ThinC-AUTH

Biometric security key

  • FIDO2 certified
  • Microsoft compatible
thincbannerimg

Overview

ThinC AUTH FIDO2

ThinC-AUTH is FIDO2 certified biometric security key and is Microsoft compatible. The key is used for passwordless login to the latest version of Windows 10 operating system and numerous FIDO2 enabled web applications.

FIDO2 is a phishing proof, passwordless authentication protocol defined by the FIDO Alliance and the World Wide Web Consortium (W3C). ThinC-AUTH provides strong authentication for the web. In March 2019, W3C announced that WebAuthn is the official web standard for passwordless login.

Features

Supports hybrid
environment

Users can now sign in to Windows on both Azure AD and Hybrid Azure AD joined devices

Configurable
security key

With a biometric touch-to-authenticate, the multi protocol ThinC-AUTH protects

Fingerprint
authentication

Strong biometric technology makes ThinC-AUTH Security Key one of the most secure hardware tokens.

Strong security
architecture

The core functionalities of the embedded security chip of ThinC-AUTH is to encrypt,

Strong
algorithms

AES, HMAC, ECDH achieves high-level security to User and Key.

Single key for
hundreds of services

Passwordless authentication to Windows 10 systems (connected to Azure AD);

About FIDO2

Alternate Text
FIDO2: The new standard for secure web log-in
  • Logging onto a website using your username and password is no longer the best certification method for various reasons.On the one hand, submitting personal user information is becoming increasingly cumbersome due to the ever-increasing number of services an average person uses. On the other hand, the security of log-in data is increasingly at risk due to cybercriminals becoming sneakier and more technologically advanced.
  • Targeted brute-force attacks or seemingly harmless email phishing attacks accumulate, and users often don’t even notice that their own login data has already been tapped. The FIDO2 security standard addresses this problem by enlisting the help of two-factor authentication that uses security keys (FIDO2 keys) and hardware tokens. Thanks to the integration of the W3C standard WebAuthn – this procedure not only allows encrypted and anonymous log-ins, but also completely password-free log-ins.
Alternate Text
What is FIDO2?
  • FIDO2 is the latest specification of the non-commercial FIDO Alliance (Fast IDentity Online), an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. The FIDO Alliance was created with the aim of developing open and license-free standards for secure, worldwide authentication on the World Wide Web.
  • First came FIDO Universal Second Factor (FIDO U2F), then FIDO Universal Authentication Framework (FIDO UAF), meaning that FIDO2 is the third standard to emerge from the alliance’s work. At its core, FIDO2 consists of the Client to Authenticator Protocol (CTAP) and the W3C standard WebAuthn, which together enable authentication where users identify themselves with cryptographic authenticators (such as biometrics or PINs) or external authenticators (such as FIDO keys, wearables or mobile devices) to a trusted WebAuthn remote peer (also known as a FIDO2 server aka XSense IAM/IdP Server) that typically belongs to a website or web app.
Alternate Text
Why do you need security specifications like FIDO2?
  • FIDO2 eliminates the risks of standard user login process with ‘username and password’, which isn’t considered the most secure, as well as simple two-factor authentications (email, mobile app, SMS). FIDO2 prevents cyber criminals using typical attack patterns such as man-in-the-middle attacks and phishing from succeeding and taking over the user’s account.
  • Even if the log-in data is compromised, the FIDO2 login will only work with the respective hardware security key. Adding biometrics to the security key, such as ThinC-AUTH, protects from sharing the key with other users, and prevents from login with known or shared PIN. The fact that FIDO2 is an open standard makes it easier for software and hardware developers to implement the standard in their own products, so they are able to offer users this very secure login method.
Alternate Text
How does FIDO2 work?
  • The main goal of FIDO Alliance is to increasingly eliminate passwords on the web. In order to achieve this, the secure communication path between the client (browser) and the respective web services is first set up or registered in order to be permanently available for later logins. In this process, FIDO2 keys are generated and verified, which provide the basic encryption for the logon procedure.
  • The procedure is as follows:
  • The user registers with an online service and generates a new key pair on the device used - consisting of a private key and a public FIDO2 key.
  • While the private key is stored on the device and is only known on the client side, the public key is registered in the web service’s key database.
  • Subsequent authentications are now only possible by verification with a private key, which must always be unlocked by a user action. There are various options such as entering a PIN (vulnerable as it can shared), pressing a button (vulnerable as it can accessed by unauthorized people), or authenticating with biometrics to the security key (secure as ThinC-AUTH) itself.
Alternate Text
What are the requirements for using FIDO2 authentication?
  • The FIDO2 specification defines all components that are required for the modern authentication procedure. First and foremost is the repeatedly mentioned W3C standard WebAuthn, which allows online services to enable FIDO authentication via a standard Web API that is also implemented in various updated versions of web browsers and operating systems.
  • Applications that already support the standard declared in March 2019 include Windows, Android, and iOS (version 13 or higher) as well as the following browsers: Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari (version 13 or higher). The second critical component is the Client to Authenticator Protocol (CTAP). This protocol enables the various FIDO2 tokens to interact with the browsers and also to act as authenticators. Both the browser used, and the desired hardware token must therefore be able to communicate via CTAP in order to use this security feature (including password-free login).
The advantages of FIDO2 authentication at a glance:
Higher security level FIDO2 encrypts the log-in by default with a key pair (private and public) that can only be unlocked with the registered security key.
Higher user comfort In passwordless mode, FIDO2 shows its strengths in terms of user convenience. Different passwords are just as much a thing of the past as entering the password itself - instead, authenticating with registered fingerprint to the security key is good enough.
Protection against phishing Using FIDO2, you don't have to worry about phishing even with the two-factor variant with password. Even if criminals obtain the password, they are denied access to the protected account.
Unique Biometric authentication Biometric Security Key, such as ‘ThinC-AUTH’ provides unique authentication approach, and prevents from sharing the security key itself, while encrypting the fingerprint minutiae templates within the security key.

