Skip navigation Skip to footer
Welcome to the Kensington site. We've directed you here based on your current location.
Suggestions
  • No Suggestions

Security at your Fingertips

Fingerprint scanners come in flexible designs, are easy to enroll and deploy, and require little or no maintenance.

Verimark FAQs

  • 1. Biometric acronyms used
  • 2. What is Match on Host?
  • 3. What is Match in Sensor?
  • 4. How does our Biometric fingerprint works?
  • 5. Why is a biometric fingerprint reader useful?
  • 6. Reasons why to consider biometric fingerprint authentication
  • 7. Can I let multiple users sign-in to one Windows account and register different fingerprints?
  • 8. What happens if I lose my VeriMark™ Fingerprint Key? Can anyone steal my fingerprint data from it?
  • 9. What is FIDO?
  • 10. Which browsers support FIDO framework:
  • 11. What is the difference between FIDO (Fast Identity Online) and FIDO2?
  • 12. What is the difference between Windows Hello and Hello for business?
  • 13. What Technology is Used to Secure My Biometric Information?
1. Biometric acronyms used Chevron Icon

a. U2F: Universal Second Factor

b. 2FA: 2nd Factor Authentication

c. UAF: Universal Authentication framework

d. MFA: Multi Factor Authentication

e. W3C: World Wide Web Consortium

f. WebAuthn: Web Authentication

g. GPO: Group policy objects

h. MDM: Mobile device management

i. PIN: Personal identification number

j. AD: Active domain

k. FIDO: Fast identity Online

l. FIDO2: Latest generation of FIDO

m. CTAP: Client to Authenticator Protocol

n. CTAP2: Latest generation of CTAP

o. GDPR: General Data Protection Regulation

p. BIPA: Biometric Information Privacy Act

q. CCPA: California Consumer Privacy Act

r. FRR: False Rejection Rate

s. FAR: False Acceptance Rate

2. What is Match on Host? Chevron Icon

Answers:

a. Identifies the user by making a match with a known and secured “template” or record of the user’s fingerprint.

b. The functions performed in software include identification of fingerprint characteristics, creation of a secure biometric asset (the fingerprint template), storage of the asset, and matching a newly created fingerprint template with the one stored on the device. The host system also provides the security required to protect the integrity and privacy of the fingerprint data.

3. What is Match in Sensor? Chevron Icon

Answers:

a. Isolates fingerprint operations away from the host OS in the sensor itself.

b. Even if the host is completely compromised by a successful attack of any type or origin, it’s extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario

4. How does our Biometric fingerprint works? Chevron Icon

Answer: VeriMark™ Fingerprint sensors work by creating several templates using ridges and valleys on a finger. The information is then processed by the device’s pattern analysis/matching software, which compares it to the list of registered fingerprints.

5. Why is a biometric fingerprint reader useful? Chevron Icon

Answer: Fingerprint authentication replace the use of passwords, SMS and code verification. They are the one of the most fast and secure methods of authentication.

6. Reasons why to consider biometric fingerprint authentication Chevron Icon

Answers:

a. Unique to every user: A fingerprint consists of unique features such as ridges, valleys and minutiae points that are unique to an individual. It is almost impossible to replicate a fingerprint and it never changes with time unless there is an unusual occurrence.

b. Loss proof: Users often mistype or forget their PINs.

c. Security: All biometric data is encrypted and digitally signed using strong 256-bit Advanced Encryption Standard and Transport Layer Security technologies.

d. Speed: PIN authentication might take a few seconds or more if you use the wrong one whereas fingerprint recognition is a seamless, near-instant process.

e. Easy Enrollment: Most services requires a one-time enrollment of fingerprint desired to be used.

f. User Experience: It allows users to log in or authenticate in an easier faster and more secure way.

7. Can I let multiple users sign-in to one Windows account and register different fingerprints? Chevron Icon

Answer: Yes, one Windows account can register more than one fingerprint including that of multiple users, the maximum fingerprints eligible to register is 10 fingerprints.

8. What happens if I lose my VeriMark™ Fingerprint Key? Can anyone steal my fingerprint data from it? Chevron Icon

Answers:

a. You can login to your Windows account through your regular password or pin code as the backup until you are able to replace or find your VeriMark™ Fingerprint Key.

b. For U2F login, you can still use your regular password with OTP phone messages to login into your Google, Dropbox and other accounts.

c. Your fingerprint image/file has been changed into an encrypted file through a secure algorithm so that it can be stored in your laptops settings so you can purchase another VeriMark™ Fingerprint Key to continue use.

