Introduction
DualShield FlashPass transforms the standard USB flash drive into a security token which can be used in any application where two-factor authentication is required. FlashPass directly uses the hardware fingerprint of the USB flash drive for user authentication.
This document provides the guide for using FlashPass for windows local or remote desktop logon as an example. For other types of applications, the process is similar.
For local desktop logon to a Windows domain network, The support of FlashPass is built into the DualShield Logon Agent. For the installation guide, please refer to the Logon Agent Implementation Guide.
For remote desktop logon to a Windows domain network or to a Windows terminal server, FlashPass requires the installation of the DualShield Windows Remote Desktop Agent. For the installation guide, please refer to the Remote Desktop Agent Implementation Guide.
Registration
If users want to use USB flash drives (flash key) ePass FIDO key as two-factor authentication tokens token to logon to a windows networkapplication, the system administrator has to first enable the application with FlashPass FIDO U2F authentication method, then users would be able to register their flash drives to their user accounts.
Enable
...
FIDO U2F Authentication Method
To enable an application with FlashPass with FIDO U2F authentication method, follow the steps below:
- Login into the DualShield Management Console.
- Select the logon procedure associated with the Windows Logon application, e.g. Windows LogonSelf-Service Console
- Right click "Logon Steps", and add the authenticator "Flash Drive Fingerprint"
Once an application is enabled with FlashPass FIDO U2F authentication, all users in the application are allowed to use FlashPass FIDO U2F to logon to their user accounts.
Register USB Flash Drive
To use a flash FIDO U2F key to logon into a user account, the key must be first registered by the user to their user account.
...
In here, we take a web application: Self-Service Console as an example in here.
- Launch a web browser, and login the application
...
Now, you can log into Windows with the FlashPass enabled Flash Key.
Authentication
When using a FlashPass token to authenticate a user at the Windows Logon, the process is slight different depend on whether or not the FlashPass token is configured with Auto Logon.
Auto Logon Enabled
...
Auto Logon Not Enabled
When a FlashPass token is not enabled with Auto Logon
...
Advance Features
DualShield FlashPass provides the flexibility that enables a user to use one USB flash key to logon on multiple user account. It also allows one user account to have multiple FlashPass tokens.
One Key, Multiple Accounts
If a user needs to access several user accounts, it is convenient for the user to use just one USB flash drive as his/her FlashPass token to logon to these different user account.
Registration & Activation
To register an existing FlashPass enabled USB flash key to a new account
...
- Select Flash Drive FingerPrint Authenticator
- Enter the User Name and Password of the account you wish to logon
- Press "Enter"
...
One Account, Multiple Keys
Another useful feature that DualShield Authentication Server Platform provides for all types of authentication methods including FlashPass is that it allows one user account to have multiple authentication methods and tokens.
Scenario 1
A user is provided with two FlashPass tokens, one as the primary token that he/she uses regularly, the other as the backup token only used in the event when the primary token is misplaced or damaged.
Scenario 2
...