Windows RFID Login Credential Provider
Hi again! In my previous post, I demonastrated how to use RFID cards to add extra layer of security for logging into Linux systems using PAM modules. In this post, I'm going to show you how I managed to do same thing for Windows.
Credential Providers for Windows is similar to PAM (Pluggable Authentication Module) for Linux. So I managed to copy/paste a lot of code from Linux project to Windows port of it. For example, for encryption/decryption I used OpenSSL with almost same code in Windows module too.
I've uploaded entire project here.
To use this module in Windows, first of all you need to store your Windows username and password encrypted with AES256 in your disk. For this purpose, AuthGen project, will do all the job:
You can run AuthGen with following parameters:
AuthGen 32bytePasswordAsFirstParam NTUsername NTPassword
You can use StrongPasswordGenerator to generate a 32 byte (256bit) password. You can also read more on how to choose a strong password at CloudWards Also you need to provide username and password for the account you want to automate login process using RFID card. After providing all parameters to AuthGen, it will store encryption key (256 bit) in RFID card and encrypted username/password combination in the disk.
Now you need to install Credential Provider DLL. Simply run install.bat, it will copy DLL into System32 folder and will make all necessary changes to registry.
Next time you reboot, if you put your RFID card over reader, you should see this screen:
Now just by clicking over RFID icon, you should log into windows automatically.