Rohos Logon/Disk & YubiKey (Part 2)
IT Security With a Key in Hand

 

by Don Nendell 

   Manufacturer:

   Rohos (Tesline-Service S.R.L.)

   10, Calea Iesilor str.

   MD-2069, Chisinau. Republic of Moldova

   Tel.: (+373 22) 740-242 (no technical

   support, business and sales inquiries only)

   Fax: (+373 22) 740-233

   Office work hours: 9:00 -17:00

    (GMT:+3:00)

   No U.S. phone service is available yet

   Contacts:

   Support: support@rohos.com

   Sales: info@rohos.com

   Personal contact:

   Rohos says, "We value everyone who contacts us. If you've got a problem, we want to know about it. We will do our best to provide you with the solution that's best for you: On the blog and on the forum.

   Once you become our customer, you can get free technical support, as well as free updates of the Rohos software. This does not mean that non-clients are left aside."

   Simple & user-friendly design:

   Award winning Rohos software (See also graphic ^{1 & 2} ) is designed to be both powerful and easy to use. Using USB flash drives as a regular key to your computer requires a special design for software functions. Rohos Logon Key is made up in such a way that you can easily use your mobile device for security purposes without changing your computer habits.

   Computer Data Security is better increased by designing for how people actually behave. Rohos says, "Your computer information is well protected with Rohos Data Security software, but it is much easier to work with it."

   USB Key hardware (and software) variety:

   Rohos products work with all popular USB flash drives (UFDs), tokens and authentication devices including:

   Corporate level USB tokens like Aladdin eToken, SafeNet iKey, Crypto Identity, ePass, ruToken, and others PKCS11 enabled

   All USB flash drives, including Finger-print & Biometric devices, U3 smart drives, etc.

   Wireless mobile devices such as BlueTooth Phone/PocketPC

   YubiKey(*) and Swekey - One Time Password (OTP) tokens

   Touchatag RFID

   Encrypted files are one click away with Rohos Disk

   Business Design:

   The motto of Rohos is: "IT security with a Key in hand!" Rohos does this by means of: 1. USB Key hardware variety; 2. USB Key multi-functionality; 3. Simple & user-friendly design; and, 4. Personal contact.

   Product Downloads:

   Rohos Logon Key, Rohos Logon Key for Mac, Rohos Face Logon, Rohos Disk Encryption, and Rohos Mini Drive (See also graphic ^{1 & 2} ).

Prelude

   It really was not as accidental as it might have originally "seemed to be" that I chose two (2) Rohos products to check out (i.e., Review) as my first step away from the previous YubiKey Review (See Part 1 on page 6). If my plan would have had a malicious intent, you could easily have labeled it a "diabolical plot." Close but no cigar, and I might even be quick to point out that, "close only counts in hand grenades and horseshoes." (See also graphic ^{1 & 2} )

   This Review actually represents my 92^nd and 93^rd Security-Related Review/Report (S-R) in reality. This is because each product could actually have been a separate Review in its own right. Since they both come from the same company, Rohos, and I've postponed two (2) other S-R product Reviews, I've combined them into one (1) Review. Get that? I didn't think so, but you'll get a better idea as I borrow one of Jerry Sloan's ⁶ famous John Deere's, hook up the plow and see just how straight we can plow those furrows? (See also graphic ^{1 & 2} ) 

Introduction

   YubiKey, Rohos Logon and my own DYCRAV IAV (Not to be outdone, see also my August 2006 BCM AutoEnc(tm) Review ^{1 & 2 & 3} which starts there on page 8) can replace and act as the guard at the front door to any application that requires and/or has in place a UserName/Password/PIN authentication mechanism requisite.

   FYI. Rohos Logon and my DYCRAV IAV are software-based, whereas YubiKey is hardware-based (which already has a SDK for adaptation to almost any application today) at a very reasonable cost, which becomes even more affordable when purchased in large quantities.

