We are glad to announce Rohos Logon Key 5.2 beta release with Windows on ARM support that now works on Microsoft Surface PRO X2 based on SQ1,SQ2,SQ3 CPU and other Windows laptops based on Snapdragon CPU.
What’s new in Rohos Logon Key 5.2:
Improved AD group lookup code
Fixed policy to require 2FA in case of AD group lookup failed.
Set to ignore NLA credentials over RDP and require user password entry again if the following option is enabled – “require a password with the 2FA key”.
Added support for ARM64 Windows for Windows Surface
MSI setup package updated for compatibility with Windows on ARM.
Other minor improvements.
Download and Install over the existing Rohos Logon app to try new features: Download the latest Rohos Logon Key v.5.2 (15-day trial full version) >> Download MSI package for Rohos Logon Key v.5.2.
About Rohos Logon Key
Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, and AnyDesk.
We are glad to announce Rohos Logon Key 5.0 stable version with minor bug fixes and improvements on top of 5.0 preview release.
What’s new in Rohos Logon Key 5.0:
Fixed “Users and Keys” dialog box.
MSI setup package updated for compatibility with Microsoft Defender.
Fixed PIN code dialog box behaviour in logon screen.
Fixed RFID card 2FA method and login loop issue after card removal action.
Improvements in Google Auth OTP 2FA method for workstations in Windows Active Directory.
Minor fixes in Rohos Remote Config.
Download and Install over existing Rohos Logon app to try new features: Download the latest Rohos Logon Key v.5.0 (15-day trial full version) >>
For customers with Rohos Logon Key v.4.8-4.9 license, the update is available with 50% discount, please refer to the registration letter or apply for a discount now.
About Rohos Logon Key
Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, Smartphone, or strong authentication devices like U2F key, YubiKey, Google Authenticator One-Time password codes, SafeNet iKey tokens, or RFID cards. With Rohos you can protect standalone computers, Active Directory workstations, Terminal Servers, Azure and AWS workstations, or other remote assistance solutions like TeamViewer, and AnyDesk.
We are glad to announce Rohos Logon Key 5.0 early preview with improvements in the ‘2FA bypass control’ feature and better compliance with Microsoft Defender.
Read the rest of this entry »
We would like to share some advice regarding two-factor authentication and its use with an admin account when logging into Windows RDP. If it is not enabled currently we would strongly advise setting up the admin account for additional OTP authentication in conjunction with Remote Desktop access and Rohos Logon Key. Let’s review the pros and possible side effects.
Of course, it is highly recommended to use 2FA for the admin account, and it is definitely recommended rather than keeping it 1FA only. Just to remind you the default RDP login based on NLA credentials (user login and password in plain form stored in .rdp connection file) from the client side is quite vulnerable now since these credentials may be stolen and used by malware operators in an automated way – so the attack speed will be just 5-10 minutes. So today, the absence of additional authentication factors (2FA/MFA) is considered negligent. Even more, due to recent development in exploits and malware for the Windows operating system, desktop sessions created by regular user accounts also may be elevated to Admin Privileges in Domain or Active Directory (AD) with a high success rate depending on your defense type (Anti-virus type, EDR solutions, etc). So a variety of exploits for horizontal/lateral movement in AD are huge also. But of course, Admin’s accounts are always a special target for cyber-criminals and are traded as a high-price asset on the darknet.
To summarise, definitely you need to start your cyber-security efforts in 2FA from some point, and admin accounts are the right starting point, highlighting you have a cyber-security strategy. Especially with Rohos, since it is very easy to start with and has a fixed one-time price.
Read the rest of this entry »
We are glad to announce Rohos Logon Key 4.8 with automated control over ‘2FA bypass scenarios’. The new experimental feature allows getting an immediate push notification on the smartphone when the 2FA procedure was avoided during login/unlock or reconnect to console or remote sessions. Because of well-known system vulnerabilities that allow RDP session hijacking, never-ending stories with 0-day exploits in RDP protocol or authentication system, unattended remote tools like TeamViewer or 2FA credentials theft during fishing or social engineering – all these lead to unpredictable threat models and risks.
We continue to improve Rohos Logon Key towards intelligent Multi-Factor Authentication decision framework. With new Rohos Logon Key 4.6. you can use multiple kind of authentication methods and devices in parallel. Now you can introduce new MFA authentication procedure on-the-fly without stopping using the current old one. Starting a pilot with a new authentication device was never such easy as now with Rohos Logon.
We have updated Rohos Management Tools v.4.4 adds improvements and bug fixing for Rohos Logon Key v.4.4 in Active Directory network. New Rohos Management Tools allows better MFA management over Active Directory workstations in isolated environments. With Rohos you can use industry accepted RFID cards such as EM, HID Prox, HiTag, Legic, Mifare as a second/single factor logon method for workstation/HMI terminals.
We are glad to announce new MFA Push Tokens support to “Smartphone” authentication method available in Rohos Logon Key. The Rohos Logon Mobile app will deliver two-factor push notifications to workstation or remote desktop server for fast and secure access. A single smartphone can keep multiple authentication records to access multiple computers.
Rohos 2FA Push token advantages:
Out-of-band Multi-factor authentication. 2FA Push token is delivered via Web Socket method that employs alternative Internet connection from mobile device.
Your account on Google, Amazon, Azure cloud can be used to host Messaging Broker or you can use a variety ready-to-go MQTT SaaS solutions like: MyQttHub.com, CloudMqtt.com
2FA Push token includes strong Encryption AES256 and OATH technology thus it is resilient against man-in-the-middle and reply attacks event on non-SSL\TLS channels.
Rohos 2FA Push token implementation is open-source.
We have updated Rohos Management Tools v.4.4 adds improvements and bug fixing for Rohos Logon Key v.4.4 in Active Directory network. New Rohos Management Tools allows better MFA management over Active Directory workstations in isolated environments. With Rohos you can use industry accepted RFID cards such as EM, HID Prox, HiTag, Legic, Mifare as a second/single factor logon method for workstation/HMI terminals.