none
storing Logon credentials on a USB flash cool disk RRS feed

  • Question

  • hi all

    is it possible to store a user credentials (his username and password) on a USB Flash cool disk so that he be able to logon to his computer by inserting the usb flash disk to his computer usb port  ?

    thanks in advance

    Friday, November 25, 2011 7:10 AM

Answers

  • Hi not that I know of. The only similar and recommended method is using a smartcard logon which uses certificates.
    MCTS...
    Saturday, November 26, 2011 9:44 PM
  • Not exactly as stated, but it would be better using a smartcard with a smartcard reader, or fingerprint reader. You can also encrypt the hard drive using Windows 7's Bitlocker feature, which is TPM based. TPM relies on the BIOS with TPM support.
     
    For Bitlocker, there are three options:
     
    Allow BitLocker without a compatible TPM. This check box enables BitLocker to be used on computers that do not have a TPM hardware chip. In this situation, a USB flash drive must be used that will store the encryption key for the drive.

    Configure TPM startup key. This option can be used to require that a USB key be used in addition to the TPM to protect the drive. To unlock the drive, the USB key must be present. The BIOS of the computer needs to be able to read data from a USB drive before starting the operating system. If you do not want users to be able to use USB keys with BitLocker or if you will require that users type a PIN to unlock BitLocker-protected operating system drives, select Do not allow startup key with TPM.

    Configure TPM startup PIN. This option can be used to require that a PIN be used in addition to the TPM to protect the drive. To unlock the drive, the PIN must be entered by the user. If you do not want users to be able to use PINs with BitLocker or if you will require that users insert USB keys to unlock BitLocker-protected operating system drives, select Do not allow startup PIN with TPM.


    Otherwise, you may want to look into smart card readers or fingerprint. I wouldn't simply put a username and password on a USB thumb drive. That's inviting a security issue.


     TPM:
     http://en.wikipedia.org/wiki/Trusted_Platform_Module
     
    Windows Trusted Platform Module Management Step-by-Step Guide:
     http://technet.microsoft.com/en-us/library/cc749022(WS.10).aspx#BKMK_2
     
    BitLocker Drive Encryption Step-by-Step Guide for Windows 7
     http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx

     

    (Note: I reposted this because my previous post had some HTML issues that skewed the thread. -Ace)


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Monday, November 28, 2011 5:03 AM
  • Hi John,

     

    Thanks for posting here.

     

    Basically we can set Smart Card Logon to achieve the goal about using a portable device for authentication, the article below just introduced the mechanism for reference:

     

    How to Support Smart Card Logon for Remote Access VPN Connections

    http://technet.microsoft.com/en-us/library/cc875840.aspx

     

    Thanks

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, November 28, 2011 7:30 AM

All replies

  • Hi not that I know of. The only similar and recommended method is using a smartcard logon which uses certificates.
    MCTS...
    Saturday, November 26, 2011 9:44 PM
  • Not exactly as stated, but it would be better using a smartcard with a smartcard reader, or fingerprint reader. You can also encrypt the hard drive using Windows 7's Bitlocker feature, which is TPM based. TPM relies on the BIOS with TPM support.
     
    For Bitlocker, there are three options:
     
    Allow BitLocker without a compatible TPM. This check box enables BitLocker to be used on computers that do not have a TPM hardware chip. In this situation, a USB flash drive must be used that will store the encryption key for the drive.

    Configure TPM startup key. This option can be used to require that a USB key be used in addition to the TPM to protect the drive. To unlock the drive, the USB key must be present. The BIOS of the computer needs to be able to read data from a USB drive before starting the operating system. If you do not want users to be able to use USB keys with BitLocker or if you will require that users type a PIN to unlock BitLocker-protected operating system drives, select Do not allow startup key with TPM.

    Configure TPM startup PIN. This option can be used to require that a PIN be used in addition to the TPM to protect the drive. To unlock the drive, the PIN must be entered by the user. If you do not want users to be able to use PINs with BitLocker or if you will require that users insert USB keys to unlock BitLocker-protected operating system drives, select Do not allow startup PIN with TPM.


    Otherwise, you may want to look into smart card readers or fingerprint. I wouldn't simply put a username and password on a USB thumb drive. That's inviting a security issue.


     TPM:
     http://en.wikipedia.org/wiki/Trusted_Platform_Module
     
    Windows Trusted Platform Module Management Step-by-Step Guide:
     http://technet.microsoft.com/en-us/library/cc749022(WS.10).aspx#BKMK_2
     
    BitLocker Drive Encryption Step-by-Step Guide for Windows 7
     http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx

     

    (Note: I reposted this because my previous post had some HTML issues that skewed the thread. -Ace)


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Monday, November 28, 2011 5:03 AM
  • Hi John,

     

    Thanks for posting here.

     

    Basically we can set Smart Card Logon to achieve the goal about using a portable device for authentication, the article below just introduced the mechanism for reference:

     

    How to Support Smart Card Logon for Remote Access VPN Connections

    http://technet.microsoft.com/en-us/library/cc875840.aspx

     

    Thanks

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, November 28, 2011 7:30 AM
  • Hi,

    You can transform a USB Key or the TPM on a virtual smart card then use smart card logon software.

    The virtual smart card I am refering is http://www.mysmartlogon.com/products/eidvirtual.html

    Thursday, February 28, 2013 12:36 PM