Tesline-Service SRL Rohos Logon Key v2.5
Strengths: Easy to use with an attractive price; use your own USB drives as hardware tokens.
Weaknesses: Support, auditing, reporting.
Verdict: Nice, affordable solution for adding two-factor authentication to Windows desktop and Terminal Service devices.
SummaryRohos Logon Key v2.5 converts any USB flash drive into a security token for a computer, and it allows access to a Windows or Mac machine in a secure way by USB token, replacing the password-based login. The tool provides a USB method of authenticating to a desktop, Active Directory or Novell Netware service. Your credentials can be stored on the USB device, and authentication is provided when the device is inserted.
The Rohos Logon Key supports native Windows Gina integration, replacement of the MS Gina with a Rohos welcome screen, or a combination of the two.
Removal of the key can trigger a chosen response, such as lock screen, log off or power down. A nice feature we discovered while testing this device is the ability to pre-configure a timeframe to allow the key to be removed before performing the chosen lock task. This can provide access to the USB port for other devices for a short period of time.
Access to the USB key was protected by a PIN code, providing additional security in the event the device is lost or stolen.
The Rohos Management Utility provided an easy to use interface for configuring keys, backup and restore keys, and change remote desktop welcome messages. The device configuration did, however, require administrative access to our test PC.
The two-factor authentication comes from the use of the PIN number to access the USB key. On successful entry of the PIN, the USB key will authenticate the user using the Windows credentials. By default, the USB key does not contain the Windows password in plain form. It contains an encryption key pair that is used to reconstruct the password for login operation. As an added benefit, the Rohos Key can disable access to other removable media.
The USB key can be provisioned to support up to 64 separate logins to allow a single user to authenticate to multiple devices. Additionally, Rohos supports integration with other token platforms.
Support is offered via email and provided on an eight hours a day/five days a week basis.
The documentation was well written and provided us with what we needed to install and use the device.