Basics of GateKeeper Proximity for End Users

What is GateKeeper Proximity?

GateKeeper Proximity is a faster method of authentication while maintaining stronger security through continuous authentication and automatic proximity locking. Contactless, wireless, passwordless, hands-free login.  GateKeeper is proximity-based 2FA access control for computers and websites instantly and securely - it includes centralized password management, OTP, location-based auditing, and reporting all in one solution. GateKeeper uses Bluetooth Low Energy wireless technology to authenticate users on to computers and eliminates password memorization for computer and web logins. This protects endpoints on the network and users' credentials. Compliance simplified.

What is GateKeeper proximity authentication?

 

What features does GateKeeper Proximity have?

GateKeeper Proximity is a 2FA solution, password manager, audit system, and proximity lock mechanism in one. The GateKeeper proximity software comes in 2 versions: personal (free) and enterprise (subscription).

The personal version is free and for single users. The enterprise version is for organizations looking to centralize credential management under an IT admin and requires a per user subscription.

Features of the free GateKeeper software for single users include

Single user license per workstation
Bluetooth-based proximity authentication
Two-factor authentication
Biometric authentication (separate hardware)
Auto-lock based on proximity
Windows Login
macOS Login
Remote desktop access
GateKeeper Password Manager

*Hardware *token and USB receiver sold separately.

 

How does GateKeeper Proximity work?

GateKeeper consists of a software application that runs on the computer (GateKeeper Client), a USB proximity sensor to enable Bluetooth Low Energy communication for the computer, a wireless token (GateKeeper Halberd hard token or Trident app), and computer username with password.

Once the Client application is installed on an end user's computer, the user can register a GateKeeper hard or soft token with it, and associate a domain or local credential with it. Now, when the GateKeeper token is brought close to the computer, the user can log in either automatically or using 2FA/MFA. When the token moves out of range, the computer will automatically lock.

 

What operating systems is GateKeeper compatible with?

The GateKeeper desktop application is compatible with operating systems (OS) Microsoft Windows 7, Windows 8, Windows  8.1, Windows 10, macOS 10.13.x, and macOS 10.14. Any tablets/thin clients running on these operating systems will work with GateKeeper. Android versions 7 and up can use the GateKeeper Trident mobile app.

Thin clients also work with GateKeeper (Windows OS (Windows 10, Windows 8, Windows 7, Windows Embedded 7, and Windows Embedded 10).

 

Is GateKeeper Proximity software free?

The GateKeeper Proximity software comes in 2 versions: personal (free) and enterprise (subscription). The free version of the GateKeeper Client desktop application allows individual users to secure their computers at home. Advanced features such as multiple computers require an enterprise subscription.

 

Is there a mobile application for GateKeeper?

Yes, GateKeeper Trident for Android. Download the GateKeeper Trident app on the Google Play Store for free to turn your Android phone into your GateKeeper proximity token. GateKeeper Trident is a smartphone application that turns your phone into your software authenticator token that allows you to access and secure your computer and web passwords without the inconvenience of memorizing and typing passwords. GateKeeper Trident pairs your phone to the GateKeeper Client desktop application and can lock/unlock your computers and websites based on your phone's (soft token) proximity. GateKeeper Trident mobile app for wireless proximity authentication is compatible with Android version 7.0 and up for authentication into Windows and Mac computers and websites.

Turn your Android smartphone into your computer key.

 

 

What are the different components of GateKeeper?

GateKeeper Halberd key fob:

The Halberd proximity token is your wireless key to your computer and website - a password caddie. GateKeeper Halberd is a wireless Bluetooth low energy hardware token (wireless key fob) that provides fast and secure access to your computer and websites. It works alongside the GateKeeper Client application to determine the proximity of the user to their computer and allows the application to log on and off the computer (and websites) based on presence automatically. Every user requires a GateKeeper token.

