 |
||
| Home | Forums | Article Search | Subscribe & Shop | Contact Us | Log Out |
| Protect Your PINs, Passwords & Private Info |
 Email This
 Print ThisView My Personal Library |
|
Loading Zone October 2006 • Vol.6 Issue 10 Page(s) 73-75 in print issue |
|
|
Protect Your PINs, Passwords & Private Info We Compare A Six-Pack Of Password Vaults |
|
You may have more passwords, PINs, and private security information than you can remember, but what are the alternatives? Using the same password for all your accounts may be simple, but then there’s the possibility that a hacker could break into all of your accounts if he’s figured out your only password. Instead, you could use a unique password for each of your accounts, but how could anyone possibly remember something such as “V47gT0kjL” without writing it down somewhere (which is a security hazard)? Most Web browsers have some form of “password memory,” but several utilities can crack Internet Explorer’s memory, and Firefox doesn’t password-protect your password list by default. Additionally, neither is very transportable, meaning as soon as you use another computer, all your stored passwords are left behind. A password vault program is just the ticket for these situations. Generally, such utilities store logins, passwords, PINs, bank account numbers, and any other information in a secure, encrypted state, requiring a master password to unlock it all. This leaves you free to commit just a single, unique password to memory to get to all of your other passwords. Also, many of these programs work with a USB drive or a handheld device, meaning your information can securely travel with you. Generally, you can divide password vaults into two categories: standalone applications and those that integrate with Web browsers. The latter tend to focus on account logins and passwords you use online and can help you save time by filling out online forms. Standalone applications can store this information, too, but are usually set up to store personal information you need in the physical world, such as locker combinations and bank account numbers. I looked at three of each type of password vault program, evaluating security, ease of use, cost, and transportability. Though none excels in all four categories, one is likely to fit the way you work.  AccountLogon 2.5 $24.95 Rhodes Software www.accountlogon.com 3.5 CPU’s  AccountLogon only works with IE to record and display your logins and passwords automatically, yet it does so from a single toolbar button, instead of the typical full-width browser toolbar. Even though you might have to use ALT-TAB a bit to work in AL’s Winamp3-like window, most of the time AL functions automatically, and most of its commands are available from a slim pop-up toolbar menu. Although several browser-based password vaults automatically scan every Web page for a new login and password to add to their collection, AL requires you to manually turn on its password collection routines. This then opens a new browser window with a message that asks you to enter the site’s URL along with a request to name and categorize the password within AL’s filing system. When the site’s login page appears, AL double-checks the URL with you. Finally, once you log in, it pops up a confirmation window. Even if this may seem like a lot of interruptions, returning to a site and automatically logging in tends to be much more streamlined than the competition, requiring just a click or two to access your passwords from a single toolbar button, the Taskbar, or the previously mentioned pop-up toolbar menu. You can store your bank account numbers, credit cards, and other private information with AL, but the storage system seems inappropriate because you only get four fields and a longer Comments About This Account field for each entry. You can easily backup and restore the 448-bit Blowfish-encrypted data file and run AL from a USB drive (though you’re on your own to figure that out) when you’re on the go, but you’ll need to manually log on to Web sites on different PCs. Login King Build 2088 $29.95 SecureWork www.securework.com/loginking/index.html 4 CPU’s  When a bunch of former Microsoft programmers get together to solve the password storage problem, you can be pretty sure the result will be slick, and LoginKing is certainly slick. Available as an application you can install that works with both IE and Firefox (via an LK extension) and a USB drive-compatible version complete with a portable version of Firefox, LK works pretty much any way you like. At startup LK prompts you for your PIN, which it uses to encrypt your password file via a 256-bit AES system. Once you begin, LK scans Web pages for a login prompt and automatically records your login and password. When it does, it verifies that you want to save the information and asks if you want to store the login as a 1-Click Login, which means you can click the 1-Click Login button on the browser’s toolbar to log in to the Web site. Or you can go to a Web site, register it with LK, and then the program will automatically fill out the login and password fields for you, logging you into the Web site. Furthermore, if you need help generating truly random, secure passwords, LK’s Strong Password Generator comes in handy. Some Web sites, such as Slashdot and Digg, use an AJAX-based login prompt that hides and unhides the fields, but, unlike other password programs, LK is able to decipher these sorts of sites. On the negative side, when you manually log out from some Web sites, LK prompts you to login again, which can be annoying. Login King isn’t set up to store things other than logins and passwords, but if that isn’t important to you, its speed, simplicity, and portability make it seriously useful, especially for road warriors. RoboForm Pro 6.7.8 $29.95; $19.95 USB version Siber Systems www.roboform.com 4.5 CPU’s  RoboForm arguably created the category of password vault software, and the result of its continual evolution is that it offers more features and supports more hardware than anything else on the market. However, this can increase the program’s complexity and cost compared to the competition, especially when you enable every feature. After installation RF Pro asks you for a master password and lots of personal