Windows Protection

Overview

ThumbSignin provides an additional security layer to protect windows computers. The administrator of an organisation as to download and install the Thumbsignin Connector app in the windows PC.

Thereafter whenever the account holders tries to log in to their computer, a QR code is displayed as a second factor authentication once they provide the windows username and password. Scanning the QR code using the ThumbSignin mobile app and authenticating with their fingerprint will let the user to login into the computer.

This can significantly enhance the additional security of an enterprise computer and protect critical data from unauthorized access.

System Requirements

Client

  • Operating System: Windows 10 or later.
  • Processor: 1GHz or faster.
  • RAM: 2GB
  • Free hard disk space: 16MB
  • A Microsoft account and Internet access.

Server

  • Operating System: Windows Server 2008 R2 Standard or later.
  • Processor: Intel Core i5.
  • RAM: 4GB
  • Free hard disk space: 10MB

ThumbSignin also requires .NET Framework 4.0 or later. If the correct .NET version is not present on your system then the setup prompts you to install the .NET Framework.

Mobile

  • iOS 10.3 or above / Android Marshmallow or above.

ThumbSignin Supported Windows Authentication Platform

  • Active Directory(Domain based account)
  • Azure Active Directory.
  • LDAP
  • Local accounts.
  • Microsoft accounts.

Important notes

  • Windows user must have password to login to the computer even though they have enabled ThumbSignin as second factor authentication.
  • User can bypass ThumbSignin second factor authentication by restarting Windows in Safe mode.
  • In case lose or new mobile device registration:
    • AD / Azure AD / LDAP: Admin can reset the user authentication mobile device.
    • Others: Must login to Safe mode to recover.
  • ThumbSigninConnector.msi requires an admin access to install / uninstall.

Steps to install ThumbSignin

  1. Download and install ThumbSignin mobile app
  2. Login to Administrator account and then download ThumbSigninConnector.msi and install it on the required client machines.

Following are the screens with examples to show how ThumbSignin is protecting an enterprise windows machine.

Test the SETUP

Registration

Double click the ThumbSignin icon in the desktop to register with ThumbSignin by scanning the barcode.

Scan QR

Once the QR code is scanned, mobile app will ask the user to authenticate using the fingerprint.

Settings

After the successful fingerprint authentication, second factor authentication is enabled for the user.

Windows Login

The user submit the Windows credentials.

ThumbSignin Second-factor authentication

ThumbSignin QR code appears after the user successfully submit the Windows credentials. By scanning the QR code and authenticating the fingerprint user will be able to login into windows.

Windows Server

The Admin manages the second factor authentication for the domain users by creating a group called 2FA. Adding a user to this group will enable 2FA and removing the user from the group will disable 2FA.

Active Directory User list

Following are the list of available users under the domain controller domain.

Add user to 2FA group

To enable second-factor authentication for an user, admin can add the user to 2FA group.

Remove user from 2FA group

To disable second-factor authentication for an user, admin can simply remove the user from 2FA group.

Remove user access

To stop the user accessing the Windows pc delete the user account from the server or add to “ACCESS_DENIED” group. So that the user won’t even be able to login to the windows machine.

Windows Removed user account

Usually windows will take some time to sync, if the user has been removed from the organisation domain. ThumbSignin solution will take effect immediately whenever admin make changes.