Rohos Logon Key v.3.1 security features

Rohos Logon Key v3.1 introduces a number of significant changes. Now it allows to apply 2-factor authentication policy based on user list or user group membership in Active Directory. This will allow to test and implement 2-factor authentication step by step.

New features:

Read more

Rohos Logon Key 3.0 with OATH support

Let us present you a new version of Rohos Logon Key program – Rohos Logon Key 3.0 with OATH support. Now you can use popular Google Authenticator and Yubikey H-OTP for 2-factor Windows login.

Read more

Using Google Authenticator OTP for Windows login

The access to your computer or user account is usually password-protected. But sometimes it is not enough, especially, when your data requires high level of confidentiality. You don’t want to provide attackers with the chance to get hold of your most secret stuff and your data, don’t you? We has included Google Authenticator and Yubikey HOTP support into Rohos Logon Key. Now Windows login is performed in High-Safety mode by using Time based One Time Password and HOTP codes.

Read more

Windows 8, Yubikey and 2-factor authentication renewal

We updated Rohos Logon Key 2.9 with a few new options including Windows 8 support.

Rohos Logon Key allows to access Windows computer or Remote Desktop session by using a USB Key and optional password. With this release we allows all of the customers update for free before we switch to version 3.

What’s new list:

  • Windows 8 support
  • Yubikey Options dialog box now allows to edit and export registered Yubikey List.
  • New 2-factor authentication possibility – Require user to type Windows password along with a USB Key. Forcing string 2-factor authentication for Windows login.
  • Updated “Wireless PC Lock” tags support.
  • New feature – Write all authentication events to log file.

Download Now (Release date 14/11/2012)

Windows 8 Support

Now Rohos Logon Key authentication tile look like this.

USB Key based login into Windows

Read more

Rohos Logon Key v. 2.9 improvements for Windows 7

Dear users and customers, we are happy to announce a few improvements in Rohos Logon Key. New features affects “Allow login only by USB Key” feature specially when using Rohos Logon in corporate network or Windows Remote Desktop services.

What’s new:

Read more

Rohos Logon Key with easyident FS-2044, pcProx, KCY RFID readers support

Updated 10 Oct 2017.

Rohos encourages new technologies. Now Rohos Logon Key allows to use a
various of RFID tags for Windows logon: Indala, Emarine, Legic and
Hitag . Thanks to Awinta.de We have got a sample of easyident FS-2044
RFID reader, produced by Easyident.de
FS Fertigungsservice (Germany).  Also we have added support for
the following RFID readers: KCY 125 Khz , Addimat and pcProx Plus by
RFIDeas.

This RFID can read and write a few types of Tags produced by the
company, including one handy Hitag bracelet EM4100. RFID tag EM4100 is a
read-only RFID tag with a 40 bit unique ID which is read automatically
by RFID reader FS-2044.

This space-saving device with dimensions 91 x 91 x 14 mm is very
compact. Easy to install, you only need to setup the drivers for Windows
from the official web site. We have successfully integrated this device with Rohos Logon Key v.2.8. The easyident FS-2044 is one in a multiple devices that can be use in Rohos Logon Key for secure login your Windows computer.

 

Below are photos of that easyident FS-2044 RFID transponder.

 

How to use easyident, pcProx, KCY RFID readers for Windows Login:

1. Download and install Rohos Logon key.

2. Open Rohos Logon Key > Options > choose RFID FS-2044 as a key to Windows login.

Click on Options below USB Key type selection and Choose COM port where Easyident FS-2044 is connected.

Rohos Logon Key immediately check COM port for reader presence. Note,
now you can set up RFID tags, add and edit them. Save your time with
Import…/Export… options, the file with all configured tags can be saved
and exported on any other computer. Click OK to save this setting.

Enable option Login by USB Key only  
Enable “Require user to type Windows password along with a USB Key“. Two-factor authentication protects your computer now.

3. Open Rohos Logon Key > Setup USB Key

  • Place your EM4100 RFID Tag on the reader like on the photo.
  • Rohos Logon Key will detect it serial number.
  • Enter your Windows password and click “Setup USB Key”.