   YubiKey is portable and can be completely separated from the software application for added security (See also graphic ^{1 & 2} ). This adds a "new" element of risk, however, that of being lost, damaged, or stolen, because it's a small USB Token, after all. However, it is a risk "well worth taking;" actually it's highly advisable, when the Ben Franklin approach to security is correctly entered into the equation.

   BTW Now if the YubiKey USB Token had storage capability already built into it like a standard UFD (which has never been done before), YubiKey could literally own the secure storage market, I truly believe. 

Enter Rohos

   This is where Rohos enters into the picture (See also graphic ^{1 & 2} ).

   Note. It does protect a UFD already by encrypting the UFD in a separate application Rohos Disk Encryption (S-R product number 1, see below), which partitions off a hidden (secret) portion of the UFD so the world will be completely unaware of its presence. And, just like the Shadow⁴, "Only the owner knows." (See also graphic ^{1 & 2} )

   Rohos Logon (S-R product number 2, see below) also works with YubiKey to provide secure separate remote. real access/authentication to a MS 2003/2008 server-based system, and more (See below). Rohos Logon itself can be used with any UFD to act as a 2-factor authentication hardware device to access a Windows PC running XP/Vista/Seven (See also graphic ^{1 & 2} ).

   Note. YubiKey can be added to the system/setup, but would require an additional USB Port to do so, an inconvenience for a few (like maybe the proud, the marines, who knows?), but security, never-the-less, beyond the imagination of even the most paranoid among us all. Powerful, but inconvenient and an added expense, plus overkill for that configuration, most certainly. But it certainly is a brilliant security concept, if I may say so myself. ;-}

   Rohos, based in Moldova, does not have a U.S. office yet. This is a relative hardship on the individual user, but not an insurmountable one. I tested the system of Tech Support by e-mail and had responses the next day - completely satisfactory for my needs (See below).

   FYI It was a bit touchy in meeting a close deadline for publication in preparing for this Review, however. But it turned out OK in the long run, thanks to the BCM Editor and Blue Chips Sysop. 

Here's What I Did

   First off, maybe an example of an "one-day turn around e-mail communication," this with the Rohos Business Development Manager, concerning a perceived problem with Rohos Mini/Disk (S-R product number 1, see below), might shine a "little light" on the subject here:

   Dear Don,

   (Rohos) Thank you for your message, comment and interest you expressed.

   Don> I had sincerely hoped that the two (2) [Rohos Mini/Rohos Disk] would be interchangeable?

   (Rohos) In your first message you didn't mention Rohos Disk but only Rohos Mini. Since Rohos Mini is a freeware I didn't send any license. By the way, have you been aware that Rohos Mini is a free utility?

   Don> I don't think I have any questions about the Rohos Logon Key for Windows, for now [S-R product number 2, see below]. But as I mentioned in my comment in my original e-mail to you (I've deleted that part hereon, it's redundant now), "I have a very, very special personal interest in this particular Rohos application (i.e., Rohos Disk/Rohos Mini?), as it pertains directly to my (U.S. patent protected) Security Suite being 'hidden on,' and working clandestinely from, a USB Flash Drive (UFD)."

   (Rohos) You should download, <www.rohos.com/download>, and install Rohos Disk Encryption over Rohos Mini and register the software.

   Don> Also, as I work on my Reviews by going between more than three (3) computers, i.e., a test bed XP, a personal XP, a backup XP, a laptop XP, a laptop Vista, plus a "Home Network" (both wired and wireless) between all of them, and so forth, will the Logon Registration Key work on the several different styles/capacities, etc. (see original e-mail), of UFD's I have installed the "trial" rohos_welcome.exe on?

   (Rohos) Please, be advised that for all Rohos reviewers there are standard Rohos Logon Key and Rohos Disk Encryption registration keys, i.e. NFR. It may be used only three times which means on three different PCs.

   Don> Q. Are Rohos Mini & Rohos Disk one and the same programs actually, I'm really not quite sure yet? I think they are? But please help me clarify the difference, if there is one?

