Multi-factor authentication with RFID cards HidProx, Indalla, HiTag and Emarine in Rohos Logon Key 3.5

Rohos Logon Key v3.5 announce now support of RFIDeas pcProx reader and KCY-125 RFID reader. This allows to implement multi-factor authentication by using a variety of RFID cards, tags, bracelets and employee ID badges of Emarine, Indala, HIDProx and other standards in Active Directory and standalone Windows workstations as well. Rohos Logon Key replaces weak password based login with a physical key and PIN code or physical key and Windows password. This improves organization security controls and brings regulatory compliance such as HIPAA, HITECH, PCI DSS, FFIEC and others.

Whats new in Rohos Logon Key 3.5:

  1. Rohos now disables Windows 10 lock screen feature to speed-up authentication process. This eliminates the requirement to press any-key on a keyboard to close Lock screen picture.
    (Rohos modifies registry key HKEY_LOCAL_MACHINE SOFTWARE\Policies\Microsoft\Windows\Personalization, NoLockScreen=1)
  2. Added support of RFID reades by “Wave ID” pcProx, plus, nano, writer. Rohos uses RFIDeas API to read RFID tag serial number via USB connection. Keyboard output is not required. A great variety of 125 kHz cards are supported: HidProx, Indala, EM410x etc.
  3. Added network mode support for Active Directory networks. Now Rohos Logon Key automatically detects the presence of its database in Active Directory and switches to use domain-wide 2FA settings and 2FA devices controls which are set by using Rohos Management Tools installed on Domain Controller. A few improvement was made in Rohos Logon Key network mode:
    1. Custom “Wrong PIN”, “Wrong 2FA device” messages;
    2. Custom value for the Maximum number of wrong PIN attempts for 2FA devices like RFID tags;
    3. New option “RFID devices KCY/pcProx” was added to Rohos Remote Config;
    4. Auditing of all 2FA events, Emergency logons, Wrong PIN entries, etc.
      read more>
  4. Improved OTP authentication security for Google Authenticator.
    1. New option to narrow OTP validity timeout to 60 sec or custom value;
    2. New feature to support e-mail based OTP delivery;
    3. OTP delivery functionality now is open source by using PowerShell scripting;
    4. Working to support 2FA with Google Authenticator on workstations joined to domain (please see beta releases);

The update is free for customers of Rohos Logon Key v.3.*


How to setup pcProx RFID reader for use in Rohos Logon Key

The readers doesnt require drives and special setup for Rohos Logon Key, right after plugin it starts working.

Open Rohos Logon Key > Options and choose “RFID readers easyident/KCY/pcProx” 2fa device to be used as authentication device.

or open Rohos Remote Config and choose “RFID devices KCY/pcProx” and click “Save settings”.

Next you can start assigning RFID tags/cards to AD users by using Key Manager application or by using multi-user registration feature in Rohos Remote Config application.

AD network mode support

Rohos Logon Key automatically detect Active Directory environment and it’s database created by Rohos Management Tools. Once it is connected to AD database, Rohos uses domain-wide settings to apply two-factor authentication (2FA) control and 2FA devices list. Read More>

There are few ways of multi-factor authentication that employee\user needs to perform in order to login into workstation:

  • RFID card + PIN code (a short password with a limited attempts to enter a correct value);
  • RFID card + Windows password;
  • Just RFID card (works like a password replacement form of authentication to simplify access to computers);

The benefits of AD network mode support:

  • Centralized 2FA settings applied on an entire AD domain\site.
  • Control over a list of allowed 2FA devices assigned to users/employees.
  • Variety of multi-factor authentication means within an organizations: One-Time-Passwords, RFID tags/cards, HSM security tokens, SMS/Email based authentication.
  • 2FA Auditing, offline workstations support, 1FA emergency logon, 1FA lists and user groups, 2FA by IP filtering, etc.


Authentication by One-Time password with Google Authenticator

We have updated “Google Authenticator OTP” authentication means in Rohos Logon Key.

On the settings page you can do the following setup:

  • Control OTP validity timeout;
  • Edit and test OTP delivery script;

About Rohos Logon Key

Two-factor authentication solution that allows you to access Windows workstation or Remote Desktop in a secure way by a variety of multi-factor authentication means such as One-Time-Password (Google Authenticator, Yubikey etc), RFID cards, PKCS#11 security tokens or cost effective regular USB flash drives.
It is the easiest way to implement multi-factor authentication for organizations who are really concerned about data security and regulatory compliance with HIPAA, HITECH, PCI DSS, FFIEC .
Learn more>