for compatibility with Windows on ARM.
  • Other minor improvements.

Download and Install over the existing Rohos Logon app to try new features:
Download the latest Rohos Logon Key v.5.2 (15-day trial full version) >>
Download MSI package for Rohos Logon Key v.5.2.

About Rohos Logon Key

Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, and AnyDesk.

Get your copy of the Rohos Logon Key>

View the list of available 2FA methods in Rohos Logon Key> 

Rohos Disk Encryption v.3.3 and Rohos Mini update

This is a bug-fixing update.

What’s new in Rohos Disk v3.3:

  • Updated Rohos Disk Browser
  • Fixed 2FA authentication methods compatibility with Rohos Logon Key setup.
  • Minor performance improvements for the Encrypted Folder feature.

Download Rohos Disk Encryption v3.2 (15 day Trial) >

This update is free for registered users. We also update Rohos Mini setup package with the improvements mentioned above.

About Rohos Disk Encryption

Rohos Disk program allows you to encrypt your computer, USB flash drive, or Cloud folders. It is designed for those who have megabytes of sensitive files and who is really concerned with privacy and information security. To protect access to encrypted data you can use electronic keys like USB flash drive or security Keys or Smartphone. You may also work with secret files by using Rohos Disk for Android. 

Download Rohos Disk 15-day trial>

Get your copy of Rohos Disk Encryption license>

View the complete list of Rohos Disk Encryption features> 

Rohos Logon Key v5 update

We are glad to announce Rohos Logon Key 5.0 stable version with minor bug fixes and improvements on top of 5.0 preview release.

What’s new in Rohos Logon Key 5.0:

  • Fixed “Users and Keys” dialog box.
  • MSI setup package updated for compatibility with Microsoft Defender.
  • Fixed PIN code dialog box behaviour in logon screen.
  • Fixed RFID card 2FA method and login loop issue after card removal action.
  • Improvements in Google Auth OTP 2FA method for workstations in Windows Active Directory.
  • Minor fixes in Rohos Remote Config.

Download and Install over existing Rohos Logon app to try new features:
Download the latest Rohos Logon Key v.5.0 (15-day trial full version) >>

For customers with Rohos Logon Key v.4.8-4.9 license, the update is available with 50% discount, please refer to the registration letter or apply for a discount now.

About Rohos Logon Key

Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, and AnyDesk.

Get your copy of the Rohos Logon Key>

View the list of available 2FA methods in Rohos Logon Key> 

Latest Two-factor authentication vulnerabilities review

According to information regards the latest security incidents with LastPass, Cisco, Uber and Okta, adversaries exploited two-factor authentication procedures to disable or bypass access control. Such techniques as MFA Bombing, Fishing, MFA fatigue, and 2FA Men-in-the-Middle (MiTM) attack were used to mislead end-user, steal plain text passwords and perform MiTM on two-factor authentication. User-friendly feature “Allow authentication request” was miss-used as a tool. In all cases, adversaries were able to bypass two-factor authentication by either disabling it on target accounts, stealing MFA secrets, or adding a new MFA profile.

Social Engineering (SE)

In the case with Uber, the attacker first somehow discovered the employee’s WhatsApp number, started a Messaging chat, and send an URL to the victim with the fake Uber site login page. After that intruder applied SE to convince the legitimate user to enter login credentials on a spoofed Uber login page.

MFA bombing by push notifications

After successfully stealing user login and password, the attacker initiated an MFA bombing/MiTM attack by login to a legitimate Uber login page multiple times, generating a storm of push notifications “Accept login request” to employee’s smartphone. At some moment the user confirmed the request thus allowing the attacker to access the system.


MFA provider re-enrolling

In case with Microsoft breach, hackers re-enrolled smartphone-based MFA (push tokens) on new device by accessing Okta MFA provider account (or partial MFA vendor infrastructure takeover), and then performing login into the target user’s MS accounts by using MFA duplicates.

How to improve your MFA / 2FA control ?

Here are a few pieces of advice on how to check your current MFA implementation for improvements:

  1. Train your employees on how to report / act when MFA access requests on the smartphone appeared at Inappropriate times. After training, perform field tests to generate inappropriate MFA requests to ensure proper reflections by the end user.
  2. Check if your employees know about a decent and friendly way (Social Re-Engineering?) to verify via phone if they really speak with somebody pretending to be a ‘support desk representative’ from your company.
  3. Monitor your system’s remote access for inappropriate/suspicious/abnormal activity, for example – out-of-work login time, MFA failure, or too long MFA approval time.
  4. Continue updating your MFA toolset by employing new MFA technologies like U2F FIDO, FIDO2, WebAuthn in parallel with the current MFA.
  5. Check if your MFA vendor/solution has new features to filter access by IP or MFA device. Check if the MFA solution logs MFA activities parameters.
  6. Use gamification within your IT team to simulate or imagine how MFA re-enrollment, misuse and bypass may happen in your organization.

What about Rohos Logon Key ?

