Gatekeeper. Two Factor Authentication and Key Finder
-
Gatekeeper is an interesting device. It comes with a wireless key fob (which takes a button cell battery but they are nice enough to include two batteries in the package). It also uses a Texas instruments based USB dongle. The dongle allows you to lock and unlock your computer based on proximity of the key fob to your computer.
At first of I had lots of problems with this setup. The Software would constantly crash while my computer was running and other times it would just report that the USB dongle was missing. I was about to just give up on the Gatekeeper as a failed product from these troubles.
After a while I moved the USB Dongle to the USB hub on my monitor and it worked fine. I’m thinking since this is Bluetooth based the dongle did not like being beside my Wifi card on the back of the computer. After moving the dongle to the monitor I had no issues with either the software crashing or the dongle reporting that it’s missing.
The other feature they promote of this device is that you can use your phone with the gatekeeper app to find the key fob. I tried the application on my Blu Life 8 and I only got it to work twice. Most of the time it would fail to find the gatekeeper. Of the two times that it did the beeping from the keyfob was super quiet so finding it would still be a pain. The application does have a RSSI Db meter so that would assist in finding it but not as easy as if they had made the device itself louder. I’d write this feature off as a gimmick.
Another thing they claim about this device is that it does two factor authentication. Put simply – It does not. What it does do is lock and unlocks your computer. To unlock it you need to store your login credentials in their application. To do what they claim is to factor authentication you simply tell the software to only lock the computer if the Gatekeeper is not present but not unlock. So you need to enter your password. The problem is this isn’t true 2FA you actually can login without the Gatekeeper. The Gatekeeper will lock the computer just as it would normally after you login with your password – this is what they are calling two factor. Someone could easily disable the Gatekeeper application that sits in the taskbar and defeat the need for the gatekeeper to be present and continue using the computer.
The other concern I would have about using this in a business for two factor authentication is it seems the verification of the gatekeeper is solely based on the Bluetooth mac address of the key fob. This could easily be spoofed. It does not seem to have a random generated key on the device.
I think for easy locking of your computer when you walk away for those who forget to use Win+L this is an awesome and great device at under $50.
I think my main problems with it could easily be fixed with a new software update that does true two factor authentication at login as well as locking the computer when you walk away. It would be awesome if the firmware could be update so the device would act more like a RSA token.
-
@thecreativeone91 don't people just leave there keys at there desk then?
-
@Aaron-Studer said:
@thecreativeone91 don't people just leave there keys at there desk then?
Leaving keys wouldn't be a problem for us, it's complaining that they have to carry a device around with them. But for the convenience of locking/unlocking their computer this sounds pretty interesting and cheap. I guess my only concern is how is the password stored? Are we sure that someone can't extract the password easily from their software?
-
At our local hospital (that I am a patient at and do not work) they have a RFID two factor system. They scan the card they are carrying and then type in a fairly long password. I've heard a few complaints about it but more along the lines of having to remember the password then carrying the card.
-
I'd love a system like that, but at $200 a user/workstation we'll never do it. Not to mention that we are on laptops and adding quick access to laptops that need to be mobile is a pain and the devices are constantly getting damaged.
-
@Aaron-Studer said:
@thecreativeone91 don't people just leave there keys at there desk then?
I've never done that. Then again, I've always locked my office door if I'm not in it.
-
@Dashrender said:
@Aaron-Studer said:
@thecreativeone91 don't people just leave there keys at there desk then?
Leaving keys wouldn't be a problem for us, it's complaining that they have to carry a device around with them. But for the convenience of locking/unlocking their computer this sounds pretty interesting and cheap. I guess my only concern is how is the password stored? Are we sure that someone can't extract the password easily from their software?
The device is much smaller than it looks. It's much smaller than my car keyfob.
-
@Dashrender said:
@Aaron-Studer said:
@thecreativeone91 don't people just leave there keys at there desk then?
Are we sure that someone can't extract the password easily from their software?
It's not stored unencrypted in a config file or the registry. I think it would be just as easy to extract someones outlook saved credentials.
-
@thecreativeone91 said:
@Dashrender said:
@Aaron-Studer said:
@thecreativeone91 don't people just leave there keys at there desk then?
Are we sure that someone can't extract the password easily from their software?
It's not stored encrypted in a config file or the registry. I think it would be just as easy to extract someones outlook saved credentials.
It's not secure? so you found where it was storing them?
-
@Dashrender said:
@thecreativeone91 said:
@Dashrender said:
@Aaron-Studer said:
@thecreativeone91 don't people just leave there keys at there desk then?
Are we sure that someone can't extract the password easily from their software?
It's not stored encrypted in a config file or the registry. I think it would be just as easy to extract someones outlook saved credentials.
It's not secure? so you found where it was storing them?
Sorry Fixed that. No it was not in the Config file or registry.
