GateKeeper Review

GateKeeper is a proximity-based touchless password system. What this basically means is that the presence of a physical Bluetooth token is required to unlock your PC. If the physical token is not present then your PC will automatically Lock, and cannot be unlocked until the token is again nearby.

This physical token can be an Android phone or a special cigarette lighter-sized device, called a Halberd Proximity Token, that you can wear around your neck. We take an in-depth look at it in this Gatekeeper review.

Our Score
2 / 5
Pricing
From $19.99/mo
Country
United States
Visit GateKeeper

Gatekeeper lanyard

Supported platforms

The GateKeeper client software is only really available for Windows 7+. A macOS version is available for High Sierra and Mojave, but this has been borked by changes made by Catalina, and no plans for an update have been announced yet. There is also currently no Linux support.

The GateKeeper Trident app runs on Android 7+ phones. These must support Bluetooth Low Energy (BLE) advertising, but most do these days. The app is not available for iOS, but iPhone users can always use a Halberd Proximity Token instead. 

Pricing

The GateKeeper client software is free for personal use, but it requires a physical access token and a Bluetooth proximity detector. 

The access token can be the Gatekeeper Trident app, which is available from the Google Play Store for $19.99 USD (or local equivalent).

If your computer features an internal BLE transmitter, then you can use this as the Bluetooth proximity detector. In most cases, though, you’ll need to purchase a USB proximity sensor dongle, which cost $20 each.

Alternatively, you can purchase a Bluetooth Low Energy “Halberd Proximity Token” for $60 each, which includes 2 USB proximity sensor dongles. Multipack discounts are available for organizations. 

Gatekeeper tokens

The Halberd Proximity Token came bundled with 2x USB proximity sensor dongles, 2x USB extension cables with cable management clips for easy mounting, a spare battery, a neck cord, and a corded belt fob. Which all seems pretty good value to us. 

Gatekeeper Enterprise is not the focus of this review, but we’ll note that it starts at $1200 for 5 users (or a 45-day trial for $435). If you already have suitable hardware, then a 15-day free license is available.

Gatekeeper Enterprise packs include 1 Halberd token key fob and 2 USB Bluetooth proximity sensors per user, with 12 months of subscription to the proximity access control software plus premium support.

Enterprise customers can also use a selection of supported fingerprint readers as hardware authenticators.

Features

Centralized access management dashboard

This web-based dashboard is designed for Enterprise use only and provides advanced monitoring and management functionality.

Gatekeeper hub

Managers can examine lots of useful metrics, such as which team members logged in to which computers, and for how long. Team members and computers can be organized into groups (e.g. by department), managers can set up alerts based on a variety of triggers (such as a login failure or a specific computer being unlocked), and much more.

Privacy and Security

Jurisdiction

GateKeeper is developed by the US-based Untethered Labs, Inc. Edward Snowden showed the world that the US is subject to high levels of mass government surveillance, but since no passwords or other data is sent back to GateKeeper, this should not be an issue for most users.

Closed source

The only fly in the ointment is that, since all GateKeeper software is a closed source, there is no way to know for sure it isn’t doing anything sneaky. It probably isn’t, but who knows?

Technical security

Passwords are not stored on the physical tokens (either phone or on the Halberd token). They are only stored locally (so no multi-device syncing) on your PC, where they are secured using AES-256 encryption. This is FIPS 140 compliant, making GateKeeper suitable for use inside the US government. 

GateKeeper uses Bluetooth 4 LE, so they have a maximum range of 100m. A read-only device firmware prevents cryptographic key readback if an attacker gains physical access to the token.

In order to prevent the duplication of tokens, a secret key can (optionally) be written to a token that can be used to generate one time passcodes which are advertised as part of the Bluetooth advertisement packets and scanned by the client software. These codes are changed every few seconds and ensure your token is cryptographically unique.

At least, that’s the theory. We are not sure if this feature is fully implemented in the desktop software yet. It was promised for January 2019, but the option was grayed out for us in the app’s settings. 

The biggest danger is that tokens are quite easily lost or stolen. This can be mitigated against by also requiring a PIN to login (for 2FA, which is the default setting), but this loses the convenience and wow factor of contactless login.

Centralized access management dashboard

The centralized access management dashboard for enterprise users is designed to be self-hosted on your company server, so no data is sent back to GateKeeper. All personal data collected by the server software is also encrypted using AES-256.

So from a management perspective, the GateKeeper server software is secure and private. Employees, however, should be aware that the access management dashboard provides managers with a great deal of information about when, how long, how many times, etc., they are logged into their computers. 