9. What is FIDO? Chevron Icon

Answer: FIDO is a “standard” technology term, like Wi-Fi, or Bluetooth. It works on any web browser and on all of your devices, including our smartphone, desktop, or laptop computer, tablet, or smartwatch. FIDO makes logging in to your online accounts much easier, while keeping your info safe from hackers. You can get more information from here: https://fidoalliance.org/

10. Which browsers support FIDO framework: Chevron Icon

Answer: Currently Internet Explorer Edge, Google Chrome, Mozilla Firefox and Safari are supported. Please see our support page for browser limitations.

11. What is the difference between FIDO (Fast Identity Online) and FIDO2? Chevron Icon

Answers:

a. FIDO: Provides stronger authentication using Universal Authentication Framework (UAF) and the Universal 2nd Factor (U2F). U2F devices use the public encryption key scheme to protect your account. The private key is stored exclusively on the U2F device and never leaves it, which makes it much more secure than SMS- and time-based 2FA methods.

b. FIDO2 : The updated and upgraded version of its original specifications. Easier adoption of secure, passwordless authentication for a wide range of online services and user devices. The main component of FIDO2 is Web Authentication (WebAuthn), developed in collaboration with the World Wide Web Consortium (W3C). WebAuthn is a set of standards and web application programming interfaces (APIs) that can add FIDO-based authentication to supported browsers and platforms.

12. What is the difference between Windows Hello and Hello for business? Chevron Icon

Answers:

a. Windows Hello is targeted towards individual consumers, it replaces a PIN used on your personal device. Devices using Windows Hello are normally not joined to a domain.

b. Windows Hello for business can be configured by GPO or MDM and uses a PIN backed by asymmetric (public/private key) or certificate-based authentication. By eliminating the use of hashes, the security is increased. To use this asymmetric key mode, you need to use Azure AD or implement a Windows Server 2016 domain controller or later.

13. What Technology is Used to Secure My Biometric Information? Chevron Icon

Answers:

a. Synaptics Technology (SentryPoint ® End to End Security) I will like mentioning the Synaptics technology and leveraging their trademark names since they are a big differentiator vs other brands in the market.

b. SentryPoint ®: Is a suite of security features for Synaptics fingerprint sensor solution.

c. SecureLink ™ , (enables a strong TLS 1.2 (communication channel encryption) / AES-256 (data encryption) all the way from the sensor to host.

d. PurePrint® Anti-Spoof technology (that can detect real fingers and fake fingers).

e. Match-in-Sensor ™ technology where the fingerprint template is securely matched on fingerprint sensor silicon itself this limits the data transfer to the host as a simple yes/no communication. Even then, the match result is also encrypted.

f. Quantum Matcher ™ “ algorithms, the chip features a 192 MHz processor, a hardware accelerated matcher.

How can we help?

Have a question about biometric security? Need guidance with setup? Want to chat with a Kensington biometric security specialist? Just scroll and select the resource you need.

Connect with a Kensington product specialist.

circle-talk-human.jpg

Phone:
800-535-4242

circle-livechat-human.jpg

Live chat:
Click the Live Chat tab on the right

 

VeriMark™

 

Innovation, quality, and trust have made Kensington® the standard in device security for more than 25 years. Kensington is expanding that expertise to data security by introducing the world’s first fingerprint security key to support Windows Hello™ and Fast IDentity Online (FIDO) universal 2nd-factor authentication (U2F) – the VeriMark™ Fingerprint Key. Engineered to provide simple, fast, and secure Windows logon and a seamless two factor authentication experience, the VeriMark™ Fingerprint Key protects against unauthorized access on compromised devices, while also offering unprecedented cybersecurity for today’s cloud-based world.

 

image_header-VeriMark.jpg

VeriMark™ Setup

Kensington takes pride in making our comprehensive installation guides easy to follow with simple illustrations and step-by-step instructions. This guide will walk you through setup and help you get to know your VeriMark™.

Select your platform below to begin.

Please update operating system (Windows 10) before setting up Verimark. If using an online service for WebAuthn make sure you use the latest browser version (Edge, Chrome, Safari and Firefox.)

Product_Image-VeriMark-section.jpg

 

Manually Installing the VeriMark™ Driver

In most instances, the driver for VeriMark™ will automatically install when VeriMark™ is connected to a USB-A port on your computer. If for some reason the driver does not install upon VeriMark™ being connected to your computer (VeriMark™ is shown as “Unknown Device” within Device Manager), you can manually install the driver.