   (Rohos) Please, be advised that Rohos Disk Encryption is a full version of Rohos Mini Drive. You may learn the difference looking at the products comparison matrix at: <www.rohos.com/products/rohos-mini-drive/comparison-matrix>.

   If any questions do not hesitate to ask. Regards,

   Natalia Culaeva, Business Development Manager <www.rohos.com>

Rohos Mini Drive or

Rohos Disk Encryption

(S-R product number 1)

   So, Just Exactly How Do You Password Protect Your USB Drive Without Administrator Privileges?

   Caveat. Please refer to the CBC2 graphics ^{1 & 2 & 3} on pages 17, 18 & 19 for a "crystal clear graphical representation" of the text that furrows, I mean, follows below (you'll be mighty glad you did).

   First, you must Understand that both Rohos Mini Drive (RMD) and Rohos Disk Encryption (RDE) create hidden and encrypted partitions in any USB Flash Drive's (UFD) memory (meaning, including the previous 17 UFD's I've previously Reviewed here in the BCM ^{1 & 2 & 3}, and then some).

   Note. The Rohos Mini Drive, the "Free trial version," is limited to a maximum UFD disk size of 2MB. It is only the Rohos Disk Encryption that has unrestricted capacities.

   Also, please be advised that whenever you initially plug in your chosen UFD, you will not be able to see the "hidden partition." It is only when you run the Rohos application (RMD or RDE, which is stored on the UFD), and enter your chosen password, that the hidden partition will appear - and not a second before then. Ta Da!

   Note. Since neither Rohos application (RMD or RDE) requires access to (or modification of) a computer's system, it, therefore, doesn't require any administrator privileges to run it. This is an absolutely superior benefit for those who might have a need to access their portable UFD encrypted data, for instance, while they are away from their home desk; times such as, while working on a friends' PC, visiting another locations' PC, or while on a public computer in a library, coffee shop, etc., where they don't have "Administrator privilege access" to any of those aforementioned PC's. Get it? Got it? Good!

   RMD and RDE are pretty straightforward, plus you can also download a User manual from the Rohos web site, for additional help, if needed.

   Note. For additional details on Rohos Disk Encryption (See also CBC2 graphic ^{1 & 2} on page 17), see also "How does Rohos Disk differ from the similar disk encryption software?" on the Rohos web site at: <www.rohos.com/support/knowledge-base/how-does-rohos-disk-differ-from-the-similar-disk-encryption-software>.

   There's an awful lot to plow up there on their web site:

   1. Installing Rohos Mini Drive or Rohos Disk Encryption (Important Point here. Begin referring to the CBC2 graphic on page 17 from here on for this section of the Review ^{1 & 2 & 3} ).

   Note. The initial step to creating an encrypted UFD requires that you install and run the applicable RMD/RDE application on your own computer first. This initially "will require" administrator privileges, a great safety feature.

   A. Download Rohos Mini Drive or Rohos Disk Encryption (Windows only) from Rohos' web site.

   B. Double click the application from the download loacation to install it in your computer.

   C. Once the installation is done, then you can insert "your" USB drive in an available USB Port.

   Note. Although you don't have to reformat the drive, you must insure, however, that there is enough space on the new drive to create the new partition.

   D. Open the Rohos Mini Drive/Disk Encryption application from the installed location (See CBC2 graphic ((see page 18)) frame # 1 "Rohos disk is not created yet").

   E. In the main Rohos window, click Setup USB Key

   F. Rohos RMD/RDE will proceed to detect your USB drive (See CBC2 graphic frame # 2 "Set up USB Key").

   Alternate procedure. Click Change to edit the partition configuration or type in (and verify) your password that will protect the hidden partition.

   Note. In the "change" configuration window, if desired, you can configure the Disk letter that the hidden partition is to be mounted to, the encrypted partition size (which is a maximum 2GB with RMD), the file system type and the encryption algorithm. And finally, point the installation location to your UFD (the encrypted file will have a .rdi extension). Click OK to proceed.

