Windows Authentication with USB token for Windows 8.x/10

MxLogon2sc is a 2-factor, 2-step Windows authentication solution, using USB smart card token. When a valid token is connected, it prompts for PIN entry. After the token authentication is successful, it shows username / password entry screen. You must have a valid token and its PIN to be able to enter username and password. The 2-factor authentication with a smart card token protects the standard password authentication.

How is MxLogon2s different from the smartcard provider that comes with Windows? The latter authenticates a domain (Active Directory ) user, using a client certificate stored in a smart card; AD envrionment is assumed. It can authenticate a certificate in the connected token without requiring password entry. PIN protects the token certificate. But anyone who gets hold of the token and happens to obtain its valid PIN can sign in to Windows as the certificate user.

MxLogon2sc does not require AD nor network connection. It works stand-alone. It can use a certificate in a token, but it is for authenticating the token itself. The token authentication is locally processed. Anyone who has a valid token and its PIN still must enter a valid username and password to get authenticated. A token can be configured to specify which user can log in in the second step.

While logged in, unplugging the login token will lock the log-in session.

image

USB token authentication requires PIN entry. You normally enter it manually or a token may be configured to auto-fill it

image


Once a USB token authentication is successful, the screen switches to the username/password authentication.

image


OS Supported

  • Windows 10( 32bit / 64bit )
  • Windows 8 / 8.1( 32bit / 64bit )