July 1st, 2024
To media representatives,
SoftGiken Co., Ltd. (CEO: Norio Fujita, established in 1983) began offering the "YubiOn Security Authentication Service" and "YubiOn FIDO Logon" cloud service in May 2021, which makes it easy for anyone to realize a passwordless world. "YubiOn FIDO Logon", which enables users to strengthen PC logon using various FIDO authentication security keys, has announced that it will support PC logon using passkey authentication even for Remote Desktop Connections from July 1st, 2024.
Image: Passkey logon with Remote Desktop
To perform passkey authentication when logging on to a remote PC, the PC you are connecting to usually needs to directly access the USB port of the PC you are connecting from. However, the standard Windows Remote Desktop does not have the USB device redirection function. So passkey authentication was not possible.
Some remote connection products support USB device redirection, but it is difficult to accurately transfer device communication, which is normally done in milliseconds, without any time lag. And there are practical issue with this, such as it not working properly depending on the device.
This update to "YubiOn FIDO Logon" uses the WebAuhtn redirection mechanism that Microsoft implemented in Remote Desktop last year to transfer only the passkey authentication contents to the PC you connecting from for authentication, rather than the USB device itself. This means that passkey authentication can now be performed on standard Windows Remote Desktop.
Image: Passkey authentcation contents transferred to the PC you are connecting from
"Passkey" is a technical standard for authentication that can be used on multiple devices, which has been promoted by the FIDO Alliance, which promotes the passwordless authentication technology FIDO, since 2022. It became a hot topic when Microsoft, Apple, and Google announced their adoption. Based on the existing FIDO2/WebAuthn standards, various mechanisms have been introduced to improve user convenience, such as synchronization of authentication information between devices (Synced passkey) and authentication on a different device (Hybrid authentication).
This is the first time that YubiOn will be able to use a passkey when logging on to a Remote Desktop.
Until now, it was not possible to log on to a remote PC using a passkey, and we introduced YubiOn Portal, a solution that uses OTP, as a service that can be used when connecting to a Remote Desktop. With the support for Remote Desktop, YubiOn FIDO Logon can now be used to log on to PCs remotely with a passkey, further expanding the range of options for customers.
By supporting Remote Desktop Connection, you can use "YubiOn FIDO Logon" on remote PCs or VDI environments without installing a separate product. So you can strengthen passwordless security while painting the UX.
SoftGiken provides a safer and more convenient logon experience with "YubiOn FIDO Logon". Smartphones, which many people use on a daily basic, can be used to log on to remote PCs, providing smarter authentication. Since it is possible to use authentication with existing FIDO security keys in combination, it meets various security requirements of organizations, such as using security keys and thorough inventory management in situations where hih security is required. Since policies can be set for each PC, detailed responses are possible, such as prohibiting lo-on by smartphone on a PC-by-PC basic according to security requirements. As part of Zero Trust security, it can be used as a tool to smartly strengthen the security of PCs, which are the assets that users touch the most. SoftGiken is always incorporating the latest security technologies to contribute to the developemnt of our customers' businesses.
1.What is YubiOn FIDO Logon?
"YubiOn FIDO Logon" is a cloud solution that can strengthen PC logon to two-factor authentication using FIDO (passkey). Its biggest features are that it can use FIDO authentication technology, a standard for Web authentication, to strengthen logon authentication on PCs, and that administrators can mange and control it on the cloud. It also supports Active Directory (AD) and Azure AD (Microsoft Entra ID).
Image: YubiOn FIDO Logon overview
2.Features of YubiOn FIDO Logon
1)Management and control possible through the Web management console:
Administrators can check the status and authentication information of registered devices at any time from the Web management console, and changes to settings are immediately reflected on the devices, allowing for real-time management.
Since the authentication log can be checked on the Web, the situation can be grasped immediately even when an incident occurs.
2)Easily realize strong FIDO (passkey) authentication:
Upgrade the logon of PCs to FIDO authentication with software installation and simple initial settings.
You can realize a strong security of FIDO to a PC.
3)Compatiple with various FIDO authenticators:
Since it is compatible with various authenticators based on the specification of "FIDO2", the authentication method can be freely selected.
Passwordless authentication can be used according to your needs, such as "PIN" & "authenticator", or "fingerprint" & "authenticator".
In addition, since the Android/Apple smartphone can be used as a authenticator, the range of authentication options has expanded.
3.Use scene
You can use it in various scenes where you are qorried about security:
1)In the environment where you use Active Directory (AD) or Azure AD (Microsoft Entra ID):
If you want to realize a two-factor authentication on your PC, but you don't want to change the settings of AD/Azure AD, or Windows Hello doesn't support the authenticator you want to use.
"YubiOn FIDO Logon" allows you to design free security without without being tied to the AD settings.
2)Set two-factor authentication only for a specific account:
You can set a detailed security setting for each account, such as two-factor authentication of Windows accounts with Administrator authority.
3)Reduce reset password inquiries:
FIDO Logon realizes passwordless authentication that does not require Windows password input after the first time use. So you can reduce the password forgetting inquiries.
4.Product specifications
1)System configuration diagram:
Image: YubiOn FIDO Logon configuration digram
2)Operating environment:
CPU: 32-bit or 64-bit processor with 1GHz or more.
Memory: 2GB or more.
Storage: 100MB or more free space.
Required middleware: .NET Framework 4.7.2 or later.
3)Support OS:
Client OS:Windows 10, Windows 11
Server OS: Windows Server 2016, Windows Server 2019, Windows Server 2022
※ Support for the detailed version of Windows 10 and 11 is based on the Microsoft support life cycle.
4)Main functions:
(1)Two-factor authentication:
The logon of the PC is strongly defended by two-factor authentication using a FIDO authenticator (FIDO security key, smartphone).
If you have a FIDO2 authenticator (including a smartphone passkey authentication), you can use a combination that does not use passwords such as "PIN" & "authenticator" or "fingerprint" & "authenticator".
(2)Force to FIDO logon function:
Force logon using a FIDO authentication when log on to Windows.
(3)Screen lock function:
Lock the screen when you pull out the FIDO security key.
(4)Offline logon function:
・Cache logon:
The cache at the previous authentication will be saved and used when offline.
・Expiration date setting:
Set the valid date of the cache information.
(5)Remotely lockout function:
Make the machine cannot log on (lock out) remotely in the Web management console.
(6)Lockout when authentication fail function:
・Lockout when authentication fail:
Lock out the machine when a certain number of logons fail.
・Automatic cancellation settings:
Automatically unlock out after a certian period of time after automatic lockout.
(7)Group policy function:
Reflect various settings of YubiOn FIDO Logon to group of machines.
(8)Log management function:
Collect the log of the machine and view it on the Web management console.
(9)Acquisition of location information:
Collect the location information of the machine and display it in the log.
(10)Version update:
Client software version upgrade.
(11)Uninstallation restriction function:
Restrict software so that general users cannot uninstall.
5.Price
・From 6,000 yen per year / 1 account (for annual payment).
※ Please purchase the FIDO authenticator separately, or please contact us for details.
6.Service pages
・Please refer to the following page:
This update special page: https://www.yubion.com/fido-logon-remote-desktop
コメント