top of page
Blog article

Blog article

YubiOn

"YubiOn FIDO Logon" Service Now Supports Windows Logon with "Passkey"

September 12th, 2023

To all members of the press,


SoftGIken Co., Ltd. (Representative Director: Norio Fujita, founded in 1983) started providing the "YubiOn FIDO Logon" cloud service in May 2021, which allows anyone to easily create a passwordless world using the "YubiOn Security Authentication Service". This time, we are announcing that "YubiOn FIDO Logon", which allows you to strengthen PC logon with various FIDO authentication security keys, will support PC logon using passkey authentication from smartphones as of September 7th, 2023.


"Passkey" is a technical standard for authentication that can be used on multiple devices and has been promoted since 2022 by the FIDO Alliance, which promotes the passwordless authentication technology FIDO. And Microsoft, Apple, Google have announced their adoption. Based on the existing FIDO2/WebAuthn standards, various mechanisms have been introduced to increase user convenience, such as synchronizing authentication information between devices (Synced passkey) and authenticating on a separate device (Hybrid authentication).


With "YubiOn FIDO Logon", SoftGIken is now offering a new logon function using a smartphone using Hybrid authentication. By using smartphones, which many people use daily, as an authentication device for PC logon, we provide a smarted PC logon experience. Authentication using existing FIDO security keys can also be used, so in situations where high security is required, security keys can be used to meet the various security requirements of organizations, such as ensuring thorough material management... Policies can also be set for each PC, allowing for detailed responses such as prohibiting smartphone logon on a PC-by-PC basis to meet security requirements. As part of Zero Trust security, it can be used as a tool to smartly strengthen the security of PCs, which are the assets that users touch most. SoftGiken always incorporates the latest security technology and contributes to the development of our customers' businesses.


1. What is YubiOn FIDO Logon?

"YubiOn FIDO Logon" is a cloud solution that can enhance PC logon to two-factor authentication using FIDO. The biggest features are that FIDO authentication technology, which is a web authentication standard, can be used to strengthen logon authentication on PCs, and that administrators can manage and control it on the cloud. It also supports Active Directory (AD), and Azure AD (Microsoft Entra ID).

2. Features of YubiOn FIDO Logon

1) Can manage and control using the web management console:

Administrators can check the status and authentication information of registered devices at any time from the web management console.

Authentication logs can be checked on the web, allowing you to quickly understand the situation when an incident occurs.

2) Easily implement strong FIDO authentication:

Upgrade PC logon to FIDO authentication with software installation and simple initial settings.

You can introduce FIDO's strong security to your PC.

3) Compatible with various FIDO authenticators (also compatible with passkey authentication using a smartphone:

It supports various authentication devices based on the specifications of "FIDO2", so you can freely choose the authentication method.

You can also use combinations that do not require a password, such as "PIN" & "authenticator" or "fingerprint" & "authenticator".

Additionally, Android and Apple smartphones can now be used as authenticators, further expanding the range of authentication method options.


3. Use scene

It can be used in various situations where security is a concern.

1) In an environment using Active Directory (AD) or Azure AD (Microsoft Entra ID):

If you want to implement two-factor authentication on your PC, but do not want to change AD/Azure AD settings, or you cannot use the authenticator you want to use with Windows Hello, etc., there are restrictions due to the environment.

"YubiOn FIDO Logon" allows you to freely design security without being tied to AD settings.

2) Use two-factor authentication only for specific accounts:

You can make detailed security settings for each account, such as requiring two-factor authentication only for Windows accounts with administrator privileges.

3) Reduce inquiries about forgotten passwords:

By using the password remember function during the initial setup, you will no longer have to enter your Windows password afterward, reducing inquiries about forgotten passwords.


4. Product specs

1) System configuration diagram:

2) Operation environment:

CPU: 32-bit or 64-bit processor at 1GHz or faster

Memory: 2GB or more

Storage: 100MB or more free space

Required middleware: .NET Framework 4.7.2 or later

3) Support OS:

Client OS: Windows10, Windows11

Server OS: Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022

※ Detailed version support for Windows 10 and 11 follows Microsoft's support lifecycle.

4) Main functions:

(1) Two-factor authentication:

Strongly protects PC logon with two-factor authentication using a FIDO authenticator (FIDO security key, smartphone).

With FIDO2 authenticators (including passkey authentication using smartphones), you can also use combinations that do not require passwords, such as "PIN" & "authenticator", "fingerprint" & "authenticator".

(2) FIDO logon enforcement function:

This is a feature forces logon using a FIDO authenticator when loggong on to Windows.

(3) Screen lock function:

Lock the screen when you remove the FIDO security key.

(4) Offline logon function:

・Cache logon:

This function retains the cache from the previous authentication and performs authentication when offline (cache logon).

・Expiration date setting:

Set the number of days the cache information is valid.

(5) Remote lockout function:

This is a function that remotely disables logon (lockout) to a terminal using the Web management console.

(6) Authentication failure lockout function:

・Authentication failure lockout:

This feature locks out the device when a certain number of failed logon attempts occur.

・Automatic release setting:

This is a function that automatically releases the lockout after a certain period after automatic lockout.

(7) Group policy function:

This is a function that reflects various YubiOn FIDO Logon settings for each grouped device.

(8) Log management funcfunction collects terminal logs and viewsgs and view them on the Web management console.

(9) Acquisition of location information:

This function collects the location information of the device and displays it in the log.

(10) Version update:

This is a client software version upgrade function.

(11) Uninstallation restriction function:

This function restricts general users from uninstalling software.


5. About fees

・Annual fee starting from 6,000 yen/1 account (if paid annually)

※ FIDO authenticators can be purchased separately or are also available at SoftGiken, so please contact us for details.


6. About the service page

・Please refer to the following page:



 
  • Click here for the press release article.




bottom of page