Review of USB Flash Drives which can be used as Security Tokens

USB flash drive Logon programs review
 
Security login using a USB flash drive tokenIn my searches I have found lots of people (like me) asking for programs/software that would turn a regular USB drive into a security token to replace a Windows password. There is not a whole lot of information or a review of similar programs (except in Chech here: http://www.zive.cz/h/Uzivatel/Ar.asp?ARI=126071&CHID=1&EXPS=&EXPA= or in German here: http://www.se-community.com/forum/viewtopic.php?t=23325&highlight=rohos ) .

So, I decided to spend some time trying and outlaying the features of four of the top most programs out there to make this USB drive into a security token — which you have to insert into a port on the portable laptop or a desktop to login.
This table was completed based my personal requirements to the features and most asked features by other people in the forums/blogs. See notes on a specific feature below.

Features of the product: Rohos Logon Key (the winner)
www.rohos.com
Dekart Logon
www.dekart.com
Proteg
www.inflexpoint.com
Natural Login
www.palcott.com

Notes: Available as an EXE, MSI, or a server version.
Can be installed only using an Administrator account. Windows 2003 is not supported.
USB Key creation
Quick and easy.
Key Activation then adding user accounts to USB Key
It does not replace your pass with a USB Key. But adds additional authentication level – by using USB flash drive. Password usage is required.
Advanced.
USB Key removal options:
Lock desktop, turnoff, shutdown, hibernate pc.
Log Off user.
Activate screen saver1
Lock/logoff/
turnoff/restart
lock
lock
Can completely disable password login
+
+
– 
+
USB Key security. (two-factor login)
PIN. Keeps passwords on a USB drive in a secured manner.
Keeps plain passwords. Optional PIN for encryption.
Does not creates any file on USB drive.
Always makes you to use a password along with a USB flash drive.
Optional user defined questions or a graphical pattern you need to enter Creates encrypted file.
Multiple logins on a single USB Key
+
+

+
Key duplicate security hole.

program bounds up to owner USB flash drive and does not accept other for login (unless owner has 2 keys)
+

Program bounds up to your USB flash drive. It does not creates any files on USB flash drive.
+
Has emergency login way in case you lost or USB Key
+
based on a set of questions…

+
By answering to predefined set of questions.
+
login with user-defined questions/answers.
Windows XP welcome screen support
+


~
Windows Vista support
+



Easy of use for Key
Higher.
Standard
Standard
Higher
Additional Options
login screen customizations, Enhanced system shutdown dialog. Password generator. Remote desktop login via USB key support. Access restriction for users based on time factor. Has a Server version for networks.
Biometric logon + support of a dozen corporate security tokens.
no
no
New features development?
Support?
Has the best live product and support. Has a blog. Also available is a thorough Admin guide.
No new features for a long time. Support personnel always saying ‘we will implement this in future…’
No replies to my messages.
Last release date: 2005 year.
They speak French basically …
Last release date: 2005.
Price & Score (max of 10):
Features
/Support
/Usage
/Security
25/35$
9
10
10
10
~40$
7
5
8
8
25$
6
6
8
9
19/29$
8
6
9
10


USB Flash Drive WIndows loginUSB Key removal options:
Rohos is the only program that can activate a screensaver upon USB Key removal. Actually this is the same as locking your desktop, only more usefull. As an example, my MSN messenger goes to N/A state automatically when I unplug my USB Key to step away.

Key duplicate security hole.
The most hidden backdoor of any logon program. There exists the possibility to create a duplicate login Key by copying program file from your USB flash drive to another USB flash drive… thus making a duplicate Key without owners permission.

Safe Mode login hole
Yet another hidden backdoor… The possibility to bypass USB Key security by starting up Windows into Safe Mode and then you can login manually. (the most of logon programs is disabled in Safe Mode…)

Windows XP welcome screen support
Only the Rohos program allows you to keep your customized (skinned) version of logonui.exe! All other programs just install the so called MSGINA replacement with old style login dialog box. Natural Login makes it’s own welcome screen

Easy of use for the USB Key

Using the flash drive as a hardware key to PC means requiring users attention in every program. Here are some of the options one can expect:

a. USB drive Auto detection when setting up a first key

b. Prevents user from re-connecting the USB drive each time in order to unlock pc (just click on icon).

c. Allows a user to temporarly unplug(remove) USB key without pc lock (logoff/screensaver

d. Allows you to have two or more USB keys in order to access your computer/user account. This functionality is offered not by every program in my review.
USB flash drive as a security tokenFeatures I would like to see:
Thought has definitely gone into Rohos program. They offer to use it in the network and gives of additional options for admins to convince them into using it like USB Key admin tool. Also allows a customized MSI install. The existence of a thorough Admin guide is a huge plus besides allowing us the opportunity to prevent users to copy files outside a company/domain. The last feature is a huge plus for coporations as they can use these USB flash drives instead of the more expensive to use and harder to configure smart cards

The winner: Rohos Logon Key for 25$. But sometimes you have to open your wallet for a good thing 🙂
 

Lena Milovanoff ([email protected])

AskStudent Guest Author