Kensington USB fingerprint reader for Windows Hello and FIDO/FIDO2 2FA

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.

PHolder

Well-known member
Sep 16, 2020
609
2
292
Ontario, Canada

I've ordered one (I have to import it via Amazon) to see how well it works. I have a Windows Hello camera from Intel (made by Creative) and it works well enough, but it doesn't do any FIDO. I am wondering if the Kengsinton device actually does FIDO or if it just integrates with support built in to Windows. More info to come after I get it (they claim delivery on Easter Sunday, I have my doubts that they'll pay the premium for delivery drivers to work on a public holiday.)
 

PHolder

Well-known member
Sep 16, 2020
609
2
292
Ontario, Canada
After a weird experience where my Amazon [import] parcel went to the post office instead of to my door, and where I had to provide proof of being age 19+ for some strange reason, I finally have my device.

Initial impressions are that it is very straightforward to install in Windows 10. Just plug it in... Windows will retrieve the drivers and install it with zero fuss. You do then need to configure it in the appropriate Windows Settings page. (Search for "Hello" in settings is the easiest way there.)

When you configure it Windows will require you to establish a PIN if you do not have one. I've always found this annoying, but whatever. You will train the device by pressing it with your finger multiple times in at least two "angles." Thereafter, your lock screen will say to touch the device to unlock the screen.

I haven't yet gone into trying it as a second factor on a web page, but since it appears to have a "lock icon LED" I think it should be possible to work similar to a Yubikey where it would flash when it is expecting you to authorize something.

It's very tiny, and the USB cable is pretty short and not removable (which kind of sucks to be honest.) It's a USB-A connctor on the end, which would mean dongletown for certain Mac users. (Assuming it also works with a Mac, which I don't actually know.) It really should have a USB-C connector on the back so you could replace the cable if you wanted. Like any modern device, there is no included manual, even though there is warranty documentation that warns you to read the manual before using it. You don't really need the manual though, and there are PDF's on the support site with instructions on how to configure usage with specific sites/apps.

I'll add more here later if I have anything new to add after I try using it for 2nd factor authentication.
 
  • Like
Reactions: Dave

danlock

Well-known member
Sep 30, 2020
131
44
Sit, FIDO, sit!
Good dog!
*woof!*

Does the fingerprint reader work with any finger other than the one(s) you trained it with? Does it detect a pulse in the fingertip/whatever you used as a way of determining whether it's a real finger/toe/etc.? (Sit, Ubu, Sit!)
 
Last edited:

PHolder

Well-known member
Sep 16, 2020
609
2
292
Ontario, Canada
whether it's a real finger
Well, their marketing isn't very helpful in talking about what they do... Question 13 from their FAQ says "anti-spoof" without them saying how.

13. What technology is used to secure my biometric information?
  1. Synaptics Technology (SentryPoint ® end-to-end security)
  2. SentryPoint ®: A suite of security features for the Synaptics fingerprint sensor solution.
  3. SecureLink ™: Enables a strong TLS 1.2 (communication channel encryption)/AES-256 (data encryption) from the sensor to the host.
  4. PurePrint®: Anti-spoof technology. Detects real fingers from fake fingers.
  5. Match-in-Sensor ™: Technology whereby the fingerprint template is securely matched on the fingerprint sensor silicon itself. This limits the data transfer to the host as a simple “yes/no” communication. Even then, the match result is encrypted.
  6. Quantum Matcher ™: The chip features a 192 MHz processor, a hardware accelerated matcher.
 
  • Haha
Reactions: danlock

danlock

Well-known member
Sep 30, 2020
131
44
  • PurePrint®: Anti-spoof technology. Detects real fingers from fake fingers.
I don't know how much detail goes into registered trademark applications, but searching for PurePrint might yield more details... hmm...