Search:
 
 
 

How to increase password security with two-factor authentication for Windows logon.

 

 

 
 

.

Updated : January 25, 2007
Applies to: Windows XP/2000/2003/Vista.
Summary:
It is not true when they say that security improves as password complexity increases. In reality, users simply write down difficult passwords, leaving the system vulnerable. Security is better increased by using two-factor authentication solutions. Rohos Logon Key program offers excellent password replacement solution for home and company.

"Secure" Passwords Facilitate Breaks-In

Passwords that comply with "security-improving" principles (long and random generated, forcing users to change passwords frequently) lead to one outcome:
- users write down their passwords or avoid using them at all.

Two-Factor Authentication Basics

Two-factor authentication is a security process in which the user provides two means of identification:

  • one of them is a typically physical token, such as USB flash drive or smart-card,
  • and the other one is typically something memorized, such as a security code or PIN code for USB flash drive.
    In this context, the two factors involved are sometimes referred to as something you have and something you know.

A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it. To access to the account (get money) the user needs to provide both of them.

Why is it necessary to use two-factor authentication?

Two-factor authentication reduces the incidence of identity theft and other online fraud, because the victim's password would no longer be enough to access to user information.

Rohos Logon Key - Allows to access Windows computer in a secure way using USB flash drive:

    Rohos replaces password based Windows login with a USB Key.

    Supports USB flash drives, U3 Smart flash drives, SD/MMC memory cards.

    Automatic logs in or unlocks when USB Key is detected.

    Automatic Windows lock when user withdraws USB Key from computer.

    USB Key security: 2-factor logon with PIN code, USB key copy-protection. Logon data are encrypted.

    Password based login can be prohibited.
    Learn more...

    .

User identification via USB Key (flash drive).

Corporate Windows 2-factor authentication solutions such as GemSafe GemPlus smart card software store user credentials on smart-cards and USB tokens with smart-card chip inside it (Rainbow, Alladdin e-token, etc). These solutions are expensive to install, maintain and support. Around $25-$50 for the smart card or token and the associated software, plus an additional $25 for each smart card reader.
For small offices and home users we recommend using USB flash drive for Windows login.

About Smart-card: a small chip with integrated CPU, memory (4-100 Kb) and organized data access system with advanced security options such as PIN code, access conditions, cryptographic features: encryption, HASHing and signing algorithms.

.

    USB Key security in Rohos Logon Key program:

    • USB Key copy protection. Logon profile is bound up with a USB flash drive serial number. Thus USB Key cannot be duplicated by unauthorized person;
    • USB Key originality. By default USB Key is bound up with a computer where it was created for login. Another USB Key will be ignored by the program (even with a valid logon profile).
      Computer owner can forbid to use any other USB Key except one for login.
    • Protected password. By default USB Key does not contain your Windows password in plain form, but only Encryption Key pair that is used to reconstruct password for login operation.
    • Two-factor authentication using PIN code for USB Key. This is a small password with only 3 attempts to enter, that is required when performing login by using USB Key.


    Security options are the same when using Smart Card:
  • You can set up PIN code protection for USB flash drive as well as for Smart Card
  • Malefactor or a thief will not be able to create a copy of your USB key or Smart Card just by copying key files from one USB flash drive to another.


    What is different:
    Smart cards support advanced PIN code features such as: total device is blocked after 3 wrong attempts of PIN code entry. Separate PIN code for a regular user and a key Administrator.


    How to configure two-factor authentication for Windows?

    Some people are puzzled by the phrase "Setup your USB flash drive for Windows login". The detailed step-by-step instructions are available here.

    Rohos Logon Key - Password replacement solution for Windows login. Turn regular USB drive into security token.







Rohos Logon Key
Software to make this USB drive into a security token.


How to use USB flash drive for Windows login?

 

 
 
     
 
 
© 2004-2008, Tesline-Service SRL, Privacy policy|Site map|Press Resources