1 1

Product Number 20090430-001

Rohos Logon Key

Rohos Logon Key

Version 5.3

Update Date 2024/04/06 00:59:42 (Sat)

Developed by Tesline-Service.S.R.L.

¥5,850
¥5,850
Sale Sold out
License Type
Transform your current USB memory into a hardware authentication key
Any USB drive can be used as a hardware key.
It replaces normal login authentication and allows you to safely log in to Windows using a USB hardware key.

It caters to a wide range of users, from corporate users seeking strong security to individual users who want to protect privacy among family members!

Trial period: 15 days

rohos_welcome.exe
Mac version available here

Support OS Windows 10 32bit, Windows 10 64bit, and Windows 11 64bit

About License ボリュームライセンスキー (単一キーでの複数台ライセンス)の発行が可能です。

View full details

Purchase notes: It takes 1-5 days from purchase to license issuance.

Customization for companies is possible. Please contact us in advance.

Volume license keys (multiple licenses with a single key) can be issued.

Product Information

Product OverviewUSB key security

Rohos Logon turns any USB flash drive with a serial number into a security token. Rohos Logon does not store any information on the USB flash drive, so you can use it even on USB drives that are not compatible with your machine.Two-factor authentication using a PIN codeBy setting a PIN code, you can protect your USB key from someone using your hardware key to log on to your PC without your permission. After you plug in your USB key, Rohos Logon will ask you to enter your PIN code to log in.The PIN code works with USB flash drives, Bluetooth enabled mobiles, touch tags etc.Security feature: If you enter the wrong PIN code three times, the USB key will be blocked and you will no longer be able to use it as an access key.

Benefits of Introducing Rohos Logon Key

  • You can change the login password, which is a weak point in login authentication, to a hardware USB key. (USB memory or memory card can be used.)
  • You can use it without having to remember a long password.
  • Logging in using a USB key is fully automatic.
  • No need to manually enter your password every time you log into a password-protected Windows account.
  • Secure login with two-factor authentication: USB key + PIN code password
  • You can use one USB key to log in to your home, laptop and office PC.
  • You can restrict user access based on USB key and time settings.
  • Windows is also protected in Safe Mode.
  • Assign a password to the user account and enable protection for hibernated computers.

Key Features

  • Prohibit login with normal password
  • Any USB memory stick, U3 smart flash drive, SD/MMC memory card, Aladdin eToken, Yubikey, etc. can be used as a USB key.
  • When a USB key is detected,Automatically log in or unlock
  • Automatically when the user removes the USB key from the computerLock WindowsOr set the action to take when the USB key is removed (e.g. hibernate, start screensaver, logoff, etc.)
  • Windows Safe ModeProtects your computer even with a USB key login (it is impossible to boot your computer in safe mode without passing the USB key security)
  • Emergency Logon(Allows you to access your system if you forget your USB drive or PIN code)
  • Convenient USB key option(One key can be used to log in to multiple computers, or one computer can only be logged in with one key.)
  • Restrict access to your PC based on time settings(You can limit the time when a user can log in. When the time is up, Rohos will automatically lock the PC.)
  • Rohos will select the authentication mode and automatically integrate it into your Windows settings.
  • Remote DesktopYou can use a USB key to log in to the

View product details

Rohos Logon Key
Rohos Logon Key main screen
USB flash drive configuration screen to configure the USB key to access the PC
USB Key Security Options and Login Model Options Dialog Box
Emergency logon settings in case the USB key is lost
USB Key Management utility
Included in Rohos Logon Key Server Edition.

Server Edition is here
Logon Model
Integrate Rohos into the Windows Vista boot screen (login screen)
New in Windows Vista is User Account Control, which can automatically restrict the programs that users can run.
The Rohos Logon Key icon is integrated into this dialog.
Integrate Rohos into the Novell Client login window
(Typical Windows logon model)
Integrate Rohos into the Windows XP login screen without disabling user switching
Run Rohos Logon in Safe Mode
Rohos Logon can protect you even when booting in safe mode. You can boot Windows in safe mode and prevent USB key security from being circumvented. You can disable the OK button and the username/password input fields (when set as an option). Login is only possible with a USB key.

View product details

Two-factor authentication for Windows remote desktop
Multiple methods of hardware and software authentication:
  • One-time passwords with Google Authenticator
  • HOTP Generator Dongle
  • SMS-based authentication using OTP codes
  • PKCS#11 compatible HSM tokens such as iKey and eToken

Small software
Rohos Logon Key has a simple control panel and a single two-factor authentication settings dialog to define the two-factor authentication method for remote desktop access.

Easy installation
Rohos Logon Key is installed directly on Windows Terminal Server hosts and is only integrated into the interactive authentication process without affecting DC policies or AD schema.

Diversity
Choose from traditional PKCS#11 compatible HSM tokens and combine devices from several manufacturers. Try modern one-time password generators like Google Authenticator that work with any smartphone. You can even use a regular USB flash drive as an authentication device.


Secure Two-Factor Authentication for Windows Remote Desktop
It is secure because it uses a USB flash drive as an authentication key. PKCS#11 Hardware Security Modules such as iKey/eToken and smart cards JavaCard/MiFare 1K

function

2FA Policy
WAN/LAN IP filters, user AD group membership, list of users or just remote desktop connections.

Key Management Console
Create and edit authentication keys in one place.

Emergency Password
Logging in using the emergency login password prevents interruptions to operations.

Active Directory
It can be easily replicated to any terminal server in your active directory with automated, pre-configured installation.

