Two-Factor Authentication
For Windows Remote Desktop

Hardware and software authentication means variety:

  • One-Time-Password by Google Authenticator
  • any HOTP generator dongle
  • SMS based authentication with OTP codes
  • Any PKCS#11 compatible HSM token like iKey or eToken

Small footprint

With Rohos Logon Key you have a simplified Control Panel to define 2-FA policies for Remote Desktop Access and a single 2-FA configuration dialog.

Easy Installation

Rohos Logon Key installs right on Windows Terminal Server host and integrates only into Interactive Authentication process without touching DC’s policies or AD schema.

2 Factor Authentication variety

You can choose classic PKCS#11 compatible HSM tokens and mix devices from a few manufacturers. Try modern One-Time-Password generators like Google Authenticator that works on any Smartphone. Or re-use regular USB flash drives as authentication device.

Secure Two-Factor Authentication for Windows Remote Desktop

By using USB flash drive as authentication key , PKCS#11 hardware security modules like iKey/eToken or smartcards JavaCard/MiFare 1K


2FA policies

By WAN/LAN IP filter, user AD group membership, list of users or Remote Desktop connections only

Keys management console

Create and edit authentication keys on a single place.

Emergency Password

Emergency login password allows users to login to avoid operations break

Active Directory

Easily replicates to any Terminal Server in AD by using automated pre-configured installation

Two-Factor Authentication based on One-Time-Passwords

A variety of One Time Password industry standards are supported


Google Authenticator, Yubikey, secure ID, etc

Authentication by SMS

Delivers OTP code by SMS to the user mobile phone

Active Directory

Reads information and 2FA policy from AD

Combine 2FA means

Rohos allows to combine any OTP enabled authenticator on a single server