Updated: April 20, 2010
A few weeks ago, I was contacted by a Rohos representative and asked if I were interested to review one of their products, Rohos Logon Key, a two-way authentication software for Windows that turns an external USB drive into a security token used for Windows login. After some research into the background of the company and the offered solution, I decided to accept the request and review the software.
In this article, I will test the functionality of Logon Key and see how it fits into daily usage, as well as explore the possible benefits the product has over the conventional login methods.
Rohos Logon Key is available as a free trial for 15 days, after which you will to purchase a license. There are three packages available, the Personal, which costs USD32, the Professional, priced at USD43, and the USD69 Bundle. The more highly priced solutions offer additional features, including support for Novell Client, Active Directory, Windows Domain, hardware encryption, steganography, and more. You can find the full comparison matrix at the official website.
Getting familiar with Logon Key
I decided to test the program without any extensive reading, to see how well it scales into the hands of a clueless user. The installation was quick and painless. The first time you launch Logon Key, you will see a simple, non-intimidating main menu, which offers you setup your USB Key, as well as other functions.
The USB Key is not configured yet. Before that, let's see what hides under Options and Setup users.
The Options menu offers you to setup your Windows logon model, choose the type of device you want to use as the token, what kind of action to take when the USB device is unplugged, and if you wish to enable the Key in Windows Safe Mode.
After configuring the USB Key, you will be able to limit the login using the token only. The default option is to allow login both using the conventional methods, as well as using Rohos Logon.
You can also setup different users. Another feature is the ability to limit how much time the user can work in a given day. This functionality is somewhat similar to Parental Control, but it can be enforced without the additional restrictions of the former method.
All right, let's setup a USB Key.
You will have several options. First, select the correct user. Your own user will already be selected, but if you are administering a multi-user machine, you can configure the Key for any available user. The next step is to select the appropriate USB device. Again, like users, if there are several USB devices available choose the appropriate one. After that, enter your Windows password. In general, this is enough.
However, you may also be interested in securing your USB Key against unauthorized usage. For instance, if you leave the USB Key near your machine, then anyone can plug it in and gain access to your machine, even more easily than normally, because they would not need to know the password.
To this end, you can create a PIN code that will prevent the use of the USB Key. This is much like ATM cards. While they do their magic when inserted into the machine slot, the magic cannot happen without the user entering the right code.
You may also choose to limit the number of PIN code entries before the device gets blocked, again much like credit cards. The device blocking limit has a function of keeping possible intruders from trying PIN code sequences indefinitely until they find the correct one, preventing misuse. On the other hand, the hazard in protecting the key is that if you forget the PIN, then you might lock yourself out. To this end, you can setup the max. number of PIN trials before the device gets blocked, as well as configure Emergency Logon, which will allow you to bypass the key and login following a long series of identification questions.
I recommend you explore the functionality without using the PIN code until you get comfortable with the tool.
Well, let's finally setup the key.
Testing Logon Key
Now you need to test Key and see how it works. After logging out of your account, you will now notice a new icon in the login menu.
If you click on the USB Key icon, you will be asked to plugin your USB device or use the emergency Login function in case you lost the device, it does not work properly or any other reason that prevents you from using it.
Just plug the device and you will login automatically. No more keyboard.
And that's about it. Start with the dual login, both conventional and by USB Key, do not block the device and make sure you have a simple Emergency Login enabled. Then, after you get familiar with the tool, setup a PIN code, make your emergency questions more complex and more difficult to guess, but still usable for you, and eventually disable the normal login and only use the USB Key.
Experience so far
Well, Rohos Logon Key is very simple to use. The menus are intuitive and pleasant. You do not need to be an extra geek to use the software, although some caution is needed, because of the inherent hazards of locking yourself out of the system.
That said, the software does work as intended and offers numerous precautions to keep you from making a mistake. Furthermore, there were no bugs or glitches. Everything worked as expected.
Why should you use Rohos Logon Key?
That's a good question. What are the extra benefits, you ask? Well, using Logon Key for the sake of making a login more difficult necessitates an environment where you wish to secure your machines from unauthorized access. In theory, the basic login method is good enough.
Furthermore, your data on the disk is not encrypted. While intruders will not be able to use your active session, if they can steal the computer, they can still boot from a live CD utility and inspect the contents of the hard disk. In this regard, Logon Key does not promise the security of your data. It's important to remember this.
This is why the software is advertised with other Rohos products, which include disk and system partition. Combined, the two layers start to make sense, as you have both your credentials and your data secured.
I believe Rohos Logon Key makes sense in a scenario that combines the following elements: a multi-user setup with a low risk of physical loss of property, where an administrator seeks to limit the usage of resources by other users. The use of a token is a part of the overall security policy, which could also include biometrics.
You could pitch the freeware TrueCrypt or PGP as alternatives to Rohos tools. And I do agree that you can achieve the same levels of security using free software. However, some of the advanced functions are not available in these alternatives, but they are more geared toward the enterprise and corporate environment. Furthermore, Rohos Logon Key is dead simple to use and this is one of its major advantages.
To sum it up, for home users, the extra features in the Professional and Bundle licenses are not required. The Personal package can be leveraged by freeware tools, although they require a higher level of expertise. If you're an advanced user, you do not need this product and will manage well using a fine-tuned custom setup.
However, if you're a less experienced user or you wish to use a non-keyboard authentication method in multi-user environment, with a varying levels of computing skills, Rohos Logon Key could be the solution you're seeking.
Eventually, it's up to you to decide.
Rohos Logon Key is a decent product. It's stable and very simple to use and these are two very important features, in addition to the technical parts. For family use, where you need extra control of your computing resources or wish to improve the basic security, Rohos Logon Key seems like a good solution. The price is a little steep, though. A slightly crippled freeware version would make it a great product.
Rohos Logon Key has user support in seven languages: Russian, English, Spanish, German, French, Japanese, and Romanian. To round it up, let's give it a grade: 8/10.