   G. To Continue with the Set up USB Key Creation window, enter your password and re-type it to verify that it is correct (See CBC2 graphic frame # 2 "Set up USB Key").

   H. Click Create Disk (See CBC2 graphic frame # 3 "Disk details").

   I. Encryption completed. (See CBC2 graphic frame # 3 "Registration").

   Note. RMD and RDE are registered now to that specific UFD only (a great safety feature, also).

   J. Now open Windows Explorer and navigate to your UFD. You should see only the Rohos Mini/Rohos Disk application (which was not there originally) (See CBC2 graphic frame # 4 "Performing Operation" and CBC2 graphic frame # 5 "Rohos Encrypted Partition has been successfully created").

   K. Double click the Rohos Mini/Rohos Disk application.

   L. Enter the Rohos Mini/Rohos Disk  application encryption password when prompted (See CBC2 graphic frame # 6 and frame #7 "Options Available").

   Note. Three (3) options are now available to you: 1) Disconnect (Make the disk inaccessible; 2) Browse (Open Explorer window on this disk; and 3) Tools (Delete disk, Enlarge..., Check disk, Check password, Create Password Rest File, and Disconnect).

   M. You should now see your hidden partition prompted in the drive letter that you have alternatively chosen earlier, or the one automatically assigned by RMD/RDE installation (in my case, it's drive letter "M") (See CBC2 graphic frame # 8 "Explorer window").

   N. "You are now free to move about the country ⁵" (DING!); and YOU can install all your portable applications, store your confidential data, et al., in the Rohos Mini Drive/Rohos Disk Encryption "hidden partition" forever more (See also graphic ^{1 & 2} ). Hoorah!

   Without any hesitation, I very quickly - with great anticipation - easily and flawlessly, placed my U.S. patent protected DYCRAV Security Suite deep inside a secret "hidden" partition (Drive H:) created by Rohos Mini (my first attempt), (then later) Rohos Disk, which were both times installed on an ordinary, everyday, plain, cheap UFD, and proceeded to use the Rohos password to guard it/hide it perfectly. Hip! Hip! Horrah!

   Bottom line. Rohos Disk Encryption is the "absolute perfect combination/front end guardian for my DYCRAV Security Suite," and truthfully, one I have been looking for far and wide, and fervently praying for, lo these past 10+ years. Now I can keep my critical "Primary Key" safely ensconced along with the host Security Suite (in the "hidden" partition), and never have to remove it while maintaining absolutely maximum security.

   Mission accomplished with Rohos Disk Encryption (See also graphic ^{1 & 2} ).

   Note. You may have noticed there that my DYCRAV Security Suite will continue to operate from a UFD without leaving a footprint, or needing Administrative privilege? HOORAH!

   FYI (To summarize the substance of my e-mail correspondence to Rohos above) Rohos has a "Free trial" download version (Rohos Mini) that is limited to 2 GB of hidden storage space on a UFD. Try it first, but then I strongly suggest that it's much better to purchase the full blown version (Rohos Disk Encryption) from their web site, as it removes the 2GB secure storage limitation, plus the nag screen (i.e., 30-day trial period) imposed by the "Free" version.

   Mr. U.N. Known said, "a stitch in time would have confused Einstein."

Rohos Logon Key

(S-R product number 2)

   If you don't want to remember and type your Windows (or Mac) password to login, you can use your USB flash drive (UFD) instead to store and enter your password automatically. It is very secure, totally automatic and it's fast.

   Rohos Logon is "the" Two-factor authentication solution that converts any USB flash drive into a security token for your computer and allows you to access Windows in a secure way by a USB token, thus replacing the standard Windows login.

   Note. Logon User name and password are automatically entered as soon as you plug in the USB flash drive, plus when you pull it out, the computer is locked.