AMS

As enterprises procure large number of Biometric FIDO2 Security Keys, which are distributed to their Users & other stakeholders to ensure secure passwordless authentication, management of these Security Keys incur tedious burden on IT Admin teams.

Ensurity’s AMS (Asset Management System) solution efficiently manages the device management of ThinC-AUTH Biometric FIDO2 Security Keys. The AMS helps enterprises in managing the inventory of the Security Keys and assigning them with enterprise Users to fulfill their fingerprint enrollment process.

AMS provides controlled environment for the Users to enroll their fingerprints onto the ThinC-AUTH Security Keys. AMS securely stores the log reports for the audit purposes.

Features & Advantages
AMS Portal
  • Interactive dashboard with GUI
  • Drastically reduces the burden on IT Admin
Deployment
  • On-Premises / Enterprise Cloud infrastructure
  • Ensurity’s SaaS platform
User Integration
  • Syncs with Azure AD for syncing Users
  • Syncs with Local AD / LDAP for on-prem deployment
Roles Management
  • Set Roles to Users (Admin / Service Desk / End-User)
  • Admin & Service Desk users securely authenticate to AMS portal
Device Management
  • Easy inventory of Biometric Security Keys (unique Serial numbers)
User-Device Management
  • Easy assign/unassign Security Keys to Users (user gets an automated email notification on the device assign status)
  • Reset the Security Key remotely, in a controlled environment
Enrolling Fingerprints
  • Controlled environment for enrolling fingerprints (protect Users to enroll fingerprints using 3rd party tools or within Windows)
  • Provision to set a choice of maximum fingerprints between 1 and 5; with a support for bulk user configuration
  • Generates Device Log (fingerprint enrolment status on the assigned Security Key)
Security Management
  • Generates PIN dynamically within the Security Key
  • PIN is unknown to User
  • Mandates only User’s Biometric authentication; and disallows PIN-based authentication
Self-Lock of Security Key
  • ThinC-AUTH Key will be self-locked on detection of configurable count of continuous wrong fingerprint authentication attempts
Log Reports
  • Generates reports on Audit, Event & Security activities
    Export the reports as CSV files

FAQs

ThinC-AUTH is USB based Security Key with Biometrics. The device is FIDO2 certified and is Microsoft compatible. ThinC-AUTH is suitable for secure passwordless authentication to multiple FIDO2 enabled web applications and Microsoft Windows 10 Rel 1903 or higher versions.

The Fast Identity Online (FIDO) Alliance is a non-profit organization dedicated to reducing reliance on username/password authentication approach. To learn more about FIDO, visit https://fidoalliance.org/. Members of the alliance include. Microsoft, Google, Nok Nok Labs, Samsung, RSA, NTT Docomo etc.

Latest FIDO standards, FIDO2 proposals present a strong user authentication framework that can replace passwords and will achieve it without compromising user convenience and experiences across difference types of devices and clients. To learn more about FIDO2, visit https://fidoalliance.org/fido2/.

ThinC-AUTH tool support Windows 7/8/10, Ubuntu (16.04 or higher), MacOS (10.10.x or higher).

There are two different ways to enroll the fingerprints: Microsoft Windows 10 ver 1903 or higher and/or ThinC-AUTH tool.

For security reasons, ThinC-AUTH key will be completely locked if the registered fingerprint fails 5 times in a row. Disconnect the device and run ThinC-AUTH tool and enter PIN code to unlock the device.

How to Videos

ThinC-AUTH

Windows 10 Login

Quick Start on Windows

U2F for Dropbox

Alternate Text

Speak to a Security Expert

To find how we can help you.