Passwordless Pre-Boot Authentication

MagicEndpoint offers pre-boot authentication without third-party devices

Protecting the endpoint

Many organizations employing Full Disk Encryption (FDE) have realized that protecting pre-boot authentication or Microsoft Windows login with a password is no longer an option.

Cyberattacks are becoming more persistent, driving organizations to increase their endpoint defenses to guard against ransomware and other threats. Multi-Factor Authentication (MFA) for endpoint login is fast becoming a standard cybersecurity insurance requirement.

Although Identity & Access Management (IAM) providers offer a convenient single sign-on (SSO) portal for remote applications, they leave the endpoint unprotected.

WinMagic offers an all-around solution that provides a secure, passwordless experience from pre-boot and OS login to the user’s online apps and services. The endpoint is protected with state-of-the-art security that aligns with zero-trust initiatives.

The software can be customized to support MFA with Push, OTP or SMS. For higher security for high-risk sectors, such as government, our authentication and encryption solutions support PIV cards and CAC authentication.

Endpoint-Centric Authentication

WinMagic has the broadest set of choices for pre-boot authentication and Windows login to match your organization’s needs to move to passwordless:

  • Passwordless Phone Authenticator via Bluetooth Low Energy (BLE)
  • Passwordless Phone Authentication via Network/IdP
  • Trusted Platform Module/ Personal Identification Number (TPM/PIN)
  • Smartcard/Personal Identity Verification Cards (PIV)
  • Yubikey
Passwordless Pre-Boot Authentication

Once the user is authenticated to the endpoint, can seamlessly provide “no user action” authentication to remote services, either directly or by acting as a delegated authentication service to your IAM.

Check out the simplicity of MagicEndpoint pre-boot authentication.

MagicEndpoint allows organizations to easily deploy customizable user authentication, including recovery and backup options for each.

 The Most Secure MFA

Unlike out-of-band (OOB) mobile authenticators, BLE connects to the endpoint locally when in proximity to the endpoint. This proximity provides a strong, phishing-resistant association between the authenticator and the endpoint.

With MagicEndpoint, users achieve pre-boot authentication using the MagicEndpoint Authenticator app via their mobile phone. The app then connects to the computer via Bluetooth to provide a high-assurance, cryptographically-enforced, MFA passwordless login to the endpoint. Users don’t have to enter anything on the endpoint for a truly passwordless experience. The authenticator app also works for Windows login.

Network-Based MFA

For organizations that can’t use Bluetooth for authentication, MagicEndpoint supports mobile push at PBA and at Windows Login for a consistent user experience.

 Using the TPM in Place of Tokens

The native TPM hardware on your computer is a good option for organizations that find external tokens and devices hard to manage. First, the user logs in at pre-boot using the TPM with a local PIN. Windows login is protected by the TPM and can be configured for SSO.

The TPM PIN offers strong security measures:

  • Localized authentication that can’t be attacked remotely
  • Hardware-based anti-hammering protection

 PIV/CAC Authentication

For organizations mandated to use PIV cards for access control, users access pre-boot using their PIV card. Windows Login is protected by the PIV card and can be configured to use SSO for the best user experience.

 MFA for IAM Solutions

MagicEndpoint offers IAM solutions, like Okta, integration for Windows login.
Click here to watch MagicEndpoint PBA with Okta.

MagicEndpoint from WinMagic is the passwordless authentication solution that protects access by focusing on the endpoint, for the user. It requires no user action and no third-party devices or keys. So, it’s seamless, secure and virtually invisible.

Authenticate. Encrypt. Achieve.