APC BIOM34-EC user manual Part 2. Use, Password Replacement, OmniPass Authentication Toolbar

WARNING: Depending upon how the SmartCard was initially configured, a limited number of failed PIN attempts may be enforced. If this is the case, and you exceed the maximum failed PIN attempts, the card may become locked and permanently unusable. To find out more, contact whoever configured your SmartCard for you, or the SmartCard manufacturer

If you are using a fresh SmartCard you will be greeted with a screen prompting you to establish your PIN. Please take note of this PIN, if you forget it you risk being locked out of your SmartCard. Enter your PIN in both fields and click Next. SmartCard Enrollment then directs you back to the next step of the OmniPass Enrollment Wizard, 2.2.4 Select Enrollment Device.

2.4.3If your SmartCard already contains data when you select it as a storage device (from 2.4.1 of SmartCard Enrollment), you will be warned that the current data on the SmartCard will be overwritten. This may also happen if you try to use a SmartCard as a storage device that is already being used as such by another OmniPass user. There is a limitation of one OmniPass user per SmartCard. To proceed, check the box next to I want to overwrite the SmartCard and click Next. SmartCard Enrollment then directs you back to the next step of the OmniPass Enrollment Wizard, 2.2.4 Select Enrollment Device.

Part 2. Use

You are now ready to begin using OmniPass. Used regularly, OmniPass will streamline your authentication procedures. For the credentials registered with it, OmniPass is a secure repository. In the event you forget any of those passwords, you can find them in OmniPass.

Part 2. Use covers basic OmniPass functionality. Review this section to quickly get familiar with the OmniPass functions you will most use. If your system is shared among several users (often the case in a home PC or SOHO environment) then you may find some additional useful features in Part 3. Configure.

Chapter 3. Password Replacement

You will often use the password replacement function of OmniPass. When you go to a restricted access website (e.g. your bank, your web-based email, online auction or payment sites), you are always prompted to enter your login credentials. OmniPass can detect these prompts and you can "teach" OmniPass your login credentials. The next time you go to that website, you can authenticate with OmniPass to gain access. OmniPass prompts you for your "master password", and that single password gains you access to any site you have "taught" OmniPass. Or you could login with any hardware authentication device you have enrolled into OmniPass. This functionality is not limited to restricted access websites. OmniPass can learn any set of credentials that you are prompted to provide (e.g. your Intranet email, your ftp login, any of your client logins, any restricted access network resource).

3.1 The OmniPass Authentication Toolbar

After installing OmniPass and restarting, you may have noticed a dialog you had not seen before at Windows Logon. This is the OmniPass Authentication Toolbar, and it is displayed whenever the OmniPass authentication system is invoked. The OmniPass authentication system may be invoked frequently: during Windows Logon, during OmniPass Logon, when unlocking your workstation, when resuming from standby or hibernate, when unlocking a password-enabled screensaver, during password replacement for remembered site or application logins, and more. You see the OmniPass Authentication Toolbar upon Windows Logon because the OmniPass authentication system is seamlessly integrated with Windows. When you see this toolbar, OmniPass is prompting you to authenticate.

The bold-faced text "File Encryption/Decryption Authentication",

Biometric Password Managers

next to the lock and keys icon, shows what OmniPass-restricted function you are attempting. The non-bold-faced text beneath may give you additional instructions regarding authentication. The icons in the lower left (fingerprint and key in this example) show what authentication methods are available to you. Selected authentication methods are highlighted while unselected methods are not. When you click the icon for an unselected authentication method, the authentication prompt associated with that method is displayed.

When prompted to authenticate, you must supply the appropriate credentials: an enrolled finger for the fingerprint capture window, a PIN for the SmartCard PIN prompt, your master password for the master password prompt (the key icon). Depending on your Authentication Rules (see 6.2 User Settings), you may have to satisfy several different authentication prompts to gain access (e.g. fingerprint AND SmartCard PIN).

3.2 Remembering a Password and …

Most examples of password replacement used in this document show the remembering of websites, but OmniPass can remember any set of credentials used to access any restricted resource. Any application you use, any GUI client, any password protected resource that manifests a password prompt, OmniPass can remember.

Using the following procedure, you can store a set of credentials into OmniPass. These credentials will then be linked to your "master password" or any enrolled authentication devices.

Go to a site that requires a login (username and password), but DO NOT LOGIN YET. At the site login prompt, enter your username and password in the prompted fields, but DO NOT ENTER THE SITE (do not hit Enter or click Submit or OK or Login). Right-click the OmniPass system tray icon and select Remember Password from the submenu. The Windows arrow cursor will change to a golden key OmniPass cursor. Click this OmniPass cursor in the login prompt area, but DO NOT CLICK the "Login" or "Submit" button.

3.2.1Associating a Friendly Name -- After clicking the OmniPass key cursor near the login prompt OmniPass will prompt you to enter a "friendly name" for this remembered site. You should enter something that reminds you of the website, the company, or the service you are logging into. In its secure database, OmniPass associates this "friendly name" with this website.

You can remember multiple different logins to the same password protected resource. To do this you must specify different friendly names for each set of credentials. If you use the same friendly name then OmniPass will overwrite the previous set of credentials associated with the application or website. If you have several credentials remembered for the same site, OmniPass will prompt you to select among the available friendly names.

3.2.2Additional Settings for Remembering a Site -- When OmniPass prompts you to enter a "friendly name" you also have the opportunity to set how OmniPass authenticates you to this site. There are three effective settings for how OmniPass handles a remembered site. The default setting is Automatically click the "OK" or "Submit" button for this password protected site once the user is authenticated. With this setting, each time you navigate to this site OmniPass will prompt you for your "master password" (or authentication device). Once you have authenticated with OmniPass, you will automatically be logged into the site. Less secure is the option to Automatically enter this password protected site when it is activated. Do not prompt for authentication. Check the upper box to get this setting, and each time you navigate to this site OmniPass will log you into the site without prompting you to authenticate.