   Well, that about sums this portion up; it all works, and it works very well, and then some. You can take my word for all this, read the Summary to this Review, see also the CBC2 graphic ^{1 & 2} on pages 17-19 for the Features of Rohos Disk Encryption, then immediately go out and buy all three (3) products, and as the old proverb goes, "the proof of the pudding is in the eating." Be forewarned, however, that the following pages are filled with myriad facts, graphics, procedures, checklists, and the like (very nearly techie stuff, actually). All very important, you can be absolutely sure, and I invite you one and all to partake and eat heartily herein, my lads and lassies. It's all very well worth your trouble, I can assure you, that is, if you are into Security, and such, like yours truly.

   For us, we continue with our "plowing!" For all you others, you should very definitely visit the Rohos and Yubico web sites, respectively, and view all their videos, and such; it might well be more entertaining, actually.

   Hey? Wait a minute, don't go away mad, do it now!

   Setup Provides Secure Access to: 1) A personal computer running Windows 2000/ XP/ Vista/Windows Seven, Windows 2000/ 2003/ 2008 Active Directory, 2) Novell e-Directory, 3) Windows 2003/2008 Remote Desktop, and more.

   Rohos Logon Security Benefits: 1) Replaces weak password based login with a hardware USB key (i.e., USB flash drive or Memory Card), 2) Uses a large password without the need for ever remembering it, 3) Login with a USB Key is fully automatic and fast, 4) The system is password protected, but you don't need to enter it manually each time you log in or unlock Windows, 5) Secure 2-factor login: Your USB Key + a PIN code password, 6) Use a single USB Key to log into your Home, laptop and office computer, 7) Access restriction to computer based on USB Key/time factor, 8) Windows is protected even in Safe Mode, 9) Assigning a password to your user account allows for setting better protection for a hibernated computer, and more.

   Rohos Logon Risk Mitigation: 1) Emergency Logon  helps to access your system in case you lose your UFD or forget the PIN code password, 2) PIN code protects USB Key against unauthorized usage for login (with limited attempts to enter), 3) Safe Mode guard bypassing USB Key security by loading Windows in Safe Mode, 4) Rohos uses NIST approved data-security principles: a) Password is not stored on the USB Key in open form, b) USB Key copy protection does not allow unauthorized Key duplication, and c) All data on the USB Key are encrypted with AES 256-bit encryption, 5) Rohos Logon Key is considered to be the most convenient, user-friendly and smart password replacement application on the market, and more. 

Features

   Rohos Logon Key provides numerous enhanced features over and above other Rohos competitors offerings. You can easily re-use your UFD as a protection key, as well as, a security token for your home and office computer. For example, features like: 1) Regular password-based login can be disabled; 2) As a USB Key you may use: Any USB flash drive (UFD), USB tokens/smart cards like Aladdin eToken PRO, Futako HiToken v22, Aktiv ruToken, uaToken, Crypto Identity 5, et al., YubiKey and Swekey - One Time-Password tokens, Fingerprint USB flash drive, e.g. Transcend, Apacer, LG, TakeMS, etc., Wireless devices that are Bluetooth enabled, e.g. Pocket PC, Mobile, Touchatag RFID, and more; 3) Automatic login or unlock when the USB Key is detected; 4) Automatic Windows lock when the User withdraws the USB Key from the computer, plus more options of what you'd like to happen whenever the USB key is removed, such as: Hibernation, activate Screen Saver, and Logoff; 5) (And, unique to Rohos Logon Key) Protects your computer even in Windows Safe Mode login. It is not possible to bypass USB Key security by booting the computer into Safe Mode; 6) Emergency Logon backs up the USB key by allowing you to access your system in case you lose your UFD or forget the PIN code password; 7) Flexible USB Key options: A single USB Key can be used to log in to multiple computers, or a computer can accept only a single Key for login, ignoring others Keys; 8) Restricts access to a computer to certain users based on a time factor. For example, access can be limited to a certain amount of time a user can stay logged in. When the user's time is up, Rohos Logon will lock the desktop automatically; 9) Rohos Logon seamlessly integrates into any Windows configuration automatically choosing authentication modes (See below); 10) Allows use of a USB Key to log into Windows Remote Desktop (Using Windows Server 2003/2008); 11) USB Key Security: a) USB Key cannot be duplicated. The Rohos Logon profile is bound up with a USB flash drive serial number, b) USB Key originality. By default the USB Key is bound up with a computer where it was created for login. Another USB Key will be ignored by the program (even with a valid logon profile). The computer owner can restrict use of any any other USB Key except his/hers for login, c) Protected password. By default the USB Key does not contain your Windows password in plain form, but only the Encryption Key pair that is used to reconstruct the password for the login operation, and d) Two-factor authentication is gained by using a PIN code password for the USB Key. This is a small password (which allows only 3 attempts to enter) that is required when you login with the USB Key; and, 12) Different Rohos Logon Authentication modes are available, as well (See the Rohos web site).  

