Rohos Logon Key for Mac
Have you ever worried that your Mac may be insecure? What if someone learns your password?
Administrator passwords should be secure! Do NOT use your pet’s name, your wife’s name, your birthday, or some other laughably guessable password. I know one wonderfully paranoid friend whose administrator password for his Mac is
Most security experts would applaud this degree of complexity. Unfortunately, most humans would be hard pressed to remember this password, and be even harder pressed to type it correctly when required. But even a complex password may be stolen, especially if the owner is fool enough to write it down.
Rohos, a software firm based in Moldova, says their Rohos Logon Key for Mac can address these issues, and more.
The Rohos Logon Key for Mac (the "Key" hereafter) is a USB flash drive-based security solution. The Key allows two-factor (two separate passwords) logins, as well as requiring the USB key for login. It also permits the user to force certain actions whenever the USB flash drive is removed.
The Weeks Division of MyMac Labs used the Key for several testing sessions, and here’s what we found.
Key installation is quick and painless. We needed less than a minute to install the Key software our late 2008 MacBook Pro and on a Cruzer 2GB flash drive. Rohos does not provide a flash drive, virtually any flash drive will work.
The Key software on the Mac is accessed by a menu bar icon. From there, you can set preferences, and launch the Key application. There’s little to do once you’ve set your preferences.
The Key application controls what happens when the USB flash drive is removed. We initially chose the Lock the Desktop option, but we tried all the various options during testing, except "No Action."
Hidden under the dropdown menu in this screenshot is one more important option: Change PIN. This allows you to set a separate password, distinct from your administrator password, that must be entered when the USB key is plugged into your Mac. This provides even more security if some nefarious person steals the USB flash drive. If you choose not to enable a PIN for the flash drive, anyone with the flash drive has access to the administrator password saved on the Key. This requirement for two separate passwords is "two-factor authentication," and makes your Mac even more secure.
Other features are controlled by the Preferences window. More security can be obtained by choosing Allow to login only by using USB Key, and Activate password protected screensaver upon USB removal. "Allow to login only by using USB Key" mean just what it says. If this option is not enabled, someone can use automatic login (if enabled), but the Key will be required whenever the admin password is needed.
If you’re forgetful, or worried that you might lose the flash drive, you can authorize more than one flash drive.
Aside from providing multiple layers of security, perhaps the best feature of the Key is automatic entry of the administrator password when the Key is plugged in. Depending on how you configure your Mac, you may need to enter the admin password many times per day. The longer, more complex, and more secure your password is, the more annoying this becomes, especially if you’re not a speedy touch-typist. With the Key, you’ll see the dialog box asking for your password. But after a very short pause, the Key enters it for you, and the dialog box goes away.
In our day-to-day use, the Key worked very well, with just a few glitches. We chose the "Lock the Desktop" option when the USB key was removed. If you don’t unmount the USB key from the desktop, you’ll get this warning when you pull the USB key when you leave your Mac:
Unmounting the flash drive is no different than ejecting any other external drive; just drag the disk icon to the trash. Or, click the icon to highlight it, and choose Eject from the File menu.
The average user may think the USB icon must be visible for the Rohos Key to work, but that’s not true. If you eject the drive, but leave the USB key plugged in, the Rohos Key works perfectly, and you won’t get the "not ejected properly" warning. It would be better if the documentation spelled this out. We complained to Rohos about this bug, and were told it would be addressed in a future update.
We just loved the way the Key automatically entered our admin password when needed. Our password is an eleven letter non-English word with mixed case. Most of the time, my less-than-dextrous typing skills enter it correctly the first time, but sometime not. The Rohos Key never missed a beat.
Both "Locking the Desktop" and "Sleep" options when the flash drive is removed worked as expected. We coupled this with "Allow login only by using USB key" to require the flash drive to log back in. If you then remove the flash drive, and have chosen the PIN option when the flash drive is re-inserted, the two-factor authentication kicks in.
