You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

DualShield FlashPass transforms the standard USB flash drive into a security token which can be used in any application where two-factor authentication is required. FlashPass directly uses the hardware fingerprint of the USB flash drive for user authentication.

This document provides the guide for using FlashPass for windows local or remote desktop logon as an example. For other types of applications, the process is similar.

For local desktop logon to a Windows domain network, The support of FlashPass is built into the DualShield Logon Agent. For the installation guide, please refer to the Logon Agent Implementation Guide.

For remote desktop logon to a Windows domain network or to a Windows terminal server, FlashPass requires the installation of the DualShield Windows Remote Desktop Agent. For the installation guide, please refer to the Remote Desktop Agent Implementation Guide.

Registration

If users want to use USB flash drives (flash key) as two-factor authentication tokens to logon to a windows network, the system administrator has to first enable the application with FlashPass authentication method, then users would be able to register their flash drives to their user accounts.

Enable FlashPass Authentication Method

To enable an application with FlashPass authentication method, follow the steps below:

  1. Login into the DualShield Management Console.
  2. Select the logon procedure associated with the Windows Logon application, e.g. Windows Logon
  3. Right click "Logon Steps", and add the authenticator "Flash Drive Fingerprint"

Once an application is enabled with FlashPass authentication, all users in the application are allowed to use FlashPass to logon to their user accounts. 

Register USB Flash Drive

To use a flash key to logon into a user account, the key must be first registered by the user to their user account. 

  1. Start up the machine. At the Ctrl+Alt+Delete screen, press "CTRL+ALT+DEL"
  2. Select the domain in the dropdown list
  3. Select "Flash Drive FingerPrint"



    If there is no USB flash drive detected, a message "Please insert your FlashPass" appears on the logon screen.

  4. Now, insert a USB flash drive into a USB port. The message then changes to a link "FlashPass Manager"



  5. Click . The dialog box "Register FlashPass Token" appears as below.



    You can simply click "Yes" to register the flash key to your account. However, you might also want to use the two useful features present on this dialog box:
         Auto Logon: This feature enables you to automatically logon into Windows without having to enter your user name and password. Next time at logon, you only need to insert your flash key and enter your PIN. 
         Description: Enter some descriptive text to mark your flash key. This description text helps the system administrator to associate users with flash keys.

  6. Check "Enable Auto Logon", and enter the description text



  7. Click "Yes". You'll be asked to enter a PIN that is used to protected your flash key.



  8. Enter a PIN you wish to use. Click "OK", the dialog box "Activate FlashPass token" appears as below.



    For added security, a flash key must be activated before it can be used for authentication. If the user's email address and/or mobile phone number are already registered in the user's account, the user can request to receive the activation code by email, SMS text message, tweeter or telephone call. Otherwise, the system administrator can provide the user with an activation code.
  9. Enter the activation code that you have received and click "OK".

Now, you can log into Windows with the FlashPass enabled Flash Key.

Authentication

When using a FlashPass token to authenticate a user at the Windows Logon, the process is slight different depend on whether or not the FlashPass token is configured with Auto Logon.

Auto Logon Enabled

  1. Start up your PC
  2. At the Ctrl+Alt+Delete Screen, insert your USB flash drive
  3. Enter your PIN as prompted. The rest of logon process is automated.

Auto Logon Not Enabled 

When a FlashPass token is not enabled with Auto Logon

  1. Start up your PC
  2. At the Ctrl+Alt+Delete Screen, press Ctrl+Alt+Delete key
  3. At the Windows Logon Screen, select Flash Drive Fingerprint authenticator, insert your FlashPass enabled USB flash drive.



  4. Enter your username and password, click OK.

Advance Features

DualShield FlashPass provides the flexibility that enables a user to use one USB flash key to logon on multiple user account. It also allows one user account to have multiple FlashPass tokens.

One Key, Multiple Accounts

If a user needs to access several user accounts, it is convenient for the user to use just one USB flash drive as his/her FlashPass token to logon to these different user account.

Registration & Activation

To register an existing FlashPass enabled USB flash key to a new account

  1. Start up your PC
  2. At the Ctrl+Alt+Delete Screen, press Ctrl+Alt+Delete key
  3. Insert your FlashPass enabled USB key
  4. Click "Cancel" if the PIN screen appears
  5. On the Windows Logon Screen


    • Select Flash Drive FingerPrint Authenticator
    • Enter the User Name and Password of the account you wish to logon
    • Press "Enter"
  6. You will be asked to register this USB key to a new user account. Follow the on-screen instructions to set up logon and activate key.

One Account, Multiple Keys

Another useful feature that DualShield Authentication Server Platform provides for all types of authentication methods including FlashPass is that it allows one user account to have multiple authentication methods and tokens.

Scenario 1 

A user is provided with two FlashPass tokens, one as the primary token that he/she uses regularly, the other as the backup token only used in the event when the primary token is misplaced or damaged.

Scenario 2

In an organization where multiple users need to access one shared user account, each user is provided with their own FlashPass token and allowed to logon to the shared user account.

  • No labels