token2/fido2unpluglock
0
0
Fork 0
mirror of https://github.com/token2/fido2unpluglock.git synced 2026-03-13 11:12:24 -07:00
Code Issues Packages Projects Releases Wiki Activity
9 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Token2 b528e39e4d Update README.md
2024-03-04 20:04:41 +01:00
README.md
Update README.md
2024-03-04 20:04:41 +01:00
t2lock.ps1
Create t2lock.ps1
2024-03-04 19:55:13 +01:00

README.md

FIDO2 Unplug Lock

A tool to lock a Windows10/11 workstation when a FIDO2 key is unplugged

Securing company assets is vital in the contemporary digital sphere. A potent method to achieve this goal is by deploying automatic computer lockout upon the removal of a FIDO2 key. Although this functionality is inherent in Microsoft environments for smart cards, this project will provide a solution to broaden this safeguard to FIDO2 security keys for systems that have implemented Passwordless access to Windows workstations.

An open-source solution

According to our research, such solutions exist, but they are either vendor-locked or require payment and are proprietary. Our goal is to offer a free and open-source solution that will be compatible with any FIDO2 security key, not limited to the ones provided by Token2.

About Token2

Token2 is a cybersecurity company specialized in the area of multifactor authentication. Founded by a team of researchers and graduates from the University of Geneva with years of experience in the field of strong security and multifactor authentication, Token2 has invented, designed and developed various hardware and software solutions for user-friendly and secure authentication. Token2 is headquartered in Geneva, Switzerland.

Token2 is a member of FIDO Alliance, and implements the FIDO protocols (UAF, U2F, WebAuthN and CTAP) on its hardware security keys as well as its software solutions.

Compiling and using the PowerShell version

The first option is the simple script (t2lock.ps1) created with PowerShell. It is ready to be used as is, however, as the principle of the solution is to constantly monitor the devices that have been unplugged, the best way would be to create an exe file out of it.

This can be done by using the ps2exe module. Install the module and simply run:

Invoke-ps2exe .\t2lock.ps1 .\t2lock.exe

This will give you an executable that you can deploy to your machine and make sure it is run at startup. Quitting the app will be possible only by killing it in the Task Manager.

TO-DO

  • A feature (or separate 'management' app) that will create a systray icon context menu allowing to see if the t2lock.exe is running and allowing you to quit it more conveniently.
  • An option to give a choice to log off in addition to lock the workstation
  • Make sure the exe cannot be launched twice
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 40 KiB
Languages
PowerShell 100%