There’s one very significant "it’s not a bug, but it’s not a feature" problem. Be very aware that the "Log Out" and "Shut Down" options still require the user to deal with any unsaved changes before the Log Out or Shutdown process continues. If you have unsaved changes in any document, but pull the USB flash drive and walk away, your Mac will still present the usual dialog box asking if you wish to save changes. Some nefarious agent could simply click "Cancel," thus stopping the Log Out/Shutdown process, and then keep using your Mac without the flash drive plugged in. Depending on the Key preferences you have set, the unauthorized user may keep prying into your Mac as long as the administrator password is not requested.
Other than the tremendous convenience of having the Key auto-enter your password (we can’t praise that feature enough), how much additional security does the Rohos Key provide over Mac OS X’s various security options?
Apple provides the ability to turn off both automatic login and choosing the user from a list, thus requiring the user to enter both the user name and password to boot up your Mac, and on any subsequent logins. You can require a password to wake from sleep, and you can set sleep to take place with as little as one minute of inactivity. You can require the password to access any System Preference pane. Choosing all those options means you’ll be entering your password a lot.
What Apple does not provide is two-factor authentication. If you require a separate PIN to be entered whenever the flash drive is plugged in, this adds a huge level of security. It prevents someone from stealing the flash drive and getting full access to your Mac. Also, as noted earlier, the longer your password, the more secure it is, but the harder it is to enter. Many people will succumb to temptation, and choose an easy to type password. Rohos lets you pick the hardest, most unguessable password possible, and have it automatically entered for you.
Be aware that if you PIN your flash drive, and forget the PIN, there’s no backdoor. The Windows version of the Rohos Key has an emergency access mode, but it’s not available for the Mac. Depending on your point of view, that is a feature or a drawback. If you’re worried about losing your flash drive, and being locked out of your Mac, don’t. You can authorize as many flash drives as you wish.
If you don’t want to rely on a USB flash drive, Rohos advertises that you can use a Bluetooth cellphone in place of a USB drive. While the instructions listed iPhone compatibility, I could not successfully choose my iPhone to work with the Key software, in spite of much fiddling with various Bluetooth settings on both the Mac and the iPhone. Points off for that. After inquiring, Rohos told us this was a own problem, and they were developing a small utility to allow iPhone users to use the BlueTooth capabilities of the Logon Key.
It’s good the Key is generally easy to install, configure and use, as the documentation has a slightly awkward "translated from the Moldovan" feel to it. Also, it would be better to provide an FAQ and troubleshooting file with the installer, rather than requiring them to be downloaded from the Rohos web site.
How secure is the Rohos Key? We made several attempts to fool the system, but failed. We first tried cloning the flash drive. Using Disk Utility, we made an "entire device" disk image of the Cruzer flash drive, and restored that image onto a different USB drive. Then we used Carbon Copy Cloner 3 to make a block level disk to disk copy of the Cruzer to the new flash drive. No luck, even though the block-level copy was successful. It appears that Rohos references each USB drive’s unique serial number, so cloning the original won’t work.
Can you get around the Key security via booting into single user mode? Sure, but that’s also true of the OS X security options discussed above. Unauthorized access to your files can be had via Target Disk Mode. The only way to plug these security holes is to enable an Open Firmware password. This will prevent your Mac from even booting up, or being placed into Target Disk Mode without entering the password. See this Apple Support document.
The main weakness was the issue noted above about naive users assuming the Mac will logout or shut down when the flash drive is pulled but there are unsaved changes. Other than that, the Key looks to provide both tight security and ease of user for administrator password entry.
Pros: The Rohos Logon Key for Mac, if properly configured, adds an additional layer of physical security for your Mac. Two-factor authentication is a major bonus. The ability to auto-enter administrator passwords eliminates all the hassle of using long and complex passwords.
Cons. No emergency mode to access your Mac if you lose all authorized USB drives and the Key is set to require the flash drive to login. Documentation could be more detailed. I was unable to use my iPhone as advertised.
Conclusion, If you’re a security-minded person, Apple’s options provide a fairly good level of security. But Rohos takes it to the next level, combining more security and ease of use.