Rohos Logon Key provides numerous enhanced features over and above what our competitors offer. It helps you easily re-use your USB flash drive as a protection key and security token for home and office computer.
Here are Rohos Logon Key features list
- As authentication Key you may use: any USB flash drive, FIDO U2F, Yubikey, Smartphone or dongles like PKCS#11 eToken, RFID cards, smartcards, One Time Password generators, SMS/Email authentication;
- Automatic login or unlock when the Key is connected to computer;
- Regular password-based login can be disabled thus enforcing two-factor authentication;
- Automatic Desktop lock / logoff/ sleep when user unplug the Key from computer;
- [Unique] Protects your computer even in Windows Safe Mode login. It is not possible to bypass Two-Factor authentication security by loading computer into Safe Mode
- Emergency Logon that helps to access your system in case you lost your key or forgot PIN code
- Flexible Authentication Key options: A single Key can be used to log in into multiple computers – OR – A computer can accept only a single Key for login, ignoring stranger keys
- Allows to use authentication Key to access Remote Desktop.
- Allows to have all kind of Keys for a single computer: U2F, Google Authenticator and a regular flash drive;
- Writes authentication events log to a file or Windows Event Log.
- Allows to set your key image on logon screen.
- Hide logon key icon – allows to hide the presence of two-factor authentication method.
- Check authentication key serial number (default is Yes) – allows to control the list of authentication devices. The list of configured devices is stored in “Users and Keys” dialog or AD database.
- Protects Windows Safe Mode boot with two-factor authentication also. Please note some devices does not function in safe mode;
- PIN code can be cached for 30 seconds; During this period user can use authentication key in UAC requests without entering PIN code each time;
- Disable Windows 10 Lock Screen allows to speed-up Windows unlock by skipping additional welcome screen wallpaper.
- Disable 2FA in Credential Prompt when an application requests Administration credentials to authentication network or other operations;
- Maximum number of PIN code attempts for the 2FA methods for which PIN code are emulated by Rohos.
- Auto logoff after an inactivity period
- Logon screen notice – a text that will be displayed on logon screen during 2FA request.
- Domain Name field allows to set precise domain name for Rohos.
- Write log files for troubleshooting purposes. If enabled rohos records internal events during all operations, this allows to troubleshoot errors and issues;
Emergency Logon features
- Allows to set a set of questions that you need to reply in order to bypass 2FA policy and login just by using regular Windows password.
- The maximum number of questions is 4.
- The answers should be 4 chars length minimum.
- By default there are 3 attempts to answer the Emergency Logon questions after that it will be disabled until user will set it again.
Features for Windows Active Directory network
- Works with all major Windows authentication services: Local login, Rohos Logon integrates into Windows logon model, USB key for password-less login Network/AD login, Novell Client login, Remote desktop login.
- Rohos Logon Key integrates with the Windows authentication framework without replacing its functionality. Thus, no compatibility problems will be encountered just because you have installed Rohos Logon.
- Rohos Key Manager and Remote Config utility included into Rohos Management Tools allows to apply two-factor authentication method for hundreds of users across your Active Directory;
- A set of pre-configured PowerShell scripts allows to backup 2fa settings, implement SMS/Email based authentication for local/remote access; Register many devices for a list of users;
- MSI and EXE installation packages with command line switches.
- Standalone and AD-joined workstation are supported by specifying LDAP connection setting;
- Support password expiration/renewal policies in Windows, including Remote Desktop connection. The Key will be updated with a new password.
- The program can disable access to USB removable drives that are used as authentication method. The USB drive can be used as a key to access workstation but not as a storage.
- Fully customized logon icon and message boxes.
- 60-day trial period. Ask for a Registration Key in order to thoroughly test Rohos Logon Key in your company during 60-day trial period.
If you are looking for a specific feature within our software, then please let us know and we will be happy to provide you with any additional information we have about that specific functionality.
Authentication key security features
- Authentication Key cannot be duplicated. Logon profile is bound up with a device UID or serial number.
- By default each Key is bound up with a computer where it was configured for login. Another Keys will be ignored by the program (even with a valid logon profile). Computer owner can forbid using any other Key except one for login.
- Protected password. By default Key does not contain your Windows password in plain form, but only Encryption Key pair that is used to decrypt logo profile into a Windows password for each login operation.
- Two-factor authentication by using PIN code for Key. This is a small password with only 3 attempts to enter that is required when you login by Key.
- Two-factor authentication by using Windows password and Key. When you configure key without entering user Windows password then you enable 2FA. In order to login you will need to connect the key and then enter your Windows password. Providing only the key or only the password will not allows you to login;
Rohos Logon Authentication modes
Rohos Logon seamlessly integrates into any Windows logon configuration using one of the following authentication modes. Each mode is a set of Rohos Logon settings and tools that is used in order to provide password replacement solution in a particular case:
- Rohos welcome screen (gina.dll)
Recommended for Windows 2000 Pro.
Rohos replaces Windows authentication module (gina.dll) with its own custom gina.dll.
– Not compatible with Windows XP Fast User Switching
- Windows XP/Vista welcome screen + Rohos
Recommended for Windows XP/Vista;
Rohos integrates into Windows welcome screen/login window.
– Password expiration/renewal doesn’t supported
- Windows native authentication (msgina.dll)
Recommended for Windows 2000 Server/2003, or Windows 2000/XP joined to Windows/Novell network.
Rohos Logon Key works “over” gina.dll authentication module without replacing its functionality. (supports integration with msgina.dll, nwgina.dll, ctxgina.dll).
The password is automatically entered into login dialog box right from the USB Key.
o Remote Desktop login using USB Key works
o Password expiration/renewal works