TickStream for Windows v4.3
Introduction
TickStream for Windows is a Microsoft Windows logon credential provider that allows you to provide 2nd factor authentication to users of workstations and servers. The credential provider captures typing effort when a user logs on using CTRL+ALT+DEL.
System Requirements
TickStream for Windows will run on the following systems with their minimum hardware specifications.
- Microsoft Windows 10 / Server 2016 and later
- Microsoft Visual C++ Redistributable 2019 (installed during setup)
Setup Wizard
- Download the TickStream for Windows setup package using the link provided to you.
- Run the setup package on the client machine you wish to install it on.
- Accept the licensing agreement. Press the ‘Next’ button to continue.
- Enter the license key and cache service TCP port (default 10127). Press the ‘Next’ button to continue.
- Press the Install button.
- Press the Finish button.
Quiet Install
The setup package can be installed in an unattended mode suitable for automated deployment or installation from a command prompt. Values should be surrounded with quotations "" if they contain special characters or spaces. You can specify any setting listed in the next section by prefacing it with a /. Setting names are not case sensitive. If a setting is not specified and exists already in the registry, the existing setting will be used (upgrades will retain existing settings unless explicitly changed.) If a setting is not specified and does not exist in the registry, a default will be provided.
"TickStream for Windows x64 4.X.X.exe" /VERYSILENT
"TickStream for Windows x64 4.X.X.exe" /VERYSILENT /WSURL="https://keyidservices.tickstream.com" /AUTHENTICATION="myauthenticationkey"
"TickStream for Windows x64 4.X.X.exe" /VERYSILENT /grantOnError=0 /sendErrors=0
TickStream for Windows Utility
TickStream for Windows Utility allows you to view authentication history and configure various settings. To make setting changes you must have local system administrator priveleges.
Sort the log
You can sort the log by each information column.
Settings
Click File menu -> Settings. You will be prompted to restart the application with elevated priveleges if needed.
| Webservice Setting | Description |
|---|---|
| Passive Validation | Collect and evaluate typing behavior but always allow the user access |
| Passive Enrollment | Save profile data after evaluation and continue the login process |
| Application Setting | Description |
|---|---|
| Grant On Error | Allow access if there is an error communicating with the TickStream KeyID web service |
| Send Login Failures | Send login failure statistics to the KeyID web service |
| Send Error Reports | Send crash reports to the KeyID web service |
| Filtered Credential | Description |
|---|---|
| Windows Password Provider | If checked, disable the Windows password provider |
| Hello Face Provider | If checked, disable the Windows Hello Face provider |
| Hello Biometric Provider | If checked, disable the Windows Hello Biometric provider |
TickStream for Windows Information
Click Help menu -> About. The current version of the Utility and TickStream for Windows credential provider library will be provided.
Usage
The TickStream for Windows credential provider will now be available when logging into Windows as a sign-in option. The first time you login, type your username and password as you normally would. You will then be prompted to type your password several more times to build your KeyID profile. When the profile is completed your Windows session will start. Your typing behavior will be evaluated on subsequent logins. Your profile will also be reset if your Windows password is changed.
Event Logs
The TickStream for Windows credential provder writes to the windows application event log. The table provides information about the various events that may be raised.
| EventID | Severity | Description |
|---|---|---|
| 1000 | Error | Unspecified error containing an HRESULT description. |
| 1001 | Error | Password pre-keyid-authentication failed, there was a system error |
| 2000 | Warn | Username contains invalid characters. |
| 2001 | Warn | Error fetching user SID. Username does not exist or cannot connect to domain controller. |
| 2002 | Warn | Password pre-keyid-authentication failed (wrong password) for user. |
| 2003 | Warn | KeyID profile authentication FAILURE results for KeyID profile. |
| 3000 | Info | Password changed since last logon, deleting KeyID profile for user. |
| 3001 | Info | KeyID profile authentication SUCCESSFUL results for KeyID profile. |
| 3002 | Info | User requested profile reset. |
| 3003 | Info | Passive / active enrollment profile was saved. |
Safe Mode
Booting into Windows Safe Mode will disable the TickStream for Windows credential provider (and other 3rd party credential providers) and re-enable the windows password provider for that session.