Setup Procedures

   To Set up USB flash drive for Windows login: 1) (see page 19)Download and install Rohos Logon software, 2) Start program (Click Start -> Programs -> Rohos), 3) Plug in your USB flash drive, 4) Click Setup USB Key link, 5) Next you should type your Windows password, 6) If you don't use a password you should create one using Change password dialog (See also graphic ^{1 & 2} ),

   7) When you click the Setup USB Key button, Rohos Logon will turn your selected UFD into a hardware key to access your computer (which Rohos now calls a USB Key). By default, Rohos Logon creates your login profile (a file) on the USB flash drive memory. This profile contains your User name, computer name and AES 256-bit encryption key to generate your password in the login attempt (but not a password in a plain form).

   Note. The Rohos Logon program uses a NIST approved encryption algorithm and securely handles your password using NIST recommended principles. 

2-factor Login

Authentication Specifics

   You can protect your USB Key using a PIN code (password). This will prevent anyone else using it to log into your computer. The PIN code password allows you to use the well known 2-factor authentication principle: 1) Something that you have - The USB Key, and 2) a password that you know - the Rohos PIN code (i.e., password) (See also graphic ^{1 & 2} ).

   Unique feature. The Rohos Logon program offers a user-friendly PIN entry keypad to let you enter the code with your mouse, or by keyboard. This eliminates any danger posed by hidden key logging software.

   How the PIN code works. You need to enter it every time you log in using the USB Key, or unlock your computer.

   Note. If an invalid PIN code password is entered more than 3 times, the USB Key is blocked (it cannot be used for login).

   Caveat. Most users think that a Rohos "PIN code" is the same as a password, but this is incorrect. For example, Windows (and MacOS) allows an unlimited number of attempts to enter the User password. In this case, the password should be strong so as to prevent brute force attack. But PIN code has a limited number of attempts (3) to enter successfully, so there is no chance that anyone can guess it by entering a lot of variations of a PIN code.

   Using large and secure Windows passwords. If you are using an UFD for a Windows logon you can change your password into a larger and more secure one using the Rohos Password generator dialog.

   Protect your computer by USB Key. You can set up Rohos Logon Key to strongly require USB Key to access your computer by opening the options dialog box and checking: Allow to log in only using USB Key flag (See also graphic ^{1 & 2} ).

   Emergency Logon. This helps you to access Windows in an emergency, such as, the USB Key is lost or damaged, you forgot the PIN code, the USB port is broken, etc. 

Finally, We Get to Rohos Logon with YubiKey  (Part 2)

   To begin with in this segment, maybe another example of yet another "one-day turn around e-mail response" from the Rohos Business Development Manager, which concerned a perceived problem with Rohos Logon, might help clarify my initial situation better:

   Dear Don,

   (Rohos) Thank you for your message, comment and interest you expressed.

   Don >The problem, it seems, is that "Windows 2003/2008 as for Terminal Server" is the "only" apparent method to access Windows, XP in my case?