Rohos Logon Key adds strong two-factor authentication control for Windows Remote Desktop access. Rohos allows to implement and adopt multi-factor authentication into the business processes with minimal side effects. In Rohos we always experiment with new features.

  • You may employ different MFA methods: password, PIN code, Smartphone or strong authentication devices like FIDO2 U2F key, YubiKey, Google Authenticator One-Time password codes, USB iKey tokens or RFID cards per different user groups depending on requirements or technical skills.
  • It is possible to apply MFA by IP filter.
  • It is possible to use MFA bypass control – lock desktop immediately when MFA was not used for login session.
  • Rohos log all type of MFA events: Login session time, MFA prompt time and successful MFA duration time for each user.
  • Rohos for Android/iOS app does not uses Push notifications ‘Approve access request’. With Rohos MFA app – Notifications bombing is not possible.
  • Rohos allows to add of more MFA redundancy by setting up FIDO2 physical key and Smartphone app for the specific user account. The MFA diversity can be used to distinguish between logins of legitimate user MFA or stolen/ re-enrolled MFA.

Using SecureData USB flash drive for Windows and Mac Login

Photo by SecureData, Inc.

We would like to recommend the use of a SecureData SecureUSB® Duo encrypted device in conjunction with Rohos Logon Key for Windows Logon two-factor authentication. This will give you an additional layer of security. SecureUSB Duo hardware-encrypted USB Flash Drive offers Host/OS Independent user-authentication and military grade security. User authentication can be done by using the physical keypad on the USB drive or via your smartphone using the free User app (iOS or Android). When using the keypad, you can either plug it into an open USB Port on any type of Windows computer and enter your 7-64-digit PIN (password) to unlock the drive, or press the key button, enter the PIN, and then plug it into any open USB port. When using the phone to authenticate, you will need to download the free app from the App store for iPhone, or from the Google Play Store for Android devices. To unlock the drive using the app, you will need to plug the drive into the host then open the app on the phone. Using a smartphone for user-authentication offers additional security layers that you can set up in the app. You can set 2FA to unlock the drive or use bio-metrics. We also suggest setting up PIN recovery in the event the PIN is ever forgotten. Rohos Logon Key is the only solution on the market that allows to set up of two-factor authentication redundancy by employing multiple 2FA methods on the organization level or user account level. Read more to find out how to configure and use SecureUSB for Windows logon.

Read more

Rohos Logon Key v.5.0 preview

We are glad to announce Rohos Logon Key 5.0 early preview with improvements in the ‘2FA bypass control’ feature and better compliance with Microsoft Defender.

What’s new in Rohos Logon Key 5.0:

  • Improvements in the ‘2FA bypass control’ feature. Now the special option “Remember 2FA” allows defining a time interval in seconds to reduce possible false-positive alarms. Also ‘2FA bypass’ events are now added to the authentication event log with IP address information.
  • Java Card support module is temporarily removed from the setup package to comply with Microsoft Defender.

Download and Install over existing Rohos Logon app to try new features:
Download the latest Rohos Logon Key v.5.0 (15-day trial full version) >>
For customers who ordered v.4.8-4.9, the update is still free!

About Rohos Logon Key

Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, and AnyDesk.

Get your copy of the Rohos Logon Key>

View the complete list of supported devices for Windows 2FA logon> 

Rohos Logon roadmap for 2022-23

Here we would like to share the items from the product roadmap briefly.

Currently in Rohos Logon Key roadmap list:

  • More robust two-factor authentication redundancy support for Windows.
  • Integrated two-factor authentication bypass control with push notifications in Rohos Logon mobile app, better detection for various remote tools, and unattended support tools like TeamViewer, AnyDesk, VNC, etc.
  • Further development for Rohos logon Key for Android/iOS with improvements and better push 2FA method support.
  • Better and smoother OTP self-enrollment, auto-enrollment for OTP in Aactive Directory.
  • MS azure support via MS Graph integration.
  • webhooks support for 2FA auditing and 3rd party SIEM integration.
  • Development of Polymorphic setup file to avoid being detected and disabled in an automated way by malware or possible attackers.  
  • Adding subscription licensing type with included SLA support, updates, and Rohos SBOM data. 

Rohos Disk Encryption v.3.2

This is an update where we rebuilt all binary components in a safe environment after strengthening our internal software development security. We also checked Rohos Disk with the latest Windows 11 and new Google Drive “Stream Mode” feature. Both container file or file encryption is compatible with google virtual drive letter. Rohos Disk is a good choice for vendor-independent End-2-End encryption for your Google Drive, OneDrive, or DropBox files.

What’s new in Rohos Disk v3.2: 

  • Windows 11 Support tested and verified. 
  • Removed legacy authentication modules.
  • Removed Folder Virtualization feature from Rohos Disk Browser.
  • Fixed installation of File Shredder tool  (Explorer “Send To” command in context menu).
  • Added Smartphone authentication method that allows to use Android/iOS phone as a key for your Encrypted Disk.
Read more