Windows smart card logon is a relatively new concept for many users even though it was released quite some time back. So before we jump on to the topic of how one can use it on Windows, let’s dial back and know what it is. It is a logon to increase a user’s IT security. Normally, most users try and set a strong and unique Windows password. However, according to cyber experts, even the strongest passwords are vulnerable to hacking. For instance, a study conducted by Deloitte in 2013 revealed that 90% of passwords generated by users can be easily hacked.
High-profile companies like Twitter, Apple, and Microsoft have been hacked. In Twitter’s case, the hackers could easily attack and get the usernames, email addresses, and encrypted passwords of 2,50,000 users. Thus, even though companies today don’t feel the need to put more effort into making their security tighter, then they need to think again. It is mostly the large MNCs that are attacked.
Why use Windows Smart card logon?
Using traditional usernames and passwords to authenticate to the corporate network brings risks. For example, users tend to use bi-passwords. The company’s IT security policy forces users to set complex passwords, which are often difficult to remember causing frustration and annoyance, for end users. Some users choose to write passwords on paper, or on post-its and place them under desks, or attach them to their monitor for all to see.
In worst-case scenarios, users forget their passwords, resulting in high help desk assistance which also adds high costs for organizations.
The Alternative: Smart card
The alternative to mitigate the risks imposed by using traditional usernames and passwords is Windows smart card log-on. It brings strong two-factor authentication, which is something you know plus, something you have. Two-factor authentication seeks to reduce the probability that the requester is presenting false evidence of their identity. It is also best practice, as recommended for Microsoft to use Windows mac logon.
Using smart cards bring additional benefits, in the form of enhancing IT security such as email, digital encryption, and email digital signature. Digital encryption of files, are authenticating to VPNs. Also, smart cards can be used to gain access to company building, as physical access devices. All of this extra usage for these cards ensure maximum return on investment when compared to other security devices.
What do you need to use a smart card?
In order to implement windows market logon, you will need three components. A public key infrastructure commonly referred to as PKI. Microsoft rolled certificate services to provide a PKI for the Windows environment. Secondly, you will need physical smart cards and a smart card management system to manage the employees’ smart cards throughout their lifetime. The V6 MST series is tailored for companies of all sizes to quickly implement Windows smart card logon with the minimum cost and the highest level of security.
How to deploy a Windows card?
You can issue a Windows card logon certificate from the v6 CMS administration console. Navigate to the lifecycle page, and click on the issue oval. Now select the card template which is pre-configured to connect to the active directory and certificate authority and tap on the executive button.
Type the operator passcode and click on Okay. During this process, the card will be registered and assigned to be user selected from Active Directory, and an issue with a smart logon certificate. On completion, a short summary is presented to the operator. The smart card can now be used.
How to create a smart card for user logon in active directory?
Step 1: Go to active directory users and computers. Then click on Oracle VM virtual box.
Step 2: Select New and click on user. A new dialog box will appear with new object user title.
Step 3: Enter first name and last name. Further, enter the user logon name. Add a new password and re-type the password to confirm.
Step 4: Click on next and then finish. The name will get added in the list of active directory users. Tap on it.
Step 5: Go to the account and click on Apply. Then again go to the users list and click on the newly created user. On the new dialog box, go to the email section and enter your email. In order to enroll smart card certificate, the user must have an email defined in the active directory.
Step 6: Furthermore, go to the run command and type certmgr,msc. The current user dialog box will appear. Click on trusted root certification authorities.
Step 7: Go to All tasks, advanced operations, and tap on enrol on behalf of. Select administrator as certificate. Click on Next and select VSCard user.
Step 8: Tap on Next again and then click on Enrol. Go to select user and locate your username.
Step 9: Click on Okay. Then a new dialog box will appear that will request you to insert a smart card to save the new certificate.
Step 10: Further, click on: I want to complete this action and your screen will go blank for a second. The Windows security dialog box will ask for a pin number.
Enter the pin to login
Step 11: Type the pin and click on Okay. As soon as you do this, the certificate enrolment will start. After sometime, the status will show as succeeded. Tap on close.
Step 12: Again on the windows server, Oracle VM virtual box, go to active directory users and computers.
Step 13: Click on devices and go to USB. Furthermore, click on CBM flash disk. You will see the command to press Ctrl + Alt + Del or use the system security.
Step 14: Windows will tell you to insert the card or press Ctrl + Alt + Del to begin. From the devices at the top, go to USB and click on USB settings. Tap on CBM flash disk.
Step 15: You will see a logon message, then the system will prompt you to enter the pin.
Step 16: Enter the administrator username and password. Then click on okay after entering the pin again. Wait for some time as your system completes the process. After completion, you can finally enter using the smart card.
Note: This method is applicable only to domain users and domain environments.
How to login in using Windows card?
In order to log in using the Windows smart card, you need to simultaneously press Ctrl + Alt + Del. From a workstation connected to a domain, attach a card and enter the smart card pin to authenticate and this completes the simple demonstration.
A smart card user can present their cards to a card reader. However, they can also attach them to a USB security token to the computer. Further, they have to choose the smart card option from the list of users on the logon screen. The identification of the user logging in can be automatically obtained from the certificate presented by the smart card. Enter the token or security pin of the smart card as and when it prompts.