   (Rohos) Windows 2003/2008 as for Terminal Server is the requirement for proper YubiKey setup for Windows Remote Desktop authentication (my emphasis here).

   Please, be advised that a user may find instructions on how to Set Up YubiKey in Rohos Logon Key for Windows login here (My emphasis here) <http://www.rohos.com/support/knowledge-base/windows-logon-with-yubikey>. It's applied for Windows XP also (my emphasis here).... Also there is a video with instructions on how to set up and use "YubiKey for secure Windows logon" at: <www.rohos.com/2009/03/access-your-windows-computer-with-yubikey>. Please, be advised that Windows Server 2003 was not chosen to emphasize the required system for proper program work (my emphasis here).

   If any questions do not hesitate to ask. Regards,

   Natalia Culaeva, Business Development Manager <www.rohos.com>

   Here's How It's Done with Windows Logon with Yubikey

   The popular YubiKey OTP authentication device (See also YubiKey Review (Part 1) in previous section of BCM, page 6) can now be used in both Rohos Logon Key and Rohos Disk Encryption as an access Key for Windows/Mac (with Static or dynamic One-Time Password (OTP) mode), and as a security token for the personal encrypted disk.

   Benefits: 1. Secure login in a simple touch; 2. From any platform or browser; 3. No client software needed; 4. Unmatched simplicity and cost; 5. Secure authentication in Windows XP/Vista/2008/Seven; 6. Replaces weak password based login with a hardware key; 7. During the selected USB Key setup, the program is bound to YubiKey ID's (i.e., the first 12 chars); 8. OTP validation is supported; 9. Rohos Logon stores your Windows login (user name and password) in encrypted form in Windows registry; 10. During accepting a string from YubiKey Rohos Logon allows only 4 sec to enter it, or it will deny it thinking that the user has entered it manually. Note. Copy/Paste is disabled also; 11. The program allows for setting up 2 or more YubiKeys for login into the same PC; 12. Uses a large password, without the need for remembering it; 13. The system is password protected but you don't need to enter it manually each time you login or unlock Windows; 14. Login with YubiKey is fully automatic and fast; 10. Cross-platform: Use a single YubiKey to log into Windows and Mac; 15. Windows is protected even in Safe Mode; 16. Login into Windows remote desktop (Requires Microsoft Server 2003 or 2008); 17. Secure access for personal encrypted partition (My own personal main interest in Rohos);

   Specific Benefits of Using YubiKey in Rohos Logon: 1. Full support of Windows XP, Vista and Windows Seven including: Secure Windows Remote Desktop authentication, remote desktop access and automatic password renewal, plus it works also under Windows Active Directory; 2. Completely replaces the password-based login with Yubikey; 3. Emergency login helps to log into Windows if YubiKey is broken or lost, and more.

   BTW Check out this video, it demonstrates how to access Rohos Disk (See above) with YubiKey: <www.youtube.com/watch?v=-nF2jC4SPrs>.

   FYI You can also easily download Rohos Logon Key for YubiKey integration guide (pdf), a step-by-step guide on how to set up Windows remote desktop logon with YubiKey plus Rohos Logon Key directly from the Rohos web site.

   Setting-up YubiKey in Rohos Logon Key: 1. First you have to install Rohos Logon Key; 2. In the main window open "Options" and choose YubiKey as USB Key device type for Rohos Logon (See also graphic ^{1 & 2} and CBC2 graphic ^{1 & 2} on page 18);

   3. Choose YubiKey in the USB Key device type list; 4. After you have chosen Yubikey, re-open this dialog box and click the YubiKey options link under 'USB Key type' list box, to set up OTP validation method.

   Note. By default Rohos Logon does not validate OTP; 5. Go back to main Rohos Logon window and click "Set up USB Key; 6. After you enter your current user password Click OK and Rohos Logon will ask you to touch the YubiKey button; 7. Now restart Windows into order to apply your settings. Viola! 

