Tesline Rohos Logon Key 2.5
Strengths: Easy to use, attractive price, use own USB drives as hardware tokens
Weaknesses: Support, auditing, reporting
Verdict: Nice, affordable solution for adding two-factor authentication to Windows desktop and Terminal Service devices
Tesline-Service's Rohos Logon Key 2.5 converts any USB flash drive into a security token for your computer and allows access to a Windows PC or Mac in a secure way by USB token, replacing the password-based login. Logon Key provides a USB method of authenticating to a desktop, Active Directory or Novell Netware service. Your credentials can be stored on the USB device and authentication provided when the device is inserted.
Logon Key supports native Windows Gina integration, offering replacement of the Gina with a Rohos welcome screen - or a combination of the two.
Removal of the key can trigger a chosen response, such as lock screen, log off or power down. A nice feature we discovered while testing this device is the ability to pre-configure a time-frame, to allow the key to be removed before performing the chosen lock task. This can provide access to the USB port for other devices for a short period of time.
Access to the USB key was protected by a PIN, providing additional security in the event the device is lost or stolen.
The Rohos Management Utility provided an easy-to-use interface for configuring keys, backup and restoring keys and changing remote desktop welcome messages. The device configuration did require admin access to our test PC.
The two-factor authentication comes from the use of the PIN to access the USB Key. Upon successful entry of the PIN, the USB Key will authenticate the user utilising the Windows credentials. By default, USB Key does not contain the Windows password in plain form. It contains an encryption keypair that is used to reconstruct passwords for login operation. An added benefit, Rohos can disable access to other removable media.
USB Key can be provisioned to support up to 64 separate logins to allow a single user to authenticate to multiple devices. Additionally, Rohos supports integration with other token platforms such as: Aladdin eToken PRO, Futako HiToken, Aktiv ruToken, uaToken, SafeNet iKey, CryptoIdentity and ePass.
Support is via email and provided on an 8x5 basis. The documentation was well written and provided what we needed to install and use the device.