Skip navigation Skip to footer
Welcome to the Kensington site. We've directed you here based on your current location.
Suggestions
  • No Suggestions

VeriMark™ IT Setup Guide

This guide will walk you through setup and help you get to know your VeriMark™ IT.

VeriMark™ IT

 

With support for Windows Hello™ and Windows Hello™ for Business, the VeriMark™ IT Fingerprint Key puts business-class security at your fingertips. Now, IT managers can easily manage employee access and permissions, reset passwords, and streamline the login process with the latest industry standard for fast and secure log in (and automatic single-sign-on) to Microsoft services on Edge.

 

Person using VeriMark IT on laptop

VeriMark™ IT Setup

Kensington takes pride in making our comprehensive installation guides easy to follow with simple illustrations and step-by-step instructions. This guide will walk you through setup and help you get to know your VeriMark™ IT.

Select your platform below to begin.

Please update operating system (Windows 10) before setting up Verimark. If using an online service for WebAuthn make sure you use the latest browser version (Edge, Chrome, Safari and Firefox.)

Product_Image-VeriMarkIT-section.jpg

 

Manually Installing the VeriMark™ IT Driver

 

In most instances, the driver for VeriMark™ IT will automatically install when VeriMark™ IT is connected to a USB-A port on your computer. If for some reason the driver does not install upon VeriMark™ IT being connected to your computer (VeriMark™ IT is shown as “Unknown Device” within Device Manager), you can manually install the driver.

 

Manual Driver Install

 

Verimark™ IT FAQs

  • 1. How does the Kensington VeriMark™ IT USB Fingerprint reader is able to secure the data?
  • 2. If the USB dongle is lost, will the “hacker” be able to retrieve the biometric data? Or use it for replay attacks?
  • 3. How accurate is the reader? Compared to Biometric on phone or laptop, how fast is this?
  • 4. How to remove the fingerprint data in VeriMark™ and VeriMark™ IT on Windows OS?
  • 5. CTAP1 vs. CTAP2
  • 6. Will Windows hello for business and VeriMark™ IT an admin can login on the different machines.
  • 7. Does VeriMark™ and VeriMark™ IT have a TPM sensor and also how does it get cleared after an employee is terminated?
  • 8. Are there .msi packages for drivers available for large deployments if computers policy does not allow for Windows updates?
  • 9. Can VeriMark™ IT be used for elevated access on users under Windows Hello for Business in an Active Domain deployment?
1. How does the Kensington VeriMark™ IT USB Fingerprint reader is able to secure the data? Chevron Icon

Answer: The VeriMark™ IT Fingerprint reader use Match-in-Sensor technology to isolate fingerprint operations away from the host OS in the sensor itself. Even if the host is completely compromised by a successful attack of any type or origin, it’s extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario. All biometric data is encrypted and digitally signed using strong 256-bit advanced encryption standard and transport layer security technologies to prevent eavesdropping, tampering or fraud.

2. If the USB dongle is lost, will the “hacker” be able to retrieve the biometric data? Or use it for replay attacks? Chevron Icon

Answer: The finger reader is not saving a picture of the fingerprint itself, it’s saving small strips of algorithmic template. These templates are physically locked into the device with special encryption and anti-spoofing; one-way conversion of biometric data into a proprietary template format prevents re-creation or reverse-engineering. If someone were to find a way to take it off the device, essentially will not be able to recreate it.

3. How accurate is the reader? Compared to Biometric on phone or laptop, how fast is this? Chevron Icon

Answer: Accuracy: False Rejection Rate (FRR) 2%; False Acceptance Rate (FAR) 0.001% speed: 350ms single finger matching time.

4. How to remove the fingerprint data in VeriMark™ and VeriMark™ IT on Windows OS? Chevron Icon

Answers:

a. Win 7 and 8.1: Users can use Kensington Fingerprint Application to remove the fingerprint data. The application is bundled with the fingerprint driver. You can download the driver/application from here: https://www.kensington.com/software/VeriMark-setup/VeriMark-windows-7-8.1-setup/

b. Win 10: Users need to go to Windows 10 sign-in options, select Windows Hello Fingerprint, then select remove. Please note that you need to use the same PC of fingerprint enrolment to reset the fingerprint. If you register your fingerprint through multiple PCs, please go to each PC to do the fingerprint reset to make sure all of the data could be removed.

5. CTAP1 vs. CTAP2 Chevron Icon

Answers:

a. CTAP1 is an older standard where the external authenticator is expected to be able to provide the second factor of authentication.

b. CTAP2 allows the external authenticator to be used as both a first and second factor of authentication and eliminates the dependency on passwords.

6. Will Windows hello for business and VeriMark™ IT an admin can login on the different machines. Chevron Icon

Answers:

a. In order for this to work the domain admin group that is a member of local administrators on user’s computer. For fingerprint login, admin has to enrol fingerprint with VeriMark™ IT on each system/machine in order to login such local system.

b. Learn more at: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.

7. Does VeriMark™ and VeriMark™ IT have a TPM sensor and also how does it get cleared after an employee is terminated? Chevron Icon

Answers:

a. VeriMark™ doesn’t have a TPM at all (specific term to TPM, we do have the security mechanism in the ASIC (Application specific integrated circuit) The dongle communicates with TPM.

b. However, factory reset is possible. Clearing fingerprints can be done via the Windows Hello Fingerprint interface.

8. Are there .msi packages for drivers available for large deployments if computers policy does not allow for Windows updates? Chevron Icon

Answer: Yes, please reach out to tech support for the package.

9. Can VeriMark™ IT be used for elevated access on users under Windows Hello for Business in an Active Domain deployment? Chevron Icon

Answer: If admins want to use VeriMark™ IT for elevated access on user laptops with WHFB (Windows hello for business) This feature enables provisioning of administrator Windows Hello for Business credentials that can be used by non-privileged accounts to perform administrative actions. These credentials can be used from the non-privileged accounts using Run as different user or Run as administrator. For more information please follow this link https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment

Biometric Security

Have a question about biometric security? Need guidance with setup? Want to chat with a Kensington biometric security specialist? Just scroll and select the resource you need.

Connect with a Kensington product specialist.

circle-talk-human.jpg

Phone:
800-535-4242

circle-livechat-human.jpg

Live chat:
Click the Live Chat tab on the right

Live chat by BoldChat