In the interest of data security, some people are turning to third-party USB devices that act as security keys for their PCs. Without one plugged in, your computer won't unlock. It's as simple as that. There are two ways you can go about getting one of these security keys to add an extra layer of protection: you can buy one, or you can create your own. Let's take a look at both methods, as well as how to actually make your own USB security key using an old thumb drive.
2. Unlike the USB Flash memory stick, converted by the Raptor app to a 2FA Security Key for preventing anyone that does not have said Key from using your computer, Dedicated USB Security Keys (e.g. Yubico) are much more expensive because they have a chip in them with all the security protocols (i.e. FIDO certified to work with Google Chrome and any FIDO-compliant applications on Windows, Mac OS or Linux) that protect them from being hacked.
Anyway, because it is easy to crack a password on Microsoft Windows, the best password is both software and hardware based. This is why you can turn your USB flash drive into a security key to lock and unlock your Windows, having both Windows password and a USB security key makes your desktop almost uncrackable. Things you should know before creating a USB security key:
There is an unlimited free version with several key features missing (no pun intended), though it's only available for Windows. If you want full security and protection, or if you're using a Mac, then you'll need to pay the full $35.
Rohos Logon Key is a multi-platform security key maker software that provides two-factor authentication to unlock both Windows and macOS devices. It comes with both a free and paid version. Though the free version offers a lot of features, it is only available for Windows users.
These are the method using which you can convert a USB drive into a USB security key. As already mentioned, the physical keys can be of great use and provide extra security over passwords. Currently, you can use these keys for locking and unlocking the device; soon, you can also use them to log in to your different accounts.
What I am looking for is a way to be able to use a USB flash drive as a security key only during Login. Once logged in, I should not be logged out of the system for removing the USB(as the aforementioned USB raptor does). And preferably something which uses low memory and processor. And shuts down once the login is complete. And should accept my USB flash drive after hibernate/sleep.
Other than that, the program is really good and simple to use, adding an extra layer of security to your PC. You can lock your PC safely using multiple external storage drives in order to increase the security of your computer.
Universal Serial Bus (USB) is a standard used to connect peripherals to computer systems using connectors and cables. USB flash drives are portable storage devices that make use of the USB interface to communicate with computer systems. They are widely used for both personal and professional purposes. In the corporate world, their application is mostly limited to storing the following:
For example, SMS or phone called based 2FA security layers can be overcome by intercepting the message or call. Password-based layers can be broken using password cracking tools, and biometric passwords can become invalid (due to physical deformation of fingers or eyes) or compromised (in the event of a database breach).
While other modes of two-factor authentication exist, USB security keys are an optimal solution for users who feel discouraged to use 2FA due to the inconvenience associated with multiple authentication platforms. Besides simplicity, the open standard it uses makes it an attractive solution for organizations planning to implement it.
Hardware systems may offer additional features, such as the ability to automatically overwrite the contents of the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system since the encrypted data can simply be copied from the drive. However, this form of hardware security can result in data loss if activated accidentally by legitimate users and strong encryption algorithms essentially make such functionality redundant.
How do you unlock your computer? By password or PIN? In this post, MiniTool introduces the physical security key that is the third way to help you unlock your computer. The pros and cons of this way and how to make a USB security key on Windows 10 are also included.
You can also make one on your own (turning a USB flash drive into a security key). Honestly, making a USB security key is not complicate and you can do that with ease. How to make a USB security key? Please refer to the following tutorial.
In this part, I will show you how to make a USB security key on Windows 10 to help you secure your Windows 10 PC better. But note that the following things you should know before creating a USB security key:
We will send an account activation link to the email address you provide, so please make sure to use a valid address. Content will be published on site after you have activated your account.If you already have an AfterDawn.com account, please login using the next tab.
But if you are fed up with entering the same password every day and you want something more secure than a simple combination of letters and digits to lock and unlock your computer, you can try using a USB flash drive for locking and unlocking your windows PC.
We usually log into the computer using our passwords and pins, but today we have a new method to lock and unlock your computer that is way cooler than these traditional methods. Do you know? You can log into your computer using your USB flash drive. Yes, this is possible. You can make your computer start with your pen drive. The process is straightforward, and you can implement this in a few steps discussed below. So look at How To Lock/Unlock Your PC Using a USB Flash Drive.
So what this trick does? It will make the windows look for BOOT.INI in the USB drive. The Boot.ini files contain the path to the partition where Windows is installed. Since it is not able to find the file in the system partition of hard disk, it will simply halt without the USB key.
Earlier this year, I was involved in a proof-of concept for the more likely scenario, using FIDO2 security keys to log on to Windows 10 devices that were Hybrid Azure AD joined for SSO to both cloud and on-premises resources. Here are my notes from the field.
FIDO2 security keys provide strong password-less authentication with an optional PIN that serves as an additional factor. Within Azure active directory, successful authentication using security keys satisfy two-factor security verification and allow for password resets.
As a pre-requisite to being able to authenticate using FIDO2 security keys and gaining single-sign on to on-premises resources, you will need to extend the on-premises Kerberos realm to Azure active directory. This is done by running the Set-AzureADKerberosServer cmdlet described later in the post.
These steps allow for users to register one or more authentication methods (telephone, security key, authenticator app, etc.) and the methods for both Multi-Factor Authentication and self-service password reset (SSPR). Without this step, users will need to register for both separately, which may be confusing.
Before being able to log on to Windows 10 devices using FIDO2 security keys, you need to enable this functionality. There are several ways to do this. Here we will see two; you only need any one of the options.
This has been a long post, but hopefully the information in it can shed some light on how FIDO2 security keys work for SSO to on-premises and cloud resources, and make it easier to deploy this to your users.
I agree with your peers that a password manager is necessary. I agree with your concerns that such a password maanger configuration isn't the best option, regardless how you define best option in that context. My concerns are about impacts of security issues when using in such a configuration. I assume that when dropping autocomplete, security impacts might be reduced. Don't know if partial autocomplete might be configured too.
HOWEVER as others have said, doing this alone is very very insecure, you'd be as well just enabling guest access to everything, or using a shared unprotected spreadsheet. There is a balance to be found between ease of use and security, and doing what you're suggesting is too far towards ease of use. Users need to understand the importance of security. 2b1af7f3a8