GateKeeper Trident Android app:

GateKeeper Trident is a smartphone application that turns your phone into your software authenticator token that allows you to access and secure your computer and web passwords without the inconvenience of memorizing and typing passwords. It pairs your phone to the GateKeeper desktop application and can lock/unlock your computers and websites based on your phone's (soft token) proximity. Download for free from the Google Play Store.

GateKeeper USB proximity sensor:

The GateKeeper USB receiver comes with every GateKeeper Halberd token. To ensure the most optimal automated proximity authentication experience, it is highly recommended that GateKeeper USB sensors (receivers) be used instead of a PC's internal Bluetooth. This is because different computers have different Bluetooth chips placed in different areas. One computer's Bluetooth signal will be stronger than another. This will create erratic lock and unlock events. This can be avoided by using GateKeeper USB proximity sensors. Every workstation requires two or more GateKeeper USB sensors.

GateKeeper Client desktop application software:

The GateKeeper Client desktop application software pairs the GateKeeper token (key) to the user’s credentials (domain/local, web). Once connected to the user’s token, the desktop application automatically locks/authenticates the computer based on the user’s proximity. Every workstation requires GateKeeper Client installed to authenticate using GateKeeper.

GateKeeper Password Manager for web browsers:

The GateKeeper Enterprise password manager utilizes continuous authentication through presence-detection to ensure that the user is always present when using their password manager. Other password managers simply lets the user log in once and gives them access to all of their passwords - the same vulnerability policies are trying to avoid.

GateKeeper Hub admin console:

The GateKeeper Hub is the admin command center that allows admins to centrally control tokens, passwords, users, and computers. Only GateKeeper Enterprise subscriber admins need access to GateKeeper Hub. Personal users only need the GateKeeper Client desktop application.

 

Do I need a GateKeeper token to login?

Yes, a GateKeeper token is required to login using the GateKeeper system. All login options (Automatic Login, Press Enter to Login, Touch Login, GateKeeper with PIN Login) require the presence of the user's GateKeeper token key fob to login. It is advisable that the user keeps their key fob token with them at all times, just like car keys and house keys.

 

What are the dimensions of the GateKeeper Halberd proximity key fob token?

The dimensions of the GateKeeper Halberd token are 3.25" L x 1.5" W x 0.5" H. For weight, with a CR2450 3V lithium battery included, the GateKeeper Halberd token's weight is 23 grams (0.8 ounces) - perfect for lightweight mobility on the user's part.

GateKeeper Halberd product guide.

 

Using GateKeeper Proximity

Where to download the GateKeeper software for personal use?

For GateKeeper Personal users (individual user for home use):

Download the GateKeeper Client application from https://gkaccess.com/downloads

If you are a user with an organization using GateKeeper Enterprise Core, Advanced, or Ultimate, see this article for methods of installing the GateKeeper Client for Enterprise.

 

How to use GateKeeper in 2FA mode?

Please make sure you have your GateKeeper Client software installed on your computer and your token registered (GateKeeper Halberd key fob or GateKeeper Trident phone app) before setting up 2FA.

  1. Open your GateKeeper Client application on your PC/Mac and click Settings.
  2. Under Unlock Method, select the option "GateKeeper with PIN Login" - all set!

You'll need your GateKeeper token with you and type in your token's PIN to login.

How to set 2FA for GateKeeper from the desktop application.

 

How to log in automatically?

GateKeeper proximity authentication can automatically unlock your computer with the appropriate settings. Automatic unlock can be set from the GateKeeper Client desktop application.

  1. Open your GateKeeper Client application on your PC/Mac and click Settings.
  2. Under Unlock Method, select the option "Automatic Login" - all set!

Just approach your computer with your GateKeeper token on you and the computer will automatically unlock.

Set automatic unlock for your computer.

 

How to log in by tapping your key to your receiver?

GateKeeper proximity authentication can automatically unlock your computer with the appropriate settings. Automatic unlock can be set from the GateKeeper Client desktop application.

  1. Open your GateKeeper Client application on your PC/Mac and click Settings.
  2. Under Unlock Method, select the option "Touch Login" - all set!

Now just tap your GateKeeper token to your USB receiver and the computer will unlock.