 

Manual Driver Install

 

Verimark™ FAQs

  • 1. What is U2F
  • 2. I have a customer who wants to deploy VeriMark™, but they do not allow automatic software updates via Windows. Can they use VeriMark™?
  • 3. How to remove the fingerprint data in VeriMark™ and VeriMark™ IT on Windows OS?
  • 4. Which web services support FIDO U2F login?
  • 5. Can the same VeriMark™ be used on multiple computers?
  • 6. My laptop already includes a fingerprint scanner, why do I need VeriMark™?
  • 7. My device has built in facial recognition as part of Windows Hello, why should I use VeriMark™?
1. What is U2F Chevron Icon

Answer: U2F is the term from FIDO alliance, U2F (or Universal 2nd Factor) is an open authentication standard that enables keychain devices, mobile phones and other devices to securely access any number of web-based services. For more information, see U2F – FIDO Universal 2nd Factor.

2. I have a customer who wants to deploy VeriMark™, but they do not allow automatic software updates via Windows. Can they use VeriMark™? Chevron Icon

Answer: Yes, user can download drivers from our support website for Windows operating systems.

3. How to remove the fingerprint data in VeriMark™ and VeriMark™ IT on Windows OS? Chevron Icon

Answers:

a. Win 7 and 8.1: Users can use Kensington Fingerprint Application to remove the fingerprint data. The application is bundled with the fingerprint driver. You can download the driver/application from here: https://www.kensington.com/software/VeriMark-setup/VeriMark-windows-7-8.1-setup/

b. Win 10: Users need to go to Windows 10 sign-in options, select Windows Hello Fingerprint, then select remove. Please note that you need to use the same PC of fingerprint enrolment to reset the fingerprint. If you register your fingerprint through multiple PCs, please go to each PC to do the fingerprint reset to make sure all of the data could be removed.

4. Which web services support FIDO U2F login? Chevron Icon

Answer: There are various web services that support FIDO U2F 2nd factor authentication login, including: Google, Facebook, Dropbox, Github, Salesforce, twitter, and more. To learn more please follow our support page setup instructions.

5. Can the same VeriMark™ be used on multiple computers? Chevron Icon

Answers:

a. Yes. VeriMark™ uses Match on Host technology; It can be used on multiple computers, but the user must complete the fingerprint registration on each new device first.

b. VeriMark™ IT uses Match in Sensor technology; It can be used on any Windows 10 computer. The fingerprint registration does not need to be completed for each device because the fingerprint data is stored and encrypted on the dongle, but they do need to add the account to the machine first or use Windows Hello for Business under Azure.

6. My laptop already includes a fingerprint scanner, why do I need VeriMark™? Chevron Icon

Answers:

a. Depending on the age and specification of the laptop, the embedded fingerprint reader may not be as secure and reliable as VeriMark™(Swipe sensor Vs Area sensor) for Windows Hello authentication.

b. If the laptop is new and has a good quality fingerprint reader, this reader will often only be accessible when the device is open. VeriMark™ can be used even when the lid is closed (if connecting to external monitors with a dock/hub)

c. VeriMark™ also offers U2F functionality which built in fingerprint readers do not have and VeriMark™ IT offers FIDO2 support for many web services.

7. My device has built in facial recognition as part of Windows Hello, why should I use VeriMark™? Chevron Icon

Answers:

a. Facial recognition is not as secure and not as reliable as VeriMark™.

b. The FRR & FAR are better when using VeriMark™ fingerprint sensors

c. VeriMark™ offers a faster, more secure and overall, more reliable authentication

 

VeriMark™ IT

 

With support for Windows Hello™ and Windows Hello™ for Business, the VeriMark™ IT Fingerprint Key puts business-class security at your fingertips. Now, IT managers can easily manage employee access and permissions, reset passwords, and streamline the login process with the latest industry standard for fast and secure log in (and automatic single-sign-on) to Microsoft services on Edge.

 

image_header-VeriMarkIT.jpg

VeriMark™ IT Setup

Kensington takes pride in making our comprehensive installation guides easy to follow with simple illustrations and step-by-step instructions. This guide will walk you through setup and help you get to know your VeriMark™ IT.

Select your platform below to begin.

Please update operating system (Windows 10) before setting up Verimark. If using an online service for WebAuthn make sure you use the latest browser version (Edge, Chrome, Safari and Firefox.)

Product_Image-VeriMarkIT-section.jpg

 

Manually Installing the VeriMark™ IT Driver

 

In most instances, the driver for VeriMark™ IT will automatically install when VeriMark™ IT is connected to a USB-A port on your computer. If for some reason the driver does not install upon VeriMark™ IT being connected to your computer (VeriMark™ IT is shown as “Unknown Device” within Device Manager), you can manually install the driver.