Customer support

Quite extensive documentation is available on the website, including a number of detailed reference documents. If you have further questions, you can contact Untethered Labs via ticketed email form, phone (US Maryland number), or Live Chat.

The Live Chat is not 24/7, though a response is promised within 24-hours. When we posted a query, the response arrived the next day and answered our questions clearly.

Ease of use

Halberd Proximity Token

Setup using the Halberd Proximity Token is very easy. Just insert the provided battery into the token and place it close to the USB proximity sensor dongle, which is inserted into any USB port of your PC.

The Token is well made, with a sturdy plastic shell. USB extension cables and cable clips are provided for convenient placement of the sensor dongle, but given that you can opt to unlock your PC from a user-definable distance away (see below), we didn’t find such careful placement necessary.

Then just install the Windows app and run through the pairing process. This involves choosing a PIN, but is very straightforward. 

Gatekeepemr Dashboard tokens found

You can add and manage as many tokens as you like.

Token management

The Dashboard allows you to customize how the token works by specifying the signal strength required to Lock or unlock your PC. Since signal strength is directly related to the distance between the token and receiver, this setting basically decides how close you need to be to your PC for the token to Lock or unlock it.

Gatekeeper dashboard

The Halberd Proximity Token contains an accelerometer, which helps the software identify and Lock the PC when you move away from it.

Motion detection sensitivity

There are plenty of more advanced settings to play with, arguably the most important of which is whether to use the GateKeeper token as a 2FA device backed-up by a PIN number, or as an automatic hands-free unlocking device. Many of the Advanced settings, however, were grayed out for us, for reasons unknown.

lock and unblock gatekeeper settings

In use, we found the whole setup worked very well, although we would have liked to fine-tune the timeout settings, which we were unable to do because they were grayed out.

It is worth noting that you can still unlock your PC using your Windows password, so it is important to ensure this is highly secure if you are to benefit from using GateKeeper as a 2FA device. Fortunately, you won’t need to enter it all the time once GateKeeper is in place. 

GateKeeper Trident app

Instead of the Halberd Proximity Token, you can use your Android phone as the physical token needed for GateKeeper to work. This requires you to install the GateKeeper Trident app from the Play Store.

Gatekeeper Trident app

Setup is performed in the Windows app and is identical to setting up a Halberd token. In all other ways, your phone now behaves just like a Halberd token. 

We found the app to be stable and it Locked and unlocked our computer reliably. With a rating of 4.4/5 on the Play Store, it seems most users are also happy with it. 

Password manager

The desktop client includes a password manager with an associated Chrome browser extension (a Firefox extension is mentioned on the website but doesn’t seem to actually exist at the time of writing this review).

gatekeeper browser extension

It has to be said that, as a password manager, GateKeeper is quite basic. It remembers and auto-fills passwords, and that’s about it. There is no password import feature or syncing across devices, 

Annoyingly, it remembers passwords when you log into a website, but not when you first register for one. This may be a mild inconvenience by itself; but it also ruins the extension’s most interesting feature: built-in TOTP authentication.

built in TOTP authenticator

In theory, the GateKeeper Chrome extension will capture and authenticate TOTP 2-Factor Authentication QR codes, removing the need for an app such as Google Authenticator. 

But since GateKeeper doesn’t save passwords when you first sign-up for a service, there is no entry to attach the TOTP code to. There might be workarounds for this, but we found the whole thing rather frustrating.

Fortunately, the GateKeeper password manager is not central to the GateKeeper product and can be easily ignored in favor of much better password managers (many of which are free, so there’s no real loss here).

Final thoughts

There is a lot to like here. The magic of watching your PC unlock as you walk towards it is tangible, although contactless unlocking is not really recommended in any environment where there is a risk that the physical token may be stolen. 

GateKeeper is probably therefore most useful as a 2FA system, placing it in competition with the likes of YubiKey. As such, it has some distinct advantages. Contactless 2FA authentication is undoubtedly easier and quicker than having to plug in a USB device and is also likely to save considerable wear and tear on your PC’s USB ports. 

Although this may change, the current lack of support for macOS Catalina (let alone Linux) is likely to be a sticking point for many. But if you (or your company) are heavily Windows-focused, then GateKeeper provides a very convenient way to improve login security.

The system, therefore, provides 2-factor authentication for logging into a PC if used in conjunction with a PIN number, or automatic touchless login if used on its own. The latter option is definitely less secure, but is pretty neat all the same. Overall, it's a handy device that offers faster, and more effective security as a 2FA tool.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

0 Comments

There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: