click Enroll Authentication Device, and authenticate with OmniPass.
Select the fingerprint recognition device in the Select
Authentication Device screen (it should already be marked by a
green check if you have a finger enrolled) and click Next. The
rest of the procedure to enroll an additional finger can be
found starting with Chapter 2.3.2.
If you click Set Authentication Rules in the Enrollment interface,
you will be prompted to authenticate. Upon successful
authentication you will see the Set Authentication Rules screen.
The selections on the Set Authentication Rules screen determine
which OmniPass functions require authentication via an enrolled
security device.
You can individually set authentication rules for each enrolled
security device. If you have not enrolled any hardware security
devices, then you cannot set any authentication rules. All
OmniPass functions are accessible via a master password
authentication.
Setting Windows and OmniPass Logon will require the enrolled
security device be authenticated against for the following
functions: Windows Logon, OmniPass Logon, unlocking your
workstation, resuming from standby or hibernate, and
unlocking a password-enabled screensaver. In a Windows XP
environment, this selection may not be available until you Enable
Logon Security. See Chapter 6.3 to see how this is done.
WARNING: If this setting is enabled for an enrolled security
device, and the device fails or is removed from the system,
you will not be able to regain access to your system. Only
through a successful authentication via the enrolled device will
access be granted.
Example - You have a SmartCard device and a fingerprint
recognition device enrolled. The SmartCard authentication rules
are set independently of the fingerprint reader authentication
rules, but rules are cumulative.
1.If there are no selections checked for any enrolled
authentication devices, then there are no OmniPass
authentication restriction, and you can access any OmniPass
function using any method to authenticate (enrolled finger,
master password, enrolled SmartCard).
2. For SmartCard authentication rules you checked Windows
and OmniPass Logon and File and Folder Encryption and
Decryption. For fingerprint reader authentication rules you
checked Windows and OmniPass Logon and Application and
Website Password Replacement.
a. If you visit a remembered website, OmniPass will prompt
you to authenticate and will not grant you access to the
website until you successfully authenticate with an
enrolled finger. Successful authentications with master
password or enrolled SmartCard are not sufficient.
b. If you attempt to encrypt or decrypt a file with OmniPass,
you will be prompted to authenticate and OmniPass will
not allow you to encrypt/decrypt until you successfully
authenticate with an enrolled SmartCard. Successful
authentications with master password or enrolled finger
are not sufficient.
c. If you log out of Windows (or OmniPass) and attempt to
log back in, you will be prompted to authenticate and
OmniPass will not allow you to log back on until you
successfully authenticate with BOTH a fingerprint reader
AND a SmartCard. This dual authentication requirement
is a Multi-Factor Authentication. Successful authentication
with a master password, or with just the fingerprint
reader are not sufficient. Neither are successful
authentications with just the SmartCard. Loss or failure
of either the SmartCard or the fingerprint reader will
result in an inaccessible system.
6.3 System Settings
The OmniPass Startup Options interface can be found in the
System Settings tab. With these options you can specify how
your OmniPass Logon is tied to your Windows Logon.
In a Windows XP environment, the Enable Strong Logon Security
interface will also be available. This allows you to enable
restricted Authentication Rules functionality. If you would like to
further strengthen Windows and OmniPass logon security,
open the Enable Strong Logon Security interface and check the
cleared checkbox. Select OK or Apply, and you will need to
restart before the settings take effect. Under User Settings, you
will now be able to set the Authentication Rules for Windows and
OmniPass Logon.
The rest of this section pertains to settings under the Startup
Options interface.
The first option, Automatically log on to OmniPass as the current
user, will do just as it says; during Windows login, you will be
logged on to OmniPass using your Windows login credentials.
If the user logging into Windows was never enrolled into
OmniPass, upon login no one will be logged on to OmniPass.
This setting is appropriate for an office setting or any setting
where users must enter a username and password to log into
a computer. This is the default setting.
With the second option, Manually log on to OmniPass at startup,
OmniPass will prompt you to login once you have logged on to
Windows.
With the third option, Do not log on to OmniPass at startup, OmniPass
will not prompt for a user to be logged on.
You can manually log on to OmniPass by right-clicking the
OmniPass taskbar icon and clicking Log in User… from the right-
click menu.
OmniPass has a feature where any authentication device can
be set as "Required" for Windows Logon. This feature is referred
as Strong Logon Authentication.
For Strong Logon Authentication to work on Windows XP the
system has to be switched to the Classic Logon Mode. An
unfortunate side effect of enabling the Classic Logon Mode is
that Fast User Switching (FUS) and the XP Welcome Screen
must be disabled. This is a Windows XP limitation. To Enable
Strong Logon Authentication in OmniPass Control Center from
the System Settings Tab. Once you have enabled Strong Logon
Authentication you have to reboot the system for the setting
to take effect.
To get back to the XP Welcome Screen or to turn FUS back on,
the user will have to disable Strong Logon Authentication,
reboot the system and then manually enable the XP Welcome
Screen and FUS from the User Accounts in Windows Control
Panel. Once this is done the fingerprint reader or other security
device can no longer be made as a "Required" device for login
to the PC.
This feature is specific to Windows XP only. For Windows 2K
and 2003 Server Strong Logon Authentication is always
enabled.
6.4 Encrypt/Decrypt
The Encrypt/Decrypt tab provides a windows through which
you can do encryption and decryption functions (see Chapter
4). Similar to the Windows Explorer, the Encrypt/Decrypt
window presents the directory structure of your system. You
can select files and folders and use the Encrypt and Decrypt
buttons to encrypt and decrypt files. Some files and folders
used by the Windows system or by other programs cannot be
encrypted by OmniPass. Directing OmniPass to encrypt or
decrypt a file will result in OmniPass prompting you for
authentication. If you cannot authenticate successfully, the
file will not be encrypted or decrypted. You can bypass the
Encrypt/Decrypt tab by using the OmniPass encryption/
decryption shell extension. In the normal course of browsing
and accessing you files, if you right-click the file and see OmniPass
Encrypt File(s) or OmniPass Decrypt Files(s), those OmniPass
functions are available to you. Encryption/decryption will occur
upon successful authentication.
M.19
Biometric Password Managers