RFID Credential Provider

(Originally published March 2011.)

Anyone else have a SparkFun RFID USB reader? I’ve been in love with this since I got it, but it’s actually had fairly little uses: I built an experimental Facebook Presence client with facial tagging and, well, that’s it, actually.

However, I’ve recently come up with one of the greatest uses for it yet — logging into Windows!

In Windows xp and below, allowing custom logins required writing a custom gina module, which was tedious and had some major drawbacks, the most obvious of which was the limitation of one custom provider installed at a time. Thanks to the update to the login structure in Windows, it’s fairly easy to use the LoginUI api (although a poorly documented one) to implement custom login providers.

Interested in trying this out yourself? You need the reader, of course (you might want to desolder the beeper if you’re planning on using this on a regular basis), and one of the following downloads:

Installer (32 and 64-bit; Windows Vista/7)

Source Code (Github!)

Note that you’ll need to use the enrollment tool to register your credential. Due to limitations on Credential Providers, logins need to include the user’s domain, username, and password. That means whenever you change your password you’ll need to update it with the enrollment tool or rfid logins will fail. I understand this is a pain, especially in corporate environments where you may be required to change your password frequently, but there’s nothing I can do about it. You can be confident, however, in that your passwords are stored in a safe manner; an attacker requires your credential and administrator access to the computer to decrypt them.

As usual, please don’t modify and redistribute this project without attributing it to me. If you need support or want to donate a few dollars, I’m over at tyler@menez.es. If you just want to learn more about how to create your own, check out this article on Credential Providers in Windows Vista and above.