Here you will find information about various devices and equipment that may be used in Rohos software for authentication purposes. Rohos software uses different types of hardware tokens to store passwords or logon profiles. Some of them support PIN code for two-factor authentication. All Rohos data blocks are stored on a USB key in encrypted form.

The list of supported tokens:

  1. USB flash drives
  2. HSM tokens, PKCS#11 compliant
  3. Smartcards
  4. Bluetooth proximity
  5. One-Time-Password tokens
  6. RFID wireless tags, MiFare cards
  7. U2F security keys
  8. Biometrics
  9. Custom devices
  10. Using of different devices and technologies with Rohos applications

USB flash drives

Supported in Rohos Logon Key (Windows and Mac) and Rohos Disk Encryption. After USB key has been configured it’s still may be used as a storage disk.

+ Supports PIN code for 2-factor authentication with limited fail-attempts before lock (3)

+ Configuration creates encrypted logon profiles in \_rohos\roh.roh file

+ By default password is not stored on the USB drive in plain form.

Also, including any USB storage device that has its own drive letter in Windows:

Also USB Flash Drive with Hardware Encryption. Rohos may use authentication panel of any Encrypted USB drive to authenticate into Windows:

  • IronKey
  • Kanguru Defender
  • Kingston DataTreveler secure and others

Tested devices: Apacer, LG, Lexar, Transcend, TakeMS, SanDisk, SD memory cards, IronKey, Kaguru Defender, Kingston SecureVault .

USB HSM tokens, PKCS#11 compliant

Supported in Rohos Logon Key (Windows) and Rohos Disk Encryption. In general any PKCS11 enabled token may be used in Rohos products.

+ Supports PIN code for 2-factor authentication with security provided by the token (number of fail attempts, unblocking features, change PIN)

+ Configuration creates 1 or 2 data blocks in private memory (up to 10 kb)

Tested tokens: Aladdin eToken PRO, ruToken, uaToken, Securetoken ST2/ST3, Futako HiToken, ePass, iKey ***, Crypto Identity 5, CrypToken, SenseLock, TrueToken, Feitian, Longmai mToken K3 and others.

See note below on how to use any PKCS11 token in Rohos in addition to the listed in Rohos setup window.

A few notes about PKCS#11 token initialization:

There HSM tokens like IKey 1000 that requires initialization before usage.

  1. Install “IKey 1000 Authentication Solution 4.0”, than includes driver and also PKCS#11 library k1pk112.dll (required by Rohos)
  2. Before token usage – please initialize iKey with “iKey Token Utility”.
  3. Initialize PKI storage (default value 648 bytes is ok) and User PIN (4-8 chars)

Read more about initializing of iKey…


Rohos Logon Key and Rohos Disk supports smart-card with PKCS#11 and Java Cards or the following models:

  • SC25J10 Smart Card.
  • HiCOS PKI smartcard Powered by Futako Ltd.
  • Java Cards J2Axxx or J3Axxx.
  • Athena USB Cryptocard

BlueTooth enabled mobiles.

Any smartphone or Bluetooth enabled device may be used as a wire-less authentication key to unlock your computer or notebook. Supported in Rohos Logon Key (Windows and Mac).

Learn more in article: How to use bluetooth mobile to lock/unlock Windows computer.

+ PIN code is supported in Mac version only

+ Configuration creates AES256 encrypted logon profiles in Computer disk

+ Authentication security based on uniqueness of Bluetooth device MAC address and PIN code.

Tested devices: A computer or notebook with MS Bluetooth stack or Mac OS X .

One-Time-Password OATH code, Google Authenticator

One-Time-Password OATH compliant codes produced by Google Authenticator or Yubikey are supported in Rohos Logon Key (Windows and Mac).

+ Configuration creates encrypted logon profiles in Computer.

+ Security based on OTP validation via online API of the manufacturer (requires internet) or HOTP/TOTP secret key stoked locally or in AD domain.

Learn more on how to use YubiKey for Windows Logon and release notes and 2FA setup with Google Auth / SMS authentication.


Tested devices: Yubikey (in static and dynamic OTP mode), Google Authenticator, Feitian OTP generators;

How to use Google Authenticator with Yubikey

RFID wireless tags, Readers and MiFare 1K /4K cards.

Rohos Logon Key (Windows) and Rohos Disk support the following RFID readers with MiFare 1K / 4K support:

  • ACS ACR122 and ACR128 NFC readers
  • SCM SCL010, SCL011G and SCL3711 RFID readers
  • Feitian , Longmai mNFC RFID readers
  • Easident FS-2044 RFID reader (only with RFID tag EM4100)
  • CR10MW (betta release)
  • MADA Legic RFID reader/writer with Legic Prime tags
  • pcProx by RFIDeas with a variety of 125 kHz cards supported: HidProx, Indala, EM410x etc.
  • KCY 125 Khz

Also Rohos Logon Key support Wireless PC Lock – USB receiver and wireless tag.

Rohos Logon Key features for RFID tags:

+ PIN code is supported via MiFare 1K / 4K Authentication Key A.

+ For Easident FS-2044 RFID readers Rohos configuration creates encrypted logon profiles in local computer registry.

+ In many cases Windows Active Directory authentication and Remote Desktop authentication with RFID tags are possible.

Please read more about MIFARE 1K support release notes.


U2F security key (soon)

Please visit our blog to try Rohos Logon Key with U2F support.


FingerPrint & Biometric enabled USB flash drives are also supported in Rohos Logon Key (Windows and Mac).

+ PIN code is supported in Mac and Windows

+ Configuration creates encrypted logon profiles in local computer

Tested devices: Transcend JetFlash 220 Fingerprint, takeMS MEM-Drive Biometric Scanline,

APACER AH620 Fingerprint Flash Drive under Windows and BioSlimDisk under Windows and Mac OS X.

See also Face recognition logon with Rohos Face Logon.

Custom authentication devices:

Rohos Logon Key and Rohos Disk uses internal token API and could work with virtually any HSM authentication device. How to test HSM PKCS11 compliant device:

  1. Install Rohos Logon
  2. Open Rohos Logon > Options > Select PKCS#11 security module and click Options
  3. In “PKCS#11 devices support” dialog box enter Enter dllname of a custom PKCS11 supporting module (the dll should be located in c:\windows\system32 or in rohos folder)
  4. Click OK > OK to close options.
  5. Open “Setup authentication key” and it should detect token connected to USB port.
  6. After setting up USB Key , click Win+L to try logon


Using of different authentication media with Rohos apps

The authentication on local computer is possible with every device by default.

Device type Remote Desktop
Active Directory
Rohos Management
PIN code Rohos Disk Encryption support
USB Flash drive
U2F key
Google Authenticator (OATH)
PKCS#11 compliant HSM tokens
MiFare 1K RFID smart-card
Addimat AG
Easyident RFID FS-2044
Bluetooth key
PC Lock USB dongle
Mobile phone (Android/iOs)

*The key shold be configured locally for all the workstations.

Note: For all the devices but USB Flash drive and Yubikey, it is necessary to download and install a support application/driver from its manufacturer.

If you are a Hardware Vendor, manufacturing security devices, we would be glad to operate side by side integrating your devices and equipment into our security solutions thus satisfying increasing customers requirements.

To become a Partner apply now
USB tokens FAQ and error messages explained