Gatekeeper Two-Factor Authentication review: Needs a consumer-grade overhaul - wardnearst

Securing your PC with to a higher degree just a PIN or password is easy with Windows Hello's biometric logins; however, not all PC has the hardware to use it and more or less users just don't want to storehouse their fingerprint operating theatre have their iris diaphragm scanned by Windows 10, disregardless what the privacy promises are.

Enter the Gatekeeper Wireless Security Key from Untethered Labs. This Bluetooth system workings as a one-allude login for your PCs, as well as a countersign manager that also stores your one-time password codes for two-factor authentication.

Information technology sounds great, only in my opinion this cartesian product just isn't ready for consumers. IT was originally designed for enterprises, and instead of modifying it for the consumer market Untethered is offering the identical product to the lanyard-less masses. The terminate result is that Gatekeeper has some deal out-offs for home users and just isn't a functional creature for near the great unwashe.

First, don't mistake Gatekeeper as an alternative to devices like the Yubikey. Gatekeeper is more limited as a 2-factor authentication gimmick since it does not support FIDO2 same-extend to logins for websites. That Crataegus laevigata never change as Gatekeeper doesn't store information the way something like Yubikey does. All critical information remains secured on the PC instead.

The organisation

gatekeeperdesktop1 — The primary splashboard for the Gatekeeper customer.

Gatekeeper has three primary components: the Bluetooth key trick called the Halberd, a down-visibility USB Bluetooth detector, and the Gatekeeper client software. In that respect's also a password manager web browser extension for Chrome and Firefox.

The Halberd runs on a CR2450, 3-volt battery, while the Bluetooth sensor is powered past the PC.

Gatekeeper manages logins via the desktop software, and frame-up is a proportional tear. The one issue I have is that the desktop software uses enterprise language that may be effortful for some populate to understand. You have to pick out betwixt a local anesthetic OR domain account, e.g.. Either volition work supported on our tests, but local is the easiest choice for most users.

The rest of the frame-up is a pandurate encase of choosing a PIN and connecting the Halberd to the desktop software. The Halberd can be used on multiple PCs, though each will need a Bluetooth sensor.

At one time that's taken care of you'ray off to the races. Gatekeeper controls logins by creating what appears to be its own substance abuser account statement connected the Window 10 login test. I pronounce "appears" because you won't find a substance abuser account in the Settings app. Regardless, the end result is visually the same.

gatekeepersettings — Adjust Doorman's login requirements in the settings.

Gatekeeper allows for several divers slipway to log-in, including proximity detection with Bowling pin, an automatic login via proximity detection, and a touch login where you must touch the Halberd to the Bluetooth sensor.

By default, the organisation uses the proximity detecting with PIN. The proximity is quite narrow, which avoids accidental unlocks if you rich person automatic logins enabled. Once you get about 12 to 15 feet from the Microcomputer Gatekeeper locks low-spirited the machine.

Gatekeeper is a fun way to log in that is more Mission Out of the question than Microsoft Windows, which is why IT Crataegus oxycantha appeal to some. The idea with the Halberd is to keep apart the fob on you in the least times, thus preventing others from logging in to the PC without the key fox.

The job is that Gatekeeper doesn't stop anyone from logging in the regular way via your usual Windows account. There is a setting to invalid Windows accounts in the Gatekeeper desktop app, or to need the Halberd in addition to the regular Windows login; however, these features are available only to enterprise customers. Perhaps that's a white thing, because if you e'er lost the Halberd, or it became unusable, then you wouldn't glucinium healthy to get into your PC. We asked Untethered Labs about this and a spokesperson said, "The consumer version of the Gatekeeper application is meant to present the key features of the initiative solution. Towards this end, we have decided to keep the various configurations to a minimum that is most effective to case the Doorman advantages."

Overall, the organization worked really well. There were the occasional oddities where the proximity lock wouldn't kick in while a sounding-CRT screen game was running and I walked absent from the PC. I also wouldn't see the Gatekeeper login option sometimes after a fraught PC shutdown, which makes this product better clothed to those who leave their computers along day in and day out.