information, such as your name, date of birth, credit card numbers, and so forth. You don’t need to fill in everything, of course, but the more you do, the more RF is able to automatically fill out every online form you encounter with a single-click on the RF browser toolbar icon. Password collection is practically automatic: Log in to a site and RF will prompt you to save it for future logins. To return to site, choose the site’s login icon from the RF toolbar and it immediately logs you into the site. For real-life secure information storage, RF uses a free-form, tree-based structure, letting you organize information however you see fit with the ability to rename fields as necessary. RF protects this information, along with your logins, via 128-bit AES encryption by default with RC6 and Blowfish protection available, as well. You can configure RF in many ways, but combined with personal data, passwords, and real-life data storage, the interface is cluttered and sometimes confusing. Siber Systems licenses RF Pro on a per-computer basis at $29.95 for the first PC and $9.95 for additional PCs. The company licenses the USB drive version per drive at $19.95, making it a better deal. Both RF versions work with Firefox and IE. The Palm or PocketPC/Windows CE add-on, which lets you securely view your passwords on your PDA, runs another $9.95, but it only syncs with the desktop version. SplashID 3.32 $29.95 SplashData www.splashdata.com/splashid/index.htm 4 CPU’s  SplashData specializes in software for portable devices, and its Windows/Mac OS X desktop versions of SplashID can securely share and store your information on PalmOS, PocketPC/Windows Mobile, BlackBerry, Nokia Series 60, or Symbian UIQ handhelds with certain limitations among platforms. There isn’t a direct link to a specific Web browser, but hotlinks within SplashID still make it simple to enter logins and passwords. SplashID resembles a basic database application with a long list of your accounts and passwords listed on the left of the screen and the record’s information you select on the right. The application won’t open without your master password, and SplashID encrypts the database via a 256-bit Blowfish algorithm, even on a handheld device. Unlike RoboForm’s handheld application, you can actually add and modify entries on your PDA instead of only viewing them, and everything syncs up correctly. (For more information about the SplashID handheld version see page 80.) You’ll notice that SplashID categorizes entries by Types, such as Web Logins, Insurance, and so forth. Once you register, you can create your own Types and designate whatever field names you need. You can also categorize entries by Category, such as Business and Personal. Either way, you can whittle down potentially hundreds of entries to just a few by filtering them by these Types and Categories. Web site addresses appear as hypertext links, so clicking one loads the page into your default browser; it’s up to you to manually type in your login and password. There are separate hotkeys for copying logins and passwords, but you’ll need to ALT-TAB between your browser and SplashID to do this, which gets annoying. KeePass 1.05 Free Dominik Reichl keepass.sourceforge.net 3 CPU’s  KeePass is one of the most popular open-source password vaults. It offers several unique features but lacks some common ones. In addition to the more fully developed Windows version, KP offers partial support for Mac OS X, Linux, PalmOS, and Pocket PC (no HotSync conduits, yet). On the surface KP is similar to Splash-ID, but it organizes entries in a hierarchal tree structure complete with user-selectable icons, which makes locating one entry among hundreds easy. You can’t configure field names, but the Notes field is large, and you can attach any file to any entry. KP uses a 256-bit AES or Twofish algorithm to encrypt data via either a master password or a special key file it stores on a USB drive. In the latter situation, you don’t need to remember a password, but you can’t ever lose that drive. (NOTE: You can install KP directly on a USB drive, but you must use a master password.) Although there’s a plug-in to automatically capture and add logins and passwords in development, KP normally requires you to use the keyboard and mouse to manually record logins and passwords. There’s also a hotkey to automatically paste your login and password from the database into your browser, but it’s not always successful and sometimes drops off characters or doesn’t work at all. Ultimately, you can just use your eyeballs and read your info from the KP dialogs or manually copy and paste your logins/passwords. (Don’t worry about copy and pasting; KP will automatically clear the clipboard after 10 seconds.) If you’re willing to manually copy and paste and want cross-platform compatibility, or you’re looking for an open-source, multiplatform option, KeePass is worth considering. Password Safe 3.02 Free Rony Shapiro passwordsafe.sourceforge.net 3.5 CPU’s  Password Safe is the classic, basic, open-source password vault. It’s intended to be simple, fast, secure, and compact, and it succeeds admirably. It’s not integrated with any Web browser, but PS still manages to reliably input logins and passwords into most Web sites, and you can easily transport it via a USB drive. Originally written by noted security expert Bruce Schneier, PS uses the Twofish encryption system and enforces a fairly rigorous master password system. Unlike the other products I reviewed, PS lets you use multiple password storage files. Password Safe organizes passwords via a free-form, hierarchal tree, but each entry has only a few fixed fields and a big Notes section. When you put the cursor in the login field on a Web page, switch over to PS, and then press CTRL-T, it will automatically copy, paste, and enter the Web site for you. If a site requires special characters to login, you can modify each entry to suit it. There isn’t much more to Password Safe, other than a straightforward Get Help file—but then that’s the whole point. by Warren Ernst |
| User Reviews | Be the first to write a review of this product |
|
 |
| Home Copyright & Legal Information Privacy Policy Site Map Contact Us |
| Copyright © 2010 Sandhills Publishing Company U.S.A. All rights reserved. |