Today I had the pleasure of presenting at the Oxford ICTF Conference on Multi-Factor Authentication and Password Stores with Smart Cards and YubiKeys, the video recording is online now here – https://youtu.be/WGtCxS2YFNA and the presentation can be downloaded through the link below.
Presentation.pdf (5.5 MiB, 568 hits)
Looking for some fun ways to get more out of your your Smart Card deployment? If so have you tried……?
- Use Smart Cards to login to your Servers via Remote Desktop
- Use Smart Cards with the PowerShell Get-Credential Commandlet
- Use Smart Cards with your Firewall for single sign on
- Use Smart Cards to login to IIS Web Applications (just a box to tick and a radio option to select)
- Store multiple identities on your Smart Card and assign different (and perhaps more complex) PINs to the identities
Have a look at the screen shots below for some more details…
If you are looking for a free tool to manage some of the more intricate features of the Gemalto IDPrime .NET and MD cards then the Mini-Driver Manager (downloadable from http://www.gemalto.com/products/dotnet_card/resources/development.html) may well fit the bill. However it has one small downfall in that out of the box it only allows you to manage cards with the Admin Key set to 48 0s or 48 Fs with neither option being much use to anyone once they have changed the Admin PIN.
Luckily these values are only set in a INI file so its pretty easy to change them to anything else.
Please note that this guide uses a feature in Notepad++ to elevate an application to have local Admin access, you can download Notepad++ from https://notepad-plus-plus.org however you could also use plain old Notepad you’ll just need to launch it as an Administrator and browse to the INI file within Notepad.
On with the guide!!
So after meaning to play with Smart Cards in greater detail for some time we’ve just received a set of cards and accessories from Smartcard Focus (http://www.smartcardfocus.com/) including….
- Gemalto GemPC Shell Token V2 (IDBridge K30) (a USB dongle style Smart Card reader which you can see in the screen shot sequence below)
- Gemalto IDPrime .NET smartcard – SIM cut (to go in the IDBridge K30)
- Gemalto IDPrime .NET card – just your standard Smart Card
- Omnikey 3121 – just your standard Smart Card reader
One of the first things I wanted to do was get PIN complexity and policy defined; the chaps over at Gemalto provide a number of tools which can be used to manage the cards which can be downloaded from the links below…
So time to get on with the guide (which also shows you which downloads are needed from the links)!
48 0s typed out… 🙂