As a security gimmick, notwithstandin, Gatekeeper waterfall short since you need an go-ahead account to actually stoppag someone from logging in to your Microcomputer without the Halberd. This form of login, past, is little more than a convenience for home users.

The countersign manager

gatekeeperpasswordmanager — The Gatekeeper countersign manager in the desktop client.

Porter's password manager works doubly. The login data is stored on the background client, also as in the browser filename extension for Chromium-plate and Firefox. All data is encrypted using AES-256 and you cannot access it without the key fob present.

The watchword manager industrial plant only enough. The web browser extension offers to capture usernames and passwords as you log in to sites, and it autofills your login credentials as you need them. IT doesn't contain extra features that dedicated password managers set, much equally text file storage or notes. The watchword manager saves web logins and nothing else.

It also doesn't have the ability to extract logins from the browser, just information technology does have an choice to export logins to a CSV file cabinet via the "Recuperate Credentials" option at the bottom of the Credentials menu pictured preceding.

There were some quirks with the password manager's autofill boast. It would behave oddly in Proton Postal service, for example, autofilling the username in the "To:" field of a new mail message. It would likewise drop out the username for PCWorld's CMS login when managing articles in the web user interface. Some bank sites would also hang with Doorkeeper active in the browser.

gatekeeperbrowserextension — Gatekeeper's password manager browser extension.

Ostiar also wouldn't reliably volunteer to save a new login the way 1Password or Dashlane would. IT would do this sometimes, but not every time, meaning you'd have to enter some new logins manually.

One respectable convenience with Gatekeeper's password manager is that information technology also saves one-time parole (OTP) secrets. This makes it possible to autofill passwords and two-factor authentication codes at the same time. You need the Halberd nearby to utilisation the password manager, so it doesn't put up easy access to your accounts unless an attacker has memory access to both the Halberd and your PC with the Door guard application installed.

The galactic issue with the Gatekeeper password managing director for consumers is that thither's no cloud component, meaning your logins and OTP codes aren't transferred between PCs. It as wel means you can't access your passwords happening a mobile device. We asked Unbound Labs about this and the company aforesaid, "Non at this time but it may be considered in the near future. We are concentrating on the enterprise customers because our goal is to provide a comprehensive get at management solution for organizations."

Pricing and the verdict

The Gatekeeper Halberd system costs $60 for the key fob, USB Bluetooth sensor, software, and a laniard.

The Gatekeeper organisation is not for everyone, because it's not very a consumer device. It lacks many a of the creature comforts that consumers accept come to expect such every bit secure obscure storage for passwords in order to have their data available on multiple devices. The Halberd doesn't usance Windows How-do-you-do, meaning you must depend on the Gatekeeper customer for logging in to Windows. The companion tells Maine the grounds for this is that its features including the automatic Personal computer lock are not supported by Windows Hello.

It would also be nice if Ostiar worked with FIDO2 as other Bluetooth and NFC devices do, but that may not cost possible since the Gatekeeper key doesn't store information.

At long last, I'm wondering who would ascertain this device sincerely usable that's not divide of an enterprise deployment. IT would have to be someone who is primarily or exclusively a Personal computer drug user (at that place's also a Mac client), someone who wants a one-feeling login contraption for Windows, and a limited password managing director built in to their two-factor authentication device. That, to me, seems like a very slim niche.

If, however, Unbound created a consumer-grade Halberd that offered a more full-featured word manager (or at to the lowest degree one with cloud entrepot for multi-gimmick access code), FIDO2 support, and integrating with Windows Hello (even if it means losing auto-lock), past we'd having something advisable worthy considering. Right now, it's a small consultation that would be interested in this as a consumer device.

Source: https://www.pcworld.com/article/393550/gatekeeper-two-factor-authentication-review.html

Posted by: wardnearst.blogspot.com