Today, I’m writing about security. Logging in to Windows and Mac computers to be precise. I touched on 2FA before in my DIY implementation for NodeRED, but it’s the first time I’m playing with an authentication token that lets you log in to (in my case) Windows. GateKeeper is a Bluetooth based touchless* authentication token which logs you into your Windows account. It aims at enterprise customers primarily, but anyone working from home due to pandemic could benefit too!
*touch-less is one of the less secure options
GateKeeper use cases
It’s hard to resist making Bill Gates puns given the product’s name, but I will give it my best shot and keep that gate closed. Folks behind GateKeeper reached out to me to see if I could find 2FA useful in my workflow.
I can think of 2 use cases that are close to my heart.
While working away (50% of my time) I often end up writing about tech from public spaces. Lot’s of people outside but fairly safe places. No one is going to take my equipment the moment I turn away, but it’s a very practical thing to have your laptop locked the moment you step away to grab a drink or visit the loo.
For now, I’m working from home. While I don’t have kids running about trying to get on the computer the moment I turn around, many of you do. What I do have is a requirement to keep my work computer locked with a 4-word password that requires changing the moment I memorize it properly. I already have a USB based token for other work-related purposes, but typing an essay each time I need to log back into the computer gets tiresome.
Bluetooth based authentication
GateKeeper is a token-based, Bluetooth system. A token key (keyfob or a phone running Trident app) and Bluetooth adapter is required for this to work. The package comes with a USB Bluetooth adapter but most of the laptops come with one built-in, so I’m saving my USB ports for other purposes.
Windows 10 already comes with a proximity Bluetooth lock built-in, so you can use most of Bluetooth enabled gadgets to lock your computer when you are away, but you can’t perform the touchless login. There is a face log in option but Windows 10 also insists on not working with my laptop’s webcam.
The GateKeeper software is free (unless you want enterprise-level features, these start from $3 a month per user) and you can turn your phone with a secure token with an app. A designated fob and USB sensor will set you back $60.00.
GateKeeper logs you in, providing that signal is in a specified range, and additional authentication (optional) had been provided (PIN, password). Enterprise users have extended access to logs token management and pretty much anything that admins would need to manage authentication tokens for the entire company.
I should warn you, the GateKeeper can be installed alongside or instead of Windows 10 login option. If you use GateKeeper as the only way to log in to your device, if you lose the fob, you won’t be able to log in again. Enterprise users have token management tools to add and remove keys remotaly.
Handsfree log in in action
There are several life-quality improvements. I set the GateKeeper to automatic log in, since I’m home and I don’t really need that extra layer of security for now. I linked both, the key fob and enrolled the mobile app as well.
Windows will automatically log me in as long as one of the authorized devices is in the same room. I set the threshold to 60% for login and 30% for log out. It works really well. My laptop unlocks when I get into the room and I can pick up where I left off.
To assist locking your account, there is a lock button on the fob and within the app. These work very quick as well (about 1sec) and you can force the account lock before you leave the range. It’s perfect when you have to step away from the computer and you forgot to press
Apart from the contact-free authentication, GateKeeper comes with a Chrome plugin. This plugin stores credentials and login details for you, but these are only pre-filled only when the computer is unlocked with GateKeeper.
All that fun stuff is possible if you are the administrator of your own machine. The most practical aspects of the GateKeeper would be at work. Unfortunately, we are all at the mercy of IT departments that from my personal experience, are the least innovative department of each company I worked for.
It would take a lot of pressure to get them to make changes, as it involves work. In the UK the saying “ain’t broken, don’t fix it” seems to be a motto of any given IT team. Good luck with that!
I know that for most of you, GateKeeper might be an overkill in terms of how you access Windows at home, but if you happen to run a small company that relies on members swapping machines and typing long secure passwords, GateKeeper might be just the thing! Especially if you want to get compliant with new standards. Plus, let’s face it – we are all lazy when it comes to user-generated passwords. This is why the tech is here to make our laziness just a little bit more secure. Thoughts?