Based on one-time password

A variety of industry standard one-time passwords are supported.

OATH Compliant
Google Authenticator, Yubikey, Secure ID, etc.

Authentication via SMS
An OTP code will be delivered via SMS to the user's mobile phone.

Emergency Password
The emergency login password allows users to log in and avoid interruptions to operation.

Active Directory
It reads information and two-factor authentication policies from Active Directory.

Combine two-factor authentication
You can freely combine any OTP-enabled authentication on one server.



How to use

It is integrated into the Windows Terminal Services login screen. It works by adding two-factor authentication to your existing authentication infrastructure. After you apply the two-factor authentication policy, users can only log into a remote desktop session by using an additional security device.

Benefits of Remote Desktop Access Control:
  • You can choose the conditions to apply to: User list, AD user group, or Remote Desktop users only
  • Users must provide the USB token every time they log in
  • Each generated key is unique and cannot be duplicated by users
  • The USB key can be configured on the terminal server or on the local administrator PC via Remote Desktop
  • You do not need to install Rohos on the client PC/device from which you are logging in.
  • You can use PKCS#11 tokens from different vendors simultaneously

Diversity for higher security:
  • User login + USB keys like SafeNet, eToken, iKey, ePass and other PKCS#11 can be used
  • User Login + USB Flash Drive
  • Only encrypted passwords are stored on the USB token
  • Works with any type of one-time password: Google Authenticator, Yubikey, SMS authentication or traditional OTP tokens


How to set up a USB token

1. Install Rohos Logon Key on the terminal server

2. Install Rohos Management Tool or Rohos Logon Key on the administrator's computer

3. Configure the USB token for authentication:
In the MS Remote Desktop Connection settings, specify that you want to redirect local USB drives or smart card readers to the remote desktop.

In the remote desktop, open Rohos Logon Key.
Click the "Set up USB Key" button. The redirected USB key will be detected. Enter your Windows password and click "Setup".


When you launch the Users and Keys command, you'll see a list of users who have prepared keys.


4. Apply
Open Rohos Logon Key > Options > Only allow login using USB key > for users in the list or remote desktop login. Enhance security by disabling login without USB key.

The possible choices are:

  • Not set
    All users can log in via manual password entry and USB key. Not recommended for terminal servers.
  • All users
    This is the same as "Only allow login with USB key" - all users must use a USB key to login.
  • Only users in the list
    Only users in the list will have to use the USB key to log in. Other users can log in with a password. This list is created automatically when a USB key for a user is created.
  • Active Directory user group "rohos"
    Each user in the "rohos" group is forced to use USB Key authentication. It checks if the user belongs to the "rhos" group, and if not, allows password login.
    Note: The "rohos" user group must be created by an AD administrator.
  • Log in with remote desktop
    Local users can log in with or without the USB key. Remote login is only possible with the USB key.
  • Log in via remote desktop from outside the LAN
    For remote desktop login, remote desktop login within the LAN will be possible with or without the USB key. USB keys should only be used by users accessing from dial-up, DSL connections, and other networks.


Remote desktop connection using USB token

Make sure you have installed Rohos Logon Key on the client PC or launched the Rohos Logon Key portable app from a USB flash drive.

Remote Desktop Connection Credential Prompt

The user must provide a valid login and password in this step, you can use an authentication key here too (it only needs to be configured in Rohos USB Key Manager).

Rohos Logon Key checks the 2FA authentication policy and verifies the authentication key connected while connecting to the remote desktop.



Portable ROHOS LOGON KEY

If you decide to use the first variant of authentication with USB Flash Drive, you do not need to install Rohos Logon Key on all workstations - you only need to install the free portable application.
In some cases, you may also be able to configure new USB keys from such a workstation.
On some systems this is not possible, so to create a new key in such cases you need to install Rohos Logon Key on both computers.

Download a portable Rohos logon key

Also, the USB Key Manager application has an additional option to copy Rohos Remote Login to a USB drive.

The user must run the Logon Key (RDP Setup) application once on the Windows client PC and then launch the RemoteDesctiop application.

Operation guide/Related documents/Catalogue

FAQ

[Technical Question] What happens if I enter the wrong Rohos PIN more than three times? If you enter a wrong PIN code more than the specified number of times (the default is three times), the USB key will become unusable.

In this case, you can use the USB key again by logging in using the emergency login function and entering your password, then logging in, launching Rohos Login Key, and resetting the PIN code.
[Technical Question] The [Allow login only with USB key] checkbox is not enabled in Rohos Logon Key If your account does not have administrator privileges, this checkbox will not be enabled.
Please log in with administrator privileges.
[Technical Question] Are password changes reflected automatically in an AD environment? In an environment using AD (Active Directory), the password in the USB Key will automatically be updated when the administrator changes the Active Directory password.

Password change will be done if you use the following options on the Rohos Login screen:
- If the 'Change password periodically' policy is enabled
- If the 'Change password on next password change' policy is enabled
[Technical Question] I can't access remotely using the USB-Key. To use a USB-Key for remote access, you need to install a Rohos Logon key on both the source and destination computers, and set the destination computer's Windows logon model to [Standard Windows Login Dialog] (Rohos Logon Credential Provider for Vista and Win7).



In addition, if you want to remotely access XP from Vista or Win7 using a USB-Key, you will need to install a special module. Please contact us for details on the special module.

How to activate

Known issues

Issues with Windows 7A USB-Key cannot be used for safe mode logon.

Other precautions for useI can enter Japanese into the answer (password) for the rescue function, but I cannot log in.