 

Manual Driver Install

 

Verimark™ IT FAQs

  • 1. How does the Kensington VeriMark™ IT USB Fingerprint reader is able to secure the data?
  • 2. If the USB dongle is lost, will the “hacker” be able to retrieve the biometric data? Or use it for replay attacks?
  • 3. How accurate is the reader? Compared to Biometric on phone or laptop, how fast is this?
  • 4. How to remove the fingerprint data in VeriMark™ and VeriMark™ IT on Windows OS?
  • 5. CTAP1 vs. CTAP2
  • 6. Will Windows hello for business and VeriMark™ IT an admin can login on the different machines.
  • 7. Does VeriMark™ and VeriMark™ IT have a TPM sensor and also how does it get cleared after an employee is terminated?
  • 8. Are there .msi packages for drivers available for large deployments if computers policy does not allow for Windows updates?
  • 9. Can VeriMark™ IT be used for elevated access on users under Windows Hello for Business in an Active Domain deployment?
1. How does the Kensington VeriMark™ IT USB Fingerprint reader is able to secure the data? Chevron Icon

Answer: The VeriMark™ IT Fingerprint reader use Match-in-Sensor technology to isolate fingerprint operations away from the host OS in the sensor itself. Even if the host is completely compromised by a successful attack of any type or origin, it’s extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario. All biometric data is encrypted and digitally signed using strong 256-bit advanced encryption standard and transport layer security technologies to prevent eavesdropping, tampering or fraud.

2. If the USB dongle is lost, will the “hacker” be able to retrieve the biometric data? Or use it for replay attacks? Chevron Icon

Answer: The finger reader is not saving a picture of the fingerprint itself, it’s saving small strips of algorithmic template. These templates are physically locked into the device with special encryption and anti-spoofing; one-way conversion of biometric data into a proprietary template format prevents re-creation or reverse-engineering. If someone were to find a way to take it off the device, essentially will not be able to recreate it.

3. How accurate is the reader? Compared to Biometric on phone or laptop, how fast is this? Chevron Icon

Answer: Accuracy: False Rejection Rate (FRR) 2%; False Acceptance Rate (FAR) 0.001% speed: 350ms single finger matching time.

4. How to remove the fingerprint data in VeriMark™ and VeriMark™ IT on Windows OS? Chevron Icon

Answers:

a. Win 7 and 8.1: Users can use Kensington Fingerprint Application to remove the fingerprint data. The application is bundled with the fingerprint driver. You can download the driver/application from here: https://www.kensington.com/software/VeriMark-setup/VeriMark-windows-7-8.1-setup/

b. Win 10: Users need to go to Windows 10 sign-in options, select Windows Hello Fingerprint, then select remove. Please note that you need to use the same PC of fingerprint enrolment to reset the fingerprint. If you register your fingerprint through multiple PCs, please go to each PC to do the fingerprint reset to make sure all of the data could be removed.

5. CTAP1 vs. CTAP2 Chevron Icon

Answers:

a. CTAP1 is an older standard where the external authenticator is expected to be able to provide the second factor of authentication.

b. CTAP2 allows the external authenticator to be used as both a first and second factor of authentication and eliminates the dependency on passwords.

6. Will Windows hello for business and VeriMark™ IT an admin can login on the different machines. Chevron Icon

Answers:

a. In order for this to work the domain admin group that is a member of local administrators on user’s computer. For fingerprint login, admin has to enrol fingerprint with VeriMark™ IT on each system/machine in order to login such local system.

b. Learn more at: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.

7. Does VeriMark™ and VeriMark™ IT have a TPM sensor and also how does it get cleared after an employee is terminated? Chevron Icon

Answers:

a. VeriMark™ doesn’t have a TPM at all (specific term to TPM, we do have the security mechanism in the ASIC (Application specific integrated circuit) The dongle communicates with TPM.

b. However, factory reset is possible. Clearing fingerprints can be done via the Windows Hello Fingerprint interface.

8. Are there .msi packages for drivers available for large deployments if computers policy does not allow for Windows updates? Chevron Icon

Answer: Yes, please reach out to tech support for the package.

9. Can VeriMark™ IT be used for elevated access on users under Windows Hello for Business in an Active Domain deployment? Chevron Icon

9. Can VeriMark™ IT be used for elevated access on users under Windows Hello for Business in an Active Domain deployment?

Your feedback matters.

 

At Kensington, your satisfaction is important to us. We want to know about your experience with our products and value your input. Let us know what you think.

 

How would you rate your VeriMark™?

Questions? We're here to help.

Our Biometrics Team is here to help set you up for success.
Contact Us
Live chat by BoldChat