Product Reviews

Login Simplified

SecureLogin takes the work out of password management.

• By Joseph L. Jorden
• 05/01/2003

If I were to ask you what the biggest systems security risk is right now, what would you say? The SQL Slammer virus? IIS buffer overruns? Malicious scripts sent via e-mail? These are some of the most common answers. While these are problems, to be sure, most people overlook the simplest and most dangerous security risk of all—weak passwords. There’s no end to what hackers can do if they crack even one password on your network. The problem is that users have so many passwords to remember that they’re forced to make them weak just so they can remember them. So what can you do to mitigate this risk? Protocom comes to the rescue with SecureLogin.

SecureLogin is a client-server product that provides single sign-on capability to your users. This means that your users only log on at system start up. After that, any time a password is required, it’s provided by SecureLogin.

The way it works is simple: On the back end, SecureLogin supports NetWare NDS, Windows Active Directory and LDAP. When the server portion is installed, the network directory schema is modified so that user passwords can be stored directly, with the user objects in the directory. Once the server portion is in place, you install the client software on each machine, which will run at system startup. While the client program is active, it constantly monitors the system for password requests and, when it finds a request, it asks the user if he or she wants to store the password for future use. If the user allows SecureLogin to manage the password, it’s stored in the network directory structure and recalled every time that password field comes up (see figure).

This raises a few questions, though. You may wonder what happens if users change one of the passwords managed by SecureLogin. The client program has built-in management functions that allow users to change passwords and even manually add and remove managed sites so they’re completely in control of their passwords. Also, you may wonder about the security of the passwords as they’re transferred over the network. To put your mind at ease. SecureLogin uses a challenge/response hashing algorithm with 3DES encryption so that passwords aren’t visible over the wire.

SecureLogin gives users the option to store passwords for future use. (Click image to view larger version.)

What I really like about this application, besides the obvious relief from stress, is the speed. I run a lot of stuff on my server and this application still runs lightning fast. As soon as I brought up an application or Web page that required a password, SecureLogin instantly provided it and I was logged in.

There are two important things to keep in mind when considering this product. The first is that this is client/server. If you have a small network without a server, this won’t work. Second is the price. For what SecureLogin does, the $79 per user is fair, but it can add up. Overall, if you’re interested in securing your network and making your users’ lives easier, consider this product.

[SecureLogin version 3.1 is set to ship this summer—Ed.]