- No Suggestions
- No recommended searches
With support for Windows Hello™ and Windows Hello™ for Business, the VeriMark™ IT Fingerprint Key puts business-class security at your fingertips. Now, IT managers can easily manage employee access and permissions, reset passwords, and streamline the login process with the latest industry standard for fast and secure log in (and automatic single-sign-on) to Microsoft services on Edge.
Kensington takes pride in making our comprehensive installation guides easy to follow with simple illustrations and step-by-step instructions. This guide will walk you through setup and help you get to know your VeriMark™ IT.
Select your platform below to begin.
Please update operating system (Windows 10) before setting up Verimark. If using an online service for WebAuthn make sure you use the latest browser version (Edge, Chrome, Safari and Firefox.)
In most instances, the driver for VeriMark™ IT will automatically install when VeriMark™ IT is connected to a USB-A port on your computer. If for some reason the driver does not install upon VeriMark™ IT being connected to your computer (VeriMark™ IT is shown as “Unknown Device” within Device Manager), you can manually install the driver.
Answer: The VeriMark™ IT Fingerprint reader use Match-in-Sensor technology to isolate fingerprint operations away from the host OS in the sensor itself. Even if the host is completely compromised by a successful attack of any type or origin, it’s extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario. All biometric data is encrypted and digitally signed using strong 256-bit advanced encryption standard and transport layer security technologies to prevent eavesdropping, tampering or fraud.
Answer: The finger reader is not saving a picture of the fingerprint itself, it’s saving small strips of algorithmic template. These templates are physically locked into the device with special encryption and anti-spoofing; one-way conversion of biometric data into a proprietary template format prevents re-creation or reverse-engineering. If someone were to find a way to take it off the device, essentially will not be able to recreate it.
Answer: Accuracy: False Rejection Rate (FRR) 2%; False Acceptance Rate (FAR) 0.001% speed: 350ms single finger matching time.
Answers:
a. Win 7 and 8.1: Users can use Kensington Fingerprint Application to remove the fingerprint data. The application is bundled with the fingerprint driver. You can download the driver/application from here: https://www.kensington.com/software/VeriMark-setup/VeriMark-windows-7-8.1-setup/
b. Win 10: Users need to go to Windows 10 sign-in options, select Windows Hello Fingerprint, then select remove. Please note that you need to use the same PC of fingerprint enrolment to reset the fingerprint. If you register your fingerprint through multiple PCs, please go to each PC to do the fingerprint reset to make sure all of the data could be removed.
Answers:
a. CTAP1 is an older standard where the external authenticator is expected to be able to provide the second factor of authentication.
b. CTAP2 allows the external authenticator to be used as both a first and second factor of authentication and eliminates the dependency on passwords.
Answers:
a. In order for this to work the domain admin group that is a member of local administrators on user’s computer. For fingerprint login, admin has to enrol fingerprint with VeriMark™ IT on each system/machine in order to login such local system.
b. Learn more at: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.
Answers:
a. VeriMark™ doesn’t have a TPM at all (specific term to TPM, we do have the security mechanism in the ASIC (Application specific integrated circuit) The dongle communicates with TPM.
b. However, factory reset is possible. Clearing fingerprints can be done via the Windows Hello Fingerprint interface.
Answer: Yes, please reach out to tech support for the package.
Answer: If admins want to use VeriMark™ IT for elevated access on user laptops with WHFB (Windows hello for business) This feature enables provisioning of administrator Windows Hello for Business credentials that can be used by non-privileged accounts to perform administrative actions. These credentials can be used from the non-privileged accounts using Run as different user or Run as administrator. For more information please follow this link https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment
Have a question about biometric security? Need guidance with setup? Want to chat with a Kensington biometric security specialist? Just scroll and select the resource you need.
Connect with a Kensington product specialist.
Phone:
800-535-4242
Email:
care@kensington.com
Live chat:
Click the Live Chat tab on the right