Now you may use this RFID tag for Windows logon including Windows Vista/Seven x32/x64 systems.

Possibilities:

  • Note,A  now you can lock the computer – bring the tag close to
    the reader, in order to unlock it a€“ again bring the tag to the reader.
    To put in force this option you need to enable option “Perform this action when you withdraw your USB key from computer”.
  • Unlimited number of tags configured. If you are interested to try it please contact us.

Known Issues:

  1. When the application (including Rohos) opens a COM port then other
    apps can’t open this COM port again. Rohos opens a COM port only for
    login, or Tag setup operations.
  2. If you have other apps that should work with a reader they could
    conflict with Rohos.  If so, do not use “USB Key removal” settings.
  3. If you have an applications that keep this reader opened (and COM
    port) it is possible that COM port will be locked thus for example the
    following use case will not be possible:
    – user turn on a PC and login with a TAG,
    – a 3rd party Application runs on the desktop and  working with Easident reader all of the time (COM port is locked).
    – user lock the desktop and try to unlock it with a TAG by using Rohos Logon Key
    – Rohos will not be able to connect COM port – and this user will not login by a TAG.
  4. Rohos reads RFID tags by KCY and PcProx RFID readers by using USB connection mode, so you may disable keyboard mode.
  5. PIN code functionality and Active Directory authentication are supported as well.

Please contact us if you wish Rohos Logon to support other RFID Tags of Easyident.

Rohos Logon v.2.7. eToken support for Windows Vista x64.

(updated on 15 September)

High levels of security require a secure storage tool for logins to Windows systems, applications and web sites. Rohos Logon Key offers two-factor authentication as a flexible approach to your PC protection. And this may be exactly what many are looking for in their pursuit of enhanced user authentication to their computers and networks.

In connection with this Rohos Logon Key v.2.7 has undergone several updates.

What’s new:

  • Now Rohos Logon supports eToken PRO in Windows Vista x64.  We have run compatibility tests with eToken PKI Client 5.0 SP1 for Windows Vista/XP x64. The result is a SUCCESS!. Also this update refers to RuToken, uaToken and other PKCS11 available devices that works under x64
  • Fixed YubiKey support for Windows x86/x64 bug
  • Fixed error in Windows Seven/Vista when using USB Key + PIN in Credentials Prompt dialog box (UAC).
  • Fixed Emergency Logon bug that may occur when user changes ‘Maximum attempts’ value.

To update, download new release and install over existing Rohos Logon. Restart Windows.

Screen shot:

Credentials Prompt of RDP 6.0 and login with USB Key

Microsoft Remote Desktop Connection 6.0 (on Windows Vista\Seven) by default makes it mandatory for the user to enter user name and password before RDP client can establish connection to the WinSeven/2008 remote server (“ Enter your credentials for <server>. These credentials will be used when you connect to the remote computer” ). This is called “ Network Level Authentication“. If you are going to use USB key you can skip this prompt or disable it.

on vista you will see

As Rohos Logon Key RDC plugin works with the established terminal session this Credentials Prompt may be ignored or disable it by default.

Actually if Rohos Logon is installed locally it could work in this ‘credential prompt’ window:

How to disable RDC Credentials Prompt:

To skip the credentials prompt – choose “Do not attempt authentication” under Authentication options on the Advanced tab, but this option is not set permanently. To permanently skip the additional credential screen , edit the Default.RDP file (My Documents folder) in notepad. Including enablecredsspsupport:i:0 disables the Credentials Security Service Provider for the connection. If you use separate .RDP files for different server, modify each of those .RDP files. Below is the content section of the default.rdp file with enablecredsspsupport:i:0 option included.

redirectposdevices:i:0
authentication level:i:0
enablecredsspsupport:i:0

prompt for credentials:i:0
negotiate security layer:i:1

Note that this workaround is suggested only if you connect Windows 2000/2003/XP systems because according to Terminal Services Team blog post – “This option does disable the new credential prompting behavior, but it also disables support for Network Level Authentication for Vista (and Longhorn Server) RDP connections; Network Level Authentication requires credentials to be provided by the client before a session is created on the server side.” So if you do connect to Vista over RDP, you’ll not be able to use this option.