Login to your computer by touching your key to your USB reader.

 

How to log in by pressing the Enter key?

GateKeeper proximity authentication can automatically unlock your computer with the appropriate settings. Automatic unlock can be set from the GateKeeper Client desktop application.

  1. Open your GateKeeper Client application on your PC/Mac and click Settings.
  2. Under Unlock Method, select the option "Press Enter to Login" - all set!

With your GateKeeper key present, press the Enter key and you will be logged in.

Login to your computer by pressing the Enter key.

 

I forgot my PIN. How can I log in?

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Go to the Tokens tabs.
  3. Click the icon next to the token whose PIN you would like to update.
  4. Create a new PIN.
  5. Click Save Changes to immediately update the PIN.

*Note: The user MUST be connected to the computer using their GateKeeper token to change their PIN.

 

How to change the lock / unlock range?

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Move the left dial to change the lock distance. Move the dial left to increase the lock range (locks farther). Move the dial right to decrease the lock range (locks closer).
  3. Move the right dial to change the lock unlock distance. Move the dial left to increase the unlock range (unlocks from farther away). Move the dial right to decrease the unlock range (have to get close to unlock).

Changing your lock and unlock distance.

 

How to add a password online?

Make sure you are connected to the GateKeeper Client application with your GateKeeper token. If you are not currently connected, then click on the Connect User button on the application dashboard and type in your GateKeeper PIN to connect. Click the GateKeeper Chrome or Firefox web extension icon to open it. Click "Add Web Credential" button.

 

Can I use 2 keys?

Only one key can be connected at one time to a computer. However, a user can have multiple keys registered and login with any one of those registered keys. Just like a home can have multiple keys, so can the computer. However, only one key can open the door at a time.

 

Why are some options grayed out on the desktop application?

Some options are only available on the GateKeeper Enterprise subscription tiers Core, Advanced, and Ultimate. If you have GateKeeper Enterprise Ultimate (the highest tier) and still see grayed out options, it is because your admin has disabled those features.

Difference between Client and Hub?

The GateKeeper Client for Windows or Mac is the software installed on any computer that will use a GateKeeper token to log in. The free, personal n of the GateKeeper Client can be downloaded from the GateKeeper website. The GateKeeper Hub is an admin console for Enterprise subscribers and is not required for personal users using the free Client version.

 

Where do I find my token's serial number?

Halberd key fob: The serial number for the GateKeeper Halberd key fob is located on the inside of the battery cover.

Trident mobile app: If you are using your Android phone as your GateKeeper token, please open the GateKeeper Trident application on your phone. Click the SERIAL NUMBER button in the app, and a pop-up window will appear displaying the serial number.

 

Computer locks while I'm working. How do I stop the computer from locking while I'm still working?

Please make sure your token and your USB receiver are within line of sight of each other to maintain your session and prevent unintended unlocking. Your body, desk, and other objects can block your GateKeeper's wireless signal to your USB receiver.

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Move the Lock dial left to increase the lock range (locks farther). Now your computer will stay unlocked.
  3. Move the USB receiver closer to your token using a USB extension cable.
  4. Add another USB receiver to increase signal coverage.

My key is right next to the computer but the computer keeps locking/disconnecting.

Changing your lock and unlock distance.

 

Computer didn't lock when I walked away. How do I make the computer lock when I leave?

If your PC did not log off/lock when you walked away, you may just need to keep walking and the computer will lock. The GateKeeper utilizes both RSI signal and motion detection to give the most accurate results.

Different environments produce different results for the locking and unlocking distance. A closed office with more walls will result in quicker locking while open-area offices will require more distance to lock. If you would like your computer to lock sooner, please open your GateKeeper desktop application and on the Dashboard, adjust the lock level.

If your computer did not lock because your token disconnected, please make sure that your token is turned on. If you are using your phone as your token, make sure your Bluetooth is turned on and that the Trident app is also turned on and running in the foreground.

