I just got a new PC and went to install ISLog, that has been working for me with my xNT for years… and It’s GONE?! HID appears to have bought them, and the ISLog Login project is gone? Then I see EIDAuthenticate as an option… but it’s been removed as well due to a Windows 10 security issue with it?
So now I’m stuck. Has anyone gotten NFC Windows login working without either?
It’s paid, but many here use Rohos Login Key for windows I believe.
Of course, there’s always the KBD-1 too.
It’s paid, but many here use Rohos Login Key for windows I believe.
There is a free trial that says it “expires” after 15 days, but mine hasnt expired after 2+ months so 
Not a fan of the KBD-1 solution. I saw a mention of Rohos in the forum, but I didn’t see a mention of NFC in their specs. I’ll try it out, thanks!
dunno if you’ve seen this, but may help:
Anyone interested in forking
Do you need to fork it?
They aren’t providing source code to any windows authentication systems there instead they are providing libraries to abstract RFID readers (and a door entry system). Or am I missing something?
What I assume people are looking for is an alternative to the proprietary “islog logon” software.
I agree. The source we want isn’t there. I tried to ping Maxime tonight to see if there is an archive or another fork. If I find anything favorable I will update here.
nope, i missed that.
Hey all! Maxime got back to me, and there is an archived version!
"Hi Patrick,
Indeed ISLOG Logon product has been deprecated by HID Global.
You can still download the latest archives on the following links for now:
https://download.islog.com/islog/5.0/ISLOG%20Logon%20NFC%20Community-5.0.1.0824-x86.exe
https://download.islog.com/islog/5.0/ISLOG%20Logon%20NFC%20Community-5.0.1.0824-x64.exe
Hope it helps,
Maxime"
Excellent work!
Snagged and posted here because I have no idea how long those links might work.
I installed the x64 version and didn’t seem to get an ISLOG Logon option at the lock screen on Windows 10. Multiple reboots and service restarts later, not working. I can run the ISLOG Logon configuration program to define my reader but that’s about it. I responded to Maxime to see if she’d give me tips, but not holding my breath since it’s deprecated.
Yeah I think maybe they sabotaged it or something… this shit is busted… just tried for a long time to get it working. Their file paths are open though…
https://download.islog.com/islog/5.0/
Perhaps one of the older versions still accessible does still work? I don’t have time to plow through the older versions… especially since the latest version of ISLOG seems to not want to uninstall… I had to rip it out manually … and that was a pain I don’t want to have to duplicate again.
I found an old 4.8 version On another hard drive and it has a extra step to install the logicallibaccess middleware. That is not in the 5.0 version. That said, I still can’t get it working. It will allow me to enter a username and password to enroll my tag but then after I lock it wants to re-enroll again. It’s not remembering the initial enrollment.
hrm… i honestly remember it working a loong long time ago… but … i also seem to remember through the dusty haze of my memory that it actually attempted to write something to the tag… maybe not… i honestly used it literally once to confirm it worked, then never again.
Oh, I never had luck with tag writing, but at least I could enroll the serial ID once after a reboot and it would remember it after that.
Maxime from past ISLOG (RIP 
) here. I have left the company after all products from my team was deprecated… and started again with fresh technologies.
A replacement for ISLOG Logon now exists, named Leosac Desktop Authentication, and should work with your chips.
It’s free up to 3 users (cards) and currently on restricted distribution to handle feedback properly. I’m going back to this community in case such software requirement still exist?
https://leosac.com/desktop-authentication/
We’ve been recommending Rohos, but I’ll definitely check this out.
What is really needed, in my opinion, is a way to use an actually secure method via PC/SC to authenticate Windows accounts (local machine accounts, domain accounts, and online accounts) without doing some kind of password sync methodology. VivoKey Apex would be the focus for this since various secure applications can be loaded to the Apex like FIDO2, PGP, HMAC-SHA1, etc.
I’m sure this can be done for SAM accounts on the local machine, but perhaps not for online accounts (Windows Hello maybe?). I’m not sure how the Windows authentication landscape has changed since ye olde Credential Providers a la Windows 7 days.
Thanks amal.
Good point with password, issue is the exposed API and the technology behind (NTLM / Kerberos) which only support authentication with a password or a certificate. In practice without major changes, new mechanisms or extension capabilities from Microsoft, the only other solution than using / caching the password is the smart card. All other solutions are just ‘wrapping’ it. Such PKI over the RFID/NFC chip exists since a while now and in that case it works like a charm with the native smart card authentication on Windows (no needs for something more than the smartcard middleware). But it’s different chips, much more expensive even after a decade.
For intermediate grade security with proprietary authentication mechanisms or more standardized ones (FIDO2, …) you still need something on top for the password /certificate provisioning to the Credential Provider. I was expecting new authentication mechanisms for Credential Provider with Microsoft Entra but it didn’t happened or I’ve missed it. The technical documentation is highlighting a workflow (How Windows Hello for Business authentication works) which is not possible with the official Credential Provider API without a lot of encapsulation and changing the authority server. That’s probably what Entra is btw… but it is also a lot more of changes than “just adding an additional authentication method to the system” here. See anything else?
We’re definitely interested in smartcard middleware for non-domain associated Windows computers. We have a GIDS applet already for the Apex product but would like to use PGP or possibly PIV instead. My primary interest right now would be to enable the native Windows support for contactless smartcards running GIDS, PGP, or PIV applets.
Should we have a chat?