REVIEW – A few weeks ago, I tried to navigate to my own photography website and I could not. No matter how many times I tried, my link was being redirected to what appeared to be the website of a modeling agency. Upon further investigation, I found out that someone had managed to break into my WordPress account and basically, I had been hacked. Since then, I have activated 2-layer authentication on all of my WordPress accounts, even at the inconvenience of having to use an app each time I login in order to get the security code for the second layer of authentication. The entire process of locking everything down and using the app can be a pain, so I am very interested in the Kensington VeriMark™ IT Fingerprint Key and the security and convenience it offers.
What is it?
The Kensington VeriMark IT Fingerprint Key is a USB type dongle the adds a secure login layer to your computer and to some websites and services. It seamlessly supports Windows Hello and websites/services like Google, Dropbox, Outlook, etc., to manage passwords and access. It also supports Windows Hello for Business, Azure, Active Directory, Office 365, Skype, OneDrive, including Microsoft services on edge to support enterprise deployment.
What’s in the box
1 x Kensington VeriMark IT Fingerprint Key
1 x Warranty Booklet
1 x Instruction Leaflet
Design and features
Specifications
Operating System: Windows 7, 8.1, 10
Web Authentication: Windows 10 Only
USB Interface: USB 2.0/3.0 Type A
Software: Kensington Fingerprint Application Required (for Windows 7, 8.1)
Fingerprint Match-In-Sensor: Synaptics FS7600
USB Data Encryption: AES-256/SHA-256, SSLv3 for secure session establishment, TLS 1.2 secure communication
Features:
- Ideal for enterprise deployment and easily integrated into current IT infrastructure. Users keep their key for secure log in to popular services, while IT can easily manage employee access, privileges, and passwords.
- Enables the latest web standards approved by the World Wide Web Consortium (W3C). Authenticates without storing passwords on servers, providing business professionals more security, convenience, privacy, and scalability.
- Exceeds industry standards for False Rejection Rate (FRR 2%) and False Acceptance Rate (FAR 0.001%). Fingerprint data is secured in the sensor, so only an encrypted match result is transferred; versus match-on-host, where unsecured fingerprint data is transferred.
- Durable zinc alloy body with LED accepted/rejected indicator, and flared tail for easy grip.
- Designed to secure the fingerprint data it collects, and can be used to support a company’s cybersecurity measures consistent with (but not limited to) such privacy laws as GDPR, BIPA, and CCPA
The Kensington VeriMark IT Fingerprint Key is a small USB-A type dongle that is approximately 1″ long. On the outer surface, there is a black cover that includes the embedded fingerprint sensor. On one side of the long surface of the dongle, there is an LED that looks like a lock symbol. When accessing a website with it, it lights white when you use the correct fingerprint and red when you don’t.
On the other side of the dongle is the USB-A interface.
Performance
This IT security key is truly a plug and play device when using it with the Windows 10 OS. As the instructions indicate, Kensington software is required for use with Windows 7 and 8. Since all of my computers are Windows 10, that is my test platform. (I also have a MacBook Pro but that is not applicable here). I plugged the dongle into a USB-A port on my laptop, and I did notice that it sticks out quite a bit. I sometimes put away my laptop in my bag with the dongle still attached. It could snag or even come loose without me knowing.
The next step is to navigate to the Accounts section in the settings. The device shows up as Windows Hello Fingerprint in the Sign-on options. I selected it and clicked on the setup button. I then went through the paces of touching the biometric surface several times as instructed until it read and confirmed the surface of my finger. I tested the main login (Windows login) on my primary laptop and it worked perfectly. When I am at the Windows login screen I can select login options and in my case, I have the option to login via Facial Recognition, Password, PIN or Fingerprint. If I block the camera and it cannot see my face, I am then prompted to choose one of the 4 login options. The 4th icon on the right in the picture below is the fingerprint option.
I also set up the device with my Dropbox account. The Kensington website provided instructions for doing so. The setup was easy, and when I logged out of Dropbox and logged back in, the security process was in place. After entering my username and password and selecting login, I was then prompted to scan my finger and upon doing so, it logged me in. I tested the process numerous times and was successful each time.
The same process is also offered for other websites/services including Google, but I paused on trying it with Google because I use that account on many computers. The dongle has no capability for me to attach it to a keyring or something that would make it a worthwhile convenience and likely to be in my possession at all times. I do use my personal laptop at my desk during the day, but I do not want to find myself searching for it at inconvenient times, especially if it ends up falling somewhere between the contents in my EDC bag. Regardless, I will rethink this and possibly activate 2-layer security on my Gmail accounts even if not using this as the go-to device. I have set up some relevant websites with secondary 2-layer security options like using an Authenticator app so that I have an alternative to carrying the dongle with me. But then, one could question the need to have it at all. Its use is a personal choice including how you choose that have it fit into your workflow. It is, in my opinion, a process of balancing the dynamics of security and convenience, with this Key providing the nice advantage of not having to store any passwords on any servers should this be a part of an enterprise security solution.
The following video shows me trying to access my computer first using the wrong finger and then the right one. Notice the LED indicator on the device:
What I like
- The compact size
- The approach to security including the option of 2-layer authentication
- The seamless integration with the Windows OS
- Authenticates without storing passwords on servers
What I’d change
- Add MAC support
- Modify the design to be able to attach the dongle to a keyring or something else for safekeeping
Final thoughts
Account security and data security are major concerns for anyone who interacts via the internet. I have personally experienced security challenges even when I have used relatively complex passwords. The concept of having a portable hardware device/key that adds a layer of security that includes the benefit of not storing passwords on the computer is great. While I do see a few shortcomings with this device, I still think that for the cost it is a worthwhile addition, and if it’s application base can be increased to include many more websites/services, then bravo!!
Price: $59.99
Where to buy: Amazon
Source: The sample for this review was provided by Kensington.
Gadgeteer Comment Policy - Please read before commenting
Worth noting that it has FIDO2 support – which means it can be used as part of some 2-factor auth systems without them specifically having to support this device. (They just have to support the protocol.)
If you’re looking for Mac support and a keychain hole, take a look at Yubikey: https://www.yubico.com/products/yubikey-hardware/
This is only a Windows Hello fingerprint scanner. FIDO2 / WebAuthn support is provided by Windows 10 as a platform authenticator and not by the device. It only works on websites that accept platform authenticators (most do not), and you authenticate to Windows Hello with PIN / Face / Fingerprint (from this scanner). You can still log in to the same websites even without the scanner attached since the website only sees Windows Hello.