We use cookies on our website to give you the best user experience.

By continuing to use our website, you agree to our Privacy Notice, Legal Notice, and Cookie Notice. You also agree to the use of cookies to enable us to, among other things, optimize and personalize the website for you, and to monitor and record activities and communications to, from, and on the website.  You can opt-out of non-essential cookies any time using the Do Not Sell or Share My Personal Information button in the footer.

Skip to Content Skip to footer
Welcome to the Kensington site. We've directed you here based on your current location.
United States Change Location

Suggestions

  • No Suggestions

Recommended Products

Chevron Icon
  • No recommended searches

Related Articles

Chevron Icon
  • No Related Articles
View All Related Articles Icon/Chevron

Site Pages

Chevron Icon
  • No Related Site Pages
View All Site Pages Icon/Chevron

VeriMark™ IT Setup Guide

This guide will walk you through setup and help you get to know your VeriMark™ IT.
Shop VeriMark™ IT Fingerprint Key

VeriMark™ IT

 

With support for Windows Hello™ and Windows Hello™ for Business, the VeriMark™ IT Fingerprint Key puts business-class security at your fingertips. Now, IT managers can easily manage employee access and permissions, reset passwords, and streamline the login process with the latest industry standard for fast and secure log in (and automatic single-sign-on) to Microsoft services on Edge.

Person using VeriMark IT on laptop

VeriMark™ IT Setup

Kensington takes pride in making our comprehensive installation guides easy to follow with simple illustrations and step-by-step instructions. This guide will walk you through setup and help you get to know your VeriMark™ IT.

Please update operating system (Windows 10) before setting up Verimark. If using an online service for WebAuthn make sure you use the latest browser version (Edge, Chrome, Safari and Firefox.)

VeriMark IT on white background

 

Manually Installing the VeriMark™ IT Driver

 

In most instances, the driver for VeriMark™ IT will automatically install when VeriMark™ IT is connected to a USB-A port on your computer. If for some reason the driver does not install upon VeriMark™ IT being connected to your computer (VeriMark™ IT is shown as “Unknown Device” within Device Manager), you can manually install the driver.

 

Manual Driver Install

 

Windows 11 icon

Windows 11

 

Dashline icon

Dashlane

 

Microsoft Azure icon

Microsoft Azure Active Directory

Windows icon

Windows 10

 

Dropbox icon

Dropbox

 

Microsoft Edge icon

Microsoft Edge

1password icon

1password

 

LastPass icon

LastPass

 

Microsoft Services icon

Microsoft Services

Verimark™ IT FAQs

  • 1. How does the Kensington VeriMark™ IT USB fingerprint reader secure data?
  • 2. If the USB dongle is lost, will a “hacker” be able to retrieve the biometric data? Or use it for replay attacks?
  • 3. How accurate and fast is the fingerprint reader?
  • 4. How do I remove the VeriMark™ or VeriMark™ IT fingerprint data in Windows OS?
  • 5. CTAP1 versus CTAP2 — what’s the difference?
  • 6. Will Windows Hello for Business and VeriMark™ IT allow an admin to log in to different machines?
  • 7. Does VeriMark™and VeriMark™ IT have a TPM sensor? If so, how is it cleared after an employee leaves the organization?
  • 8. Are there .msi driver packages available for large deployments if policy does not allow for Windows updates?
  • 9. Can VeriMark™ IT be used for elevated access on users under Windows Hello for Business in an Active Domain deployment?
1. How does the Kensington VeriMark™ IT USB fingerprint reader secure data? Chevron Icon
  1. The VeriMark™ IT fingerprint reader uses Match-in-Sensor technology to isolate fingerprint operations in the sensor itself, away from the host OS. Even if the host is completely compromised by a successful attack of any type or origin, it is extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario. All biometric data is encrypted and digitally signed using strong 256-bit Advanced Encryption Standard (AES) and Transport Layer Security (TLS) technologies to prevent eavesdropping, tampering, or fraud.
2. If the USB dongle is lost, will a “hacker” be able to retrieve the biometric data? Or use it for replay attacks? Chevron Icon
  1. The fingerprint reader does not save a picture of the fingerprint itself. It saves a template of the fingerprint. These templates are physically locked into the device with encryption and anti-spoofing technology; one-way conversion of biometric data into a proprietary template format prevents re-creation or reverse-engineering.
3. How accurate and fast is the fingerprint reader? Chevron Icon
  1. Accuracy: False Rejection Rate (FRR) 2%; False Acceptance Rate (FAR) 0.001%
  2. Speed: 350ms single finger matching time
4. How do I remove the VeriMark™ or VeriMark™ IT fingerprint data in Windows OS? Chevron Icon
  1. Win 7 and 8.1: You may use the Kensington fingerprint application to remove the fingerprint data. The application is bundled with the fingerprint driver. You can download the driver/application here: https://www.kensington.com/software/VeriMark-setup/VeriMark-windows-7-8.1-setup/
  2. Win 10: Go to Windows 10/11 sign-in options, select Windows Hello Fingerprint, then select Remove. Please note that you must use the same PC used for fingerprint enrolment to remove the fingerprint. If you registered your fingerprint through multiple PCs, you must remove it from each PC.
5. CTAP1 versus CTAP2 — what’s the difference? Chevron Icon
  1. CTAP1 is an older standard where the external authenticator is the second factor of authentication.
  2. CTAP2 allows the external authenticator to be used as both a first and second factor of authentication, eliminating the need for passwords.
6. Will Windows Hello for Business and VeriMark™ IT allow an admin to log in to different machines? Chevron Icon
  1. In order to login to different machines, the admin must be a local administrator on the host computer. Learn more at: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base
7. Does VeriMark™and VeriMark™ IT have a TPM sensor? If so, how is it cleared after an employee leaves the organization? Chevron Icon
  1. VeriMark™does not have a TPM sensor. The dongle communicates with TPM.
  2. Factory reset is possible. Clearing fingerprints can be done via the Windows Hello fingerprint interface.
8. Are there .msi driver packages available for large deployments if policy does not allow for Windows updates? Chevron Icon
  1. Yes, please reach out to Tech Support for the package.
9. Can VeriMark™ IT be used for elevated access on users under Windows Hello for Business in an Active Domain deployment? Chevron Icon
  1. This feature enables provisioning of administrator Windows Hello for Business credentials that can be used by non-privileged accounts to perform administrative actions using Run as Different User or Run as Administrator. For more information, please follow this link: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment

Biometric Security

Have a question about biometric security? Need guidance with setup? Want to chat with a Kensington biometric security specialist? Just scroll and select the resource you need.

Connect with a Kensington product specialist.

We are here for you!

Get Support