Using SecureData USB flash drive for Windows and Mac Login
We would like to recommend the use of a SecureData SecureUSB® Duo encrypted device in conjunction with Rohos Logon Key for Windows Logon two-factor authentication. This will give you an additional layer of security. SecureUSB Duo hardware-encrypted USB Flash Drive offers Host/OS Independent user-authentication and military grade security. User authentication can be done by using the physical keypad on the USB drive or via your smartphone using the free User app (iOS or Android). When using the keypad, you can either plug it into an open USB Port on any type of Windows computer and enter your 7-64-digit PIN (password) to unlock the drive, or press the key button, enter the PIN, and then plug it into any open USB port. When using the phone to authenticate, you will need to download the free app from the App store for iPhone, or from the Google Play Store for Android devices. To unlock the drive using the app, you will need to plug the drive into the host then open the app on the phone. Using a smartphone for user-authentication offers additional security layers that you can set up in the app. You can set 2FA to unlock the drive or use bio-metrics. We also suggest setting up PIN recovery in the event the PIN is ever forgotten. Rohos Logon Key is the only solution on the market that allows to set up of two-factor authentication redundancy by employing multiple 2FA methods on the organization level or user account level. Read more to find out how to configure and use SecureUSB for Windows logon.
Windows login with SecureDrive USB flash drive
In order to login into Windows desktop with SecureUSB Duo, user first needs to unlock the device and then connect it to the computer. Rohos will immediately detect attached USB drive letter and unlock the desktop.
In order to start using SecureUSB Duo, user needs to press the Key button at the bottom first, enter the PIN, and press the key button. If using the phone app, plug the drive into the system, launch the app, and press the red lock to authenticate the drive.
During the blinking of the red light, user needs to enter the access PIN and press the Key button again. The green button will light up meaning that now you can plug the drive into the computer’s USB port.
One of the important unique features of SecureUSB Duo is that PIN code verification mechanism is isolated from USB port communication on hardware level. Only after successful PIN code verification will the device USB communication be enabled so that computer may communicate with the drive via USB port. Before drive is unlocked with successful user-authentication, it is impossible to communicate with the device hardware via USB port. Drive is invisible to the computer (as a saying goes: “you cannot hack what you don’t see”). This is an important security feature, since it prevents malware and attackers to affect or exploit the device while it is connected to computer in locked mode, without entering correct pin code. For example, it is not possible to retrieve device serial number if it is locked, since USB communication is down. Alternatively, the user can use the SecureData Lock app to enter correct PIN or use biometrics to authenticate and unlock the SecureUSB. Once the drive is inserted, the red lock will flash on the drive indicating it is establishing an encrypted wireless connection between the drive and phone. Once it is done, the user will press the lock on the phone and the drive will be unlocked with using either PIN entry, or biometrics, or remember password, which ever option the user chose. If 2FA was selected, a SMS code will be sent to the phone to verify.
How to configure SecureUSB Duo for Windows logon
According to manufacturer SecureData Inc., SecureUSB DUO Drive is a password-protected flash drive designed with real-time military grade XTS-AES 256-bit hardware encryption. It is designed to protect data from breaches, or from unauthorized users who access a lost or stolen drive.
First, you Install Rohos Logon Key and have your SecureUSB Duo configures according to vendor manual. Open Setup Authentication Key dialog…
Set 2FA control policy options:
2FA benefits with SecureUSB Duo
Here are device features that two-factor authentication will benefit from:
• High security mode: OS independent Pin code authentication thanks to rechargeable battery inside. Real-time military grade XTS-AES 256-bit hardware encryption to protect user logon profile data. If the battery has discharged, just plug it into a powered USB port for a minute or so, or connect drive via USB cable.
• Required to use minimum 8 digits for pin code setup.
• Pin code brute-force protection. After 10 consecutive incorrect pin attempts, all of the drive’s data, and settings will be wiped by hardware.
• Read-only mode for USB drive storage allows to limit the use only as an access key for Windows login purposes.
• Inactivity AutoLock automatically stop USB communication and remove drive letter from Windows after a specified time between 1 and 60 minutes due to inactivity.
• If the app is being used, you can set step away auto lock to lock the drive if the user steps away from the drive and carries their cell phone with them.
On top of hardware-based Pin code, Rohos Logon allows to define software-based PIN code for each device in conjunction with Rohos centralized 2FA database in Windows Active Directory. The Rohos PIN code can be set/change by Administrator in any time, regardless the SecureUSB connection state.
About Rohos Logon Key
Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, AnyDesk .
Get your copy of Rohos Logon Key>
View complete list of supported devices for Windows 2FA logon>