If your GateKeeper is connected and the computer is not locking, please open your GateKeeper Client desktop application, go to Settings tab and under "Lock Settings", click the dropdown next to Proximity Lock Method.

Make sure your Proximity Lock Setting is NOT set to "Disabled" and instead, "Lock Workstation" should be selected.

Computer did not lock when I left.

 

How can users change proximity lock and unlock range?
Only users can change their own lock and unlock range from their Client application dashboard by moving the LOCK and UNLOCK notches on the range slider.

How to make the computer unlock faster.

How to make the computer unlock only when I'm very close.

How to make the computer lock faster.

How to make the computer lock when I'm farther away.

 

Token and USB Setup for Best Performance.

Make sure your GateKeeper Halberd token (or phone) and USB sensor are in direct line of sight and closest to where you will be while you're working on your computer.

If you are wearing your token on a lanyard, make sure your USB sensor is on your monitor facing you:

If you have your GateKeeper token on your waist or in your pants pocket, place the USB sensor under your desk facing you, closest to where the token will be while you're working:

Login to your PC, Mac, websites, and software using proximity detection sensors. Passwordless 2FA.

Make sure objects are not blocking the token and the USB sensor. Even if the token and USB sensor are very close, if there is a desk or something in between, the signal will not be picked up easily and may result in abnormal locking and unlocking results.

 

How to make the computer lock faster when I leave?

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Move the Lock dial right to decrease the lock range (locks sooner). Now your computer lock faster when you leave. The default lock setting is 25. Try moving the bar to between 40-50.

    mceclip1.png

Changing your lock and unlock distance.

 

How to make the computer lock when I'm farther away?

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Move the Lock dial left to increase the lock range (locks farther away). Now your computer will lock slower when you leave. This will help prevent unintended locking events. The default lock setting is 25. Try moving the lock range to 10 or 15. The maximum distance the GateKeeper can lock your computer is at lock setting 0.

    mceclip3.png

Changing your lock and unlock distance.

 

How to make the computer unlock from farther away (unlock faster)?

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Move the Unlock dial left to increase the unlock range (unlocks from farther away). Now your computer will unlock faster when you approach. This will help prevent lag and latency when logging in. The default unlock setting is set to 70. Try moving the unlock notch lower to around 50-60 and see if that helps. 50 is the fastest login range - likely to unlock just as you sit down.

    mceclip4.png

Changing your lock and unlock distance.

 

How to make the computer unlock when I'm closer (unlock slower)?

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Move the Unlock dial right to decrease the unlock range (unlocks only when close). Now your computer will unlock slower when you approach. This will help prevent unintended logging in events. The default unlock setting is set to 70. Try moving the unlock notch to 80-85. This will slow down the unlock process.
  3. If you would like to unlock a computer by touch, change the Proximity Lock Method.

    mceclip5.png

Changing your lock and unlock distance.

 

What is Quick Return Timeout?

GateKeeper unlocks your computer based on the proximity of your token. The most secure method of unlocking your computer with GateKeeper is to use the GateKeeper (first factor) with your PIN (second factor). This requires you to both have your GateKeeper token with you AND type in your PIN every time you want to unlock your computer.

  1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".
  2. Click Settings in the lower left.
  3. Under Unlock Settings, go to Quick Return Timeout, and select your preferred length of time.

What is the 'Quick Return Timeout' setting in GateKeeper?

 

Can I still use my Windows password to log in to my computer?

If you log in without your token (using your Windows/macOS password), GateKeeper cannot continue to actively authenticate the user and protect the computer. Web passwords through the GateKeeper Password Manager extension will also be unavailable unless the user logged in using their GateKeeper. Auto-locking will not function either. If you login without GateKeeper, passwords will not be available.

In the event that you do not have your GateKeeper key fob or your phone (with GateKeeper Trident app), then you can always log in with your normal Windows password. Please remember to reconnect your GateKeeper token to your computer as soon as you can for security purposes.

 

How do I prevent phishing with GateKeeper?

