Protect Your Passwords The USB Flash Drive Alternative Brian Livingston
The USB Flash Drive Alternative
Siber Systems Inc. released last month a software program designed to eliminate the need (and the temptation) to store your user names and passwords
via your browser.
The company, which has published RoboForm password-management software for desktop PCs for many years, is now shipping Portable Roboform (previously known under its Pass2Go working name). The new program is indeed a portable version of Roboform that can execute within a USB Flash drive or any other removable medium, such as Iomega Zip drives and even rewritable CDs.
The new product has the following interesting features:
Lack of Tracks – If you store user names and passwords via Portable Roboform on a USB Flash drive, the computer you were using at the time loses access to those passwords completely when you remove the Flash drive from its USB port.
Transportability – You can then insert the same Flash drive into the USB port of a different PC. As long as you remember the master password you set, you can automatically log in to your favorite Web sites on the second PC. Removing the drive, as before, deprives the second PC of the passwords as well.
Flexibility – In addition to user names and passwords, you can use the Flash drive to store e-mail contact information from Microsoft Outlook, bookmarks from your browser, and other data that's handy when you're traveling.
Portable Roboform can be licensed for $39.95 for a quantity of one, or $9.95 for users who already own a $29.95 license for the desktop product, RoboForm.
Portable Roboform can also be used for 30 days for free, after which (if you don't pay for it) it can still securely hold 10 passwords for up to two different users.
While beta releases of Pass2Go worked only with Internet Explorer, the officially released Portable Roboform additionally offers support for Netscape and Mozilla browsers via a plug-in adapter.
The Real Deal for Login Security
Is software on a USB Flash drive really secure enough to use to access your sensitive passwords on a computer at, say, an Internet café?
A Siber Systems press release says, "Pass2Go can confidently be used at Internet cafés, libraries, convention halls, airports, universities, or even at work — anywhere people on-the-go have a computer with a USB port."
In reality, just because your passwords are stored on a USB drive doesn't make it any safer for you to access a Web site from an Internet café or
other public location. Once you type the USB drive's "master password," a Trojan horse program that's running on the unfamiliar PC could capture every
screen that appears while you're using a supposedly "secure site."
"I would never recommend any product, even two-factor authentication, to be used in an Internet café," Siber Systems' Finkle said in a telephone
interview.
Two-factor authentication is a stronger form of identification than a mere password. The first factor is a physical device, such as a USB Flash drive. This is combined with a second factor, typically a PIN (personal identification number) or some other code that's easy for a user to remember.
This dual approach may, in fact, be the key to using insecure PCs (such as the ones at Internet cafés) to communicate securely with distant servers.
A Meeting of the Minds
Portable Roboform certainly isn't the only USB Flash-based solution for remedying the password security problem; USB Flash drives are now available with a riot of identification methods for aiding in the protection of your sensitive data.
There are tiny "stick" drives with fingerprint recognition, reliably providing access to authorized users only.
Other Flash drives display a random number that's derived from an internal timer. The number can be used to log on to a server, which is synchronized
to the same time, only once. If an eavesdropper snatches the number, it's useless as a way to read the rest of the session, which is safely encrypted.
We'll examine ways that specialized Flash drives can be combined with helpful password-storage software in this space next week.
Brian Livingston is the editor of WindowsSecrets.com and the co-author of "Windows Me Secrets" and nine other books. He is a columnist for Jupitermedia's EarthWeb network. Send story ideas to him via his contact page.