In Summary

   Oh, and did I forget to say that, "Rohos Disk Encryption is a superb security software utility that creates a 'hidden' partition in any UFD, and that you can operate programs clandestinely - and not leave a footprint on the host PC - all from that hidden partition?" Oh ya, I did, didn't I? (See also graphic ^{1 & 2} )

   Oh, and did I forget to say that, "The popular YubiKey One-Time Password (OTP) authentication device can now be used in both the Rohos Logon Key and Rohos Disk as an access Key for Windows/Mac 'secure access,' plus as a security token for the personal encrypted disk?" Oh ya, I did, didn't I? (See also graphic ^{1 & 2} )

   Oh, and did I forget to say that "Rohos Logon is the only program that fully works with any Windows, Mac OS X, and supports Windows remote desktop authentication by using YubiKey? That it allows access to Windows and Mac in a secure way by YubiKey replacing the regular password based login? And that all the User has to do is to insert the YubiKey into the USB port and press a button?" Oh ya, I did, didn't I? (See also graphic ^{1 & 2} )

   Oh, and did I forget to say that, "Rohos Logon can be placed inside a UFD and be used for very strong standalone 2-factor authentication?" Oh ya, I did, didn't I? (See also graphic ^{1 & 2} )

   Oh, and did I forget to say "I left something, like a furrow or two, out of this Rohos products plus YubiKey (part 2) Review?" Maybe I did, maybe I didn't, or did I? (See also graphic ^{1 & 2} )

   Ergo, YubiKey gets 5-stars, and Rohos Logon/Disk get 5-stars each, that is, if I'm in to giving out stars, which actually makes this a 15-star Review then. A real first for me. ;-} It should be noted that both companies are European-based, but since when has that impeded/slowed down/stopped great foreign products from being developed and successfully marketed? HOORAH!

   Wait a sec. Before I leave you today, I'd like to point out a direct corollary to all these USB Flash Drive/External USB Hard Drive/Internal Hard Drive/Cell Phone/iPOD/Camera/et al., storage device Security-Related Reviews/Reports I've been sharing with you all these years here in the BCM. One of the most dynamic, hard working men I know, Andy Marken, (Marken Communications, 3375 Scott Blvd., #108Santa Clara, CA 95054-3113, Phone: 408-986-0100, Email: Andy@MarkenCom.com, <www.markencom.com>) sent me a most informative, interesting e-mail. It's my pleasure to share it with you now. It's his Content Insider Report #134, Flash...Size Isn't Everything, 11/07/09 by Andy Marken. He directs us to the following URL: <http://docs.google.com/View?id=dfp9p5h9_200hhr29vfp>. Bon Appetit! Enjoy! 

   Footnotes

   ¹ See the actual Reports/Reviews in the Blue Chips Magazine Archives at <www.ucs.org>. Note. Always choose the .pdf format for its beauty.

   ² If you are reading this Review from directly off of an Internet search, you are seeing it in HTML format. Yuk! There's No graphics there! To see all the beautiful graphics in this Review - the ones that I've worked so hard to entertain you with - you will need to follow the procedures outlined in Footnote 1 above. Enjoy!

   ³ Feature(s) precisely identified as reason(s) for designating this Review/Report as "Security-Related."

   ⁴ One of the most popular radio shows in history debuted in August 1930 when "The Shadow" went on the air. - The Shadow Old-time Mystery Radio Show

   ⁵ GSD&M Idea City came up with the famous Southwest slogan (trademarked in 1997): "You are now free to move about the country." The slogan is accompanied by a "DING!" noise and is a take-off on a pilot's frequent line of "You are now free to move about the cabin."

   ⁶ Gerald Eugene Sloan, better known as Jerry Sloan (born March 28, 1942), is a Basketball Hall of Fame coach with the Utah Jazz. He is one of professional basketball's most successful coaches.... Jerry enjoys going to garage and yard sales and restoring old John Deere tractors. (Sources: Wikipedia, the free encyclopedia and Jerry's Facebook).

   Ciao! 

Index