A dongle is a small hardware device that connects to a computer and acts as an authentication key for a particular piece of software running on that machine. Its purpose is to thwart usage of unauthorized software copies. When the dongle is present, the software will run properly. When it is not present, the software will detect the dongle's absence; it will then restrict the operation of the software or even stop the program from running altogether.

The dongle is a form of copy protection or digital rights management which some software sellers prefer because it is much harder to copy the dongle than it is to copy the software it authenticates. However, efforts to introduce dongle-protected software packages in the mainstream software market have met with stiff resistance from users. For this reason, dongles are now used only with very expensive packages, such as CAD/CAM software, certain Digital Audio Workstation applications, and some translation memory packages.

Dongle schemes became popular in the 1980s, and continued into the 1990s. Originally taking the form of simple passive devices that connected a parallel port in a predetermined manner, they rapidly evolved into active devices that contained a serial transceiver (UART), and even a microprocessor to handle transactions with the host. Later versions adopted the USB interface in preference to the serial interface. Modern dongles include built-in strong encryption, and special fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain a reasonable amount of non-volatile memory, so that key parts of the software may be actually stored on the dongle.

One major snag with dongles is that they tie up a port on the host machine. This has been ameliorated to some extent by the adoption of USB, but is still a major drawback. To get around this, most practical dongles include a replacement port, so they become an inline device. There is also the obvious problem of losing the dongle, rendering the protected software useless. Also, if there is more than one application protected in this manner, the number of dongles becomes physically problematic.

There is also a potential weakness in the implementation of the protocol between the dongle and the protected software - it requires considerable design cunning to implement this in a fashion that is not easy to crack. For example, a naive implementation might simply define a function that checks for the dongle, returning true or false accordingly. This reduces all of the protection, however sophisticated, to a single bit value at one point in the program, so cracking the protection requires only the identification and manipulation of that single bit.

Origin of the word "dongle"

The word "dongle," as a word for something unnamed (akin to "doodad" or "whatchamacallit") has been used since the 1970s. Its origin is unknown. The American Heritage Dictionary, 4th edition, says it is "probably [an] arbitrary coinage." Assertions that it was derived from the name "Don Gall" are an urban myth popularized by an advertising copywriter; see Eric S. Raymond's Jargon File.

Vendors of dongles and dongle-protected software often use more dignified terms such as "hardware key" or "security device" in their written literature. Outside of such literature, "dongle" is the usual term for the device (and is used even by dongle vendors in informal parlance).

See Bongle, a term used for a software variety of Dongle.