Many phishing attack involve asking victims to type in their credentials on sites masquerading as legitimate (like your bank). With GateKeeper, all legitimate logins only auto-fill on legitimate URLs, so the user is not prone to accidentally logging into the wrong site and inadvertently giving up their credentials. Simply use GateKeeper to login to your PC, Mac, and websites to avoid falling for phishing scams.

When you download the GateKeeper Client application, the GateKeeper password manager web browser extension automatically installs. Just go to your Chrome browser and enable the GateKeeper extension. GateKeeper password manager is available for Chrome, Firefox, Edge, Opera, Vivaldi, and Brave web browsers.

 

Do I need a customer portal login?

Only GateKeeper Enterprise admins need a login for the GateKeeper customer portal. The portal is used for purchasing GateKeeper Enterprise licenses and managing billing. Personal uses can purchase directly from the GateKeeper website without logging in.

 

Troubleshooting

What if my key's battery dies?

To check the battery status on the GateKeeper Halberd token, press and hold the action button on the side for 3-4 seconds. The Halberd token will beep and the LED will flash green if the battery is good. If the key does not beep or the LED does not light up/flashes red, please replace the key fob's battery with a new CR2450 3V lithium coin cell battery.

Alternatively, you can also choose to use your Android phone as your key fob instead by downloading the free GateKeeper Trident app on the Google Play Store.

 

What if I lose my GateKeeper key?

If you have lost or misplaced your token or forgot/don't remember your PIN for your token, please reset the token's PIN from the GateKeeper Hub admin console.

How to reset the GateKeeper database for the free version.

How do I add a new token if I don't have my old token?

How to reset the PIN to my token if I've forgotten my PIN - personal user.

 

What if I get a new phone? How to register a new phone as a token?

Assuming you only have one token saved to your GateKeeper profile, please follow the steps below. If you have a GateKeeper hardware token already saved to your profile, skip to step 2.

  1. Download the GateKeeper Trident app on your new phone, then turn on the application.
  2. Connect your old phone or token to the GateKeeper software. If you do not have your old phone or token, log in manually with your Windows password and username.
  3. From the GateKeeper Client dashboard, click Tokens.
  4. Next, click the add GateKeeper token button to scan for the new phone with the Trident app turned ON.
  5. Place your phone near one of your USB sensors and then follow the onscreen prompts to select the new phone as your new authenticator token and create a new PIN.
  6. Delete the old phone from your Tokens tab and you're done.

Changed phones and now my Trident will not unlock my computer.

 

Do I need a USB sensor?

Any computer using Windows 10 can utilize third party Bluetooth 4 dongles. We recommend using GateKeeper-issued USB dongles, but other Bluetooth 4 dongles will also work. We recommend using at least 2 Bluetooth dongles for maximum coverage.

If you are experiencing unintended locking while working, we recommend using two or more Bluetooth dongles to enhance your signal. Also, please place your Bluetooth USB dongles in line of sight to your GateKeeper token to prevent unintended locking of your workstation.

Order an additional USB proximity sensor for better performance.

 

Trouble logging in.

Move the token closer to the USB sensor. During the registration process, the GateKeeper token needs to be extremely close to the proximity sensor (within 2 inches).

Try a different USB port. Plug the USB proximity sensor into another available USB port. Place the token next to the USB senor, then run the registration process. Click here for registration instructions.

You're using a GateKeeper 2.0 token instead of the Halberd. If you're using a 2.0 token, then you need to update its firmware before pairing it to the new software. Please click here for detailed instructions.

The battery is not firmly set inside the token. Please remove the battery from the token then re-insert the battery. The token should beep once the battery is inserted. 

Dead Battery: If the token's battery is dead, please replace it with another CR2450 battery.

The computer's USB port itself may be broken so try testing with another USB Bluetooth dongle to see if you can rule that out. The USB sensor may be damaged, please try testing with another USB sensor. The USB extension cable may be damaged, please try using another one. If you are using a USB hub with multiple ports, please plug the USB dongle directly into the computer.
*reminder to use GateKeeper USB sensors and not just any 4.0 Bluetooth sensor.

 

Why didn't GateKeeper log me in?

If you are unable to login with your GateKeeper token and see a message saying, "An unknown error has occurred" on the login screen, please follow the steps below to resolve the issue.

1. Please restart your computer.

2. Attempt to log in again using your GateKeeper token.

Make sure you have your token with you and it has battery power. Try bringing your token closer to your USB receiver. Make sure to keep the token and USB receiver in direct line of sight.

First time logging in for users.
Can't log in. "An unknown error has occurred." message at login.

 

Why is my GateKeeper Halberd blinking red?

The red light flashing LED on the GateKeeper Halberd key fob means that the battery is low. Please replace the battery with a new CR2450 3V lithium coin cell battery.

 

Why is my GateKeeper beeping?

There are 2 reasons why your GateKeeper Halberd key fob is beeping.

1. Low battery
Your GateKeeper key fob's battery (CR2450) is running low on power. Please check your GateKeeper token's battery level and replace the battery with a new one.

2. Bad battery connection to the device
The second probable reason that your key fob is beeping is that your battery is not properly connected to the device. It may have been inserted incorrectly and is not making a proper connection. This will result in the GateKeeper being powered ON and OFF very intermittently - leading to unstable performance. Please remove the CR2450 battery and reinsert and make sure it properly fits into the battery compartment to ensure a proper connection.

 

How should I carry my GateKeeper?

The GateKeeper Halberd token and the GateKeeper proximity USB sensor (Bluetooth receiver) should ALWAYS be in direct line-of-sight to ensure the best performance and accuracy in locking/unlocking the workstations. We recommend wearing the GateKeeper Halberd token around your neck on a lanyard or carrying it around your waist on a carabiner. The closer the key is to the receiver, the better performance.

We highly recommend using a USB extension cable to help create your most optimal environment. Please refer to our data sheet on how best to go about this here called "Proper use of your GateKeeper USB Extension Kit".

 

What happens if I change a password for my online account?

  1. Open Google Chrome/Firefox and click the GateKeeper Password Manager extension icon.
  2. Click All Websites.
  3. Locate the desired web login credential and click on the small blue triangle.
  4. Click the Edit button.
  5. Update your information by clicking in the text boxes and click Save. To remove the credential instead, click Delete.

Users can also update their passwords from the GateKeeper Client desktop application by going to the Credentials tab.

How to edit/update/delete web passwords in GateKeeper Password Manager Chrome Extension.

 

What does it mean to connect my key to my computer?

Your computer needs to recognize the presence of your token and then GateKeeper authorizes access. Only one key can connect to a computer at a time to allow users to login with GateKeeper and have their passwords available. If your GateKeeper Client application shows that not GateKeeper token is connected, then your key is not being seen or accepted by the computer and your passwords will not be available to you until you reconnect your authorized key.

 

Additional Information

Are my passwords safe?

Your passwords and usernames are securely stored on the your computer. These credentials are encrypted using military-grade AES-256 encryption using the AesCryptoServiceProvider class that is part of Windows SDK and is FIPS compliant. AES is specified in (FIPS 197) and approved in (SP 800-131A Rev. 1) for key lengths of 128, 192, and 256 bits. Passwords are never transmitted over the air and therefore not prone to spoof attacks.

 

Is GateKeeper patented?

Yes. GateKeeper Proximity for 2FA is patented under Patent No.: US9449165B2 - System and method for wireless proximity-based access to a computing device by the United States Patent and Trademark Office (USPTO).

 

Is GateKeeper FCC / CE certified?

Yes, GateKeeper Halberd token key fob and USB dongle are FCC certified.

Wireless Token FCC ID 2AGDN-GATEKEEPER
USB Dongle FCC ID 2AGDNGATEKEEPER

Click here to see the specifications on the FCC website.

 

Is GateKeeper FIPS compliant?

Yes. GateKeeper is FIPS 140-2 (Federal Information Processing Standard) compliant. For more information on the Federal Information Processing Standard Publication 140-2 (FIPS PUB 140-2).