Using SecureData USB flash drive for Windows and Mac Login

 We would like to recommend the use of a SecureData SecureUSB® Duo encrypted device in conjunction with Rohos Logon Key for Windows Logon two-factor authentication. This will give you an additional layer of security. SecureUSB Duo hardware-encrypted USB Flash Drive offers Host/OS Independent user authentication and military-grade security. User authentication can be done by using the physical keypad on the USB drive or via your smartphone using the free User app (iOS or Android). When using the keypad, you can either plug it into an open USB Port on any type of Windows computer and enter your 7-64-digit PIN (password) to unlock the drive, or press the key button, enter the PIN, and then plug it into any open USB port. When using the phone to authenticate, you will need to download the free app from the App Store for iPhone, or from the Google Play Store for Android devices. To unlock the drive using the app, you will need to plug the drive into the host and then open the app on the phone. Using a smartphone for user authentication offers additional security layers that you can set up in the app. You can set 2FA to unlock the drive or use bio-metrics. We also suggest setting up PIN recovery in the event the PIN is ever forgotten. Rohos Logon Key is the only solution on the market that allows the setup of two-factor authentication redundancy by employing multiple 2FA methods on the organization level or user account level. Read more to find out how to configure and use SecureUSB for Windows logon.

Windows login with SecureDrive USB flash drive

In order to login into the Windows desktop with SecureUSB Duo, the user first needs to unlock the device and then connect it to the computer. Rohos will immediately detect the attached USB drive letter and unlock the desktop. In order to start using SecureUSB Duo, the user needs to press the Key button at the bottom first, enter the PIN, and press the key button. If using the phone app, plug the drive into the system, launch the app, and press the red lock to authenticate the drive. Press the key button to start typing the SecureUSB access code, 7 or more digits. SecureUSB DUO example is shown. During the blinking of the red light, the user needs to enter the access PIN and press the Key button again. The green button will light up meaning that now you can plug the drive into the computer’s USB port. Green light means the hardware successfully authenticated the correct PIN code. SecureUSB KP example is shown. One of the important unique features of SecureUSB Duo is that the PIN code verification mechanism is isolated from USB port communication on the hardware level. Only after successful PIN code verification will the device USB communication be enabled so that the computer may communicate with the drive via the USB port. Before the drive is unlocked with successful user authentication, it is impossible to communicate with the device hardware via the USB port. Drive is invisible to the computer (as a saying goes: “you cannot hack what you don’t see”). This is an important security feature since it prevents malware and attackers to affect or exploit the device while it is connected to the computer in locked mode, without entering the correct pin code. For example, it is not possible to retrieve the device serial number if it is locked since USB communication is down. Alternatively, the user can use the SecureData Lock app to enter the correct PIN or use biometrics to authenticate and unlock the SecureUSB. Once the drive is inserted, the red lock will flash on the drive indicating it is establishing an encrypted wireless connection between the drive and phone. Once it is done, the user will press the lock on the phone and the drive will be unlocked by using either PIN entry, biometrics, or remembering the password, whichever option the user chose. If 2FA was selected, an SMS code will be sent to the phone to verify.

How to configure SecureUSB Duo for Windows logon

According to manufacturer SecureData Inc., SecureUSB DUO Drive is a password-protected flash drive designed with real-time military-grade XTS-AES 256-bit hardware encryption. It is designed to protect data from breaches, or from unauthorized users who access a lost or stolen drive. First, you install Rohos Logon Key and have your SecureUSB Duo configured according to the vendor manual. Open Setup Authentication Key dialog… Set 2FA control policy options:

2FA benefits with SecureUSB Duo

Here are device features that two-factor authentication will benefit from: • High-security mode: OS-independent Pin code authentication thanks to a rechargeable battery inside. Real-time military-grade XTS-AES 256-bit hardware encryption to protect user login profile data. If the battery has discharged, just plug it into a powered USB port for a minute or so, or connect the drive via a USB cable. • Required to use a minimum of 8 digits for pin code setup. • Pin code brute-force protection. After 10 consecutive incorrect pin attempts, all of the drive’s data, and settings will be wiped by hardware. • Read-only mode for USB drive storage allows limiting the use only as an access key for Windows login purposes. • Inactivity AutoLock automatically stops USB communication and removes the drive letters from Windows after a specified time between 1 and 60 minutes due to inactivity. • If the app is being used, you can set step away auto lock to lock the drive if the user steps away from the drive and carries their cell phone with them. On top of hardware-based Pin code, Rohos Logon allows the definition of software-based PIN code for each device in conjunction with Rohos centralized 2FA database in Windows Active Directory. The Rohos PIN code can be set/changed by the Administrator at any time, regardless of the SecureUSB connection state.

About Rohos Logon Key

Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, and AnyDesk. Get your copy of the Rohos Logon Key> View the complete list of supported devices for Windows 2FA logon>  Download a 15-day trial, all features included>