Quick! Can you remember all the user names and passwords that you’ve used
at every Web site where you’ve ever registered?
I’ll bet you can’t. But it’s no shame not to remember all these things off
the top of your head. No one can.
That’s why people write their passwords on Post-It notes and stick them on
their monitors. And it’s why Web browsers such as Internet Explorer and
Firefox offer to “help you” remember your passwords — which means that
anyone who borrows or steals your computer can log on and impersonate you
at any of the “memorized” sites.
Fortunately, the plunging cost of memory has given rise to a possible solution
to the password-recall problem: store your user names and passwords on a
removable USB Flash drive. You protect the device with a single, “master”
password. All you have to do is remember that one code to access all the
passwords you’ve stored.
Is this solution good enough for serious use? Let’s look at the problem and see.
Your Oh-So-Helpful Browsers
The rise of the Internet and corporate intranets was the impetus behind
the “browser paternalism” of passwords:
• Internet Explorer.
Microsoft’s browser, known affectionately as IE, years ago began offering
an “AutoComplete” function. This feature offers to remember IDs and passwords
that you type on your keyboard. IE stores them in an encrypted file.
In theory, those passwords are made available only when the person who stored
them is logged on to Windows under his or her own account name (such as
Brian123 or whatever).
The problem with this is not just that anyone can walk up to your PC in
your absence, look through IE’s history, and then log on as you at any
password-protected site. Much worse is the fact that, even if you’ve logged
off your Windows account, anyone can run a simple utility and read IE’s
“encryption-protected” file to discover your passwords.
One of the best-known makers of password-reading software is
ElcomSoft Co.
Ltd. This programming firm, located in Moscow, Russia, was
acquitted of criminal liability in December 2002 for
cracking the password protection of Adobe PDF files.
The company’s Advanced Internet Explorer Password Recovery utility,
according to Computer Associates’
Spyware Information Center, coughs up the passwords saved
by every version of IE from 3.0 to 6.0 (the current level). The software
sells for around $30 USD.
Oh, so you think, “We’ll just ban this utility”? Good luck. The info center
says there are some
720 different versions of password-revealing utilities
currently available.
I don’t mean to pick on IE. Crackers are also widely available to divulge
the passwords stored by Microsoft Outlook, VBA (Visual Basic for Applications),
Intuit Quicken, and
many other apps.
• Mozilla Firefox.
The new, free Firefox browser, developed by the not-for-profit Mozilla
Foundation, also offers to store user names and passwords that you enter at
Web sites you visit. To its credit, Firefox 1.0 can store this sensitive data
in an encrypted form that I don’t believe has been compromised.
Unfortunately, Firefox doesn’t encrypt your saved passwords by default but
leaves them wide open. You can only have your passwords encrypted if you take
steps to set a “master” password. (To do this in Firefox 1.0, click Tools,
Options, Privacy, Set Master Password.) Before Firefox will then provide your
passwords to a Web site or anyone else, the master password must be entered.
If you use a USB drive to store your passwords in a secure manner, as described
below, you can make your browser stop storing passwords on your hard disk.
To do this in Firefox, click Tools, Options, Privacy and turn off “Remember
Passwords.” In IE, it’s Tools, Internet Options, Content, AutoComplete and
turn off “Use AutoComplete for user names and passwords on forms.”
In a corporate environment, you can use Group Policy to prevent browsers from
storing login passwords. To do this for IE, set Active Directory to
“Disable AutoComplete for forms” and “Do not allow AutoComplete to save
passwords.”
The USB Flash Drive Alternative
Siber Systems Inc. released last month a software program designed to
eliminate the need (and the temptation) to store your user names and passwords
via your browser.
The company, which has published RoboForm password-management software for
desktop PCs for many years, is now shipping
Pass2Go.
The new program is a “portable RoboForm” that can execute within a USB Flash
drive or any other removable medium, such as Iomega Zip drives and even
rewritable CDs.
The new product has the following interesting features:
• Lack of Tracks.
If you store user names and passwords via Pass2Go on a USB Flash drive, the
computer you were using at the time loses access to those passwords completely
when you remove the Flash drive from its USB port.
• Transportability.
You can then insert the same Flash drive into the USB port of a different PC.
As long as you remember the master password you set, you can automatically
log in to your favorite Web sites on the second PC. Removing the drive, as
before, deprives the second PC of the passwords as well.
• Flexibility.
In addition to user names and passwords, you can use the Flash drive to
store e-mail contact information from Microsoft Outlook, bookmarks from
your browser, and other data that’s handy when you’re traveling.
Pass2Go can be licensed for $39.95 for a quantity of one, or $9.95 for
users who already own a $29.95 license for the desktop product, RoboForm.
Pass2Go, however, can be used for 30 days for free, after which (if you
don’t pay for it) it can still securely hold 10 passwords for up to two
different users.
At this writing, Pass2Go works only with Internet Explorer. That’s a problem
for users of Firefox and other alternate browsers, such as Opera, that are free
from IE’s
well-known security problems. Integration with those
applications is expected to be available in future versions of the password
utility, according to Andy Finkle, Siber Systems’ vice president of marketing.
The Real Deal For Login Security
Is software on a USB Flash drive really secure enough to use to access your
sensitive passwords on a computer at, say, an Internet café?
A Siber Systems
press release says, “Pass2Go can confidently be used at
Internet cafés, libraries, convention halls, airports, universities, or
even at work — anywhere people on-the-go have a computer with a USB port.”
In reality, just because your passwords are stored on a USB drive doesn’t
make it any safer for you to access a Web site from an Internet café or
other public location. Once you type the USB drive’s “master password,” a
Trojan horse program that’s running on the unfamiliar PC could capture every
screen that appears while you’re using a supposedly “secure site.”
“I would never recommend any product, even two-factor authentication, to be
used in an Internet café,” Siber Systems’ Finkle said in a telephone
interview.
Two-factor authentication is a stronger form of identification than a mere
password. The first factor is a physical device, such as a USB Flash drive.
This is combined with a second factor, typially a PIN (personal identication
number) or some other code that’s easy for a user to remember.
This dual approach may, in fact, be the key to using insecure PCs (such as the
ones at Internet cafés) to communicate securely with distant servers.
A Meeting Of The Minds
USB Flash drives are now available with a riot of identification methods.
There are tiny “stick” drives with fingerprint recognition, reliably providing
access to authorized users only.
Other Flash drives display a random number that’s derived from an internal
timer. The number can be used to log on to a server, which is synchronized to
the same time, only once. If an eavesdropper snatches the number, it’s useless
as a way to read the rest of the session, which is safely encrypted.
I’ll examine ways that specialized Flash drives can be combined with helpful
password-storage software in this space next week.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.