It is the age of the password. We have come to rely on these ubiquitous strings of text to protect our finances, aspects of our identity, and even our virtual assets which have begun to carry individual value. As a result of the meteoric rise of the password’s importance, they have become a commodity in their own right. A type of virus known as the keylogger, expressly designed to harvest passwords, has multiplied at an alarming rate; studies conducted by (PDF) the security firm Symantec have indicated a 63% rise in prevalence between 2003 and 2005. Even empirical analysis clearly demonstrates the value of the password. Identity theft has become a 43.5 billion dollar industry and it is squarely on us to acknowledge the password’s value so we are not accomplices in the theft of our own assets.

Given the password’s new importance, a host of password management applications have hit the shelves claiming to securely encrypt and manage passwords for sundry applications and forms. Today, Icrontic reviews one such suite from n-Trance Ltd. to see if it lives up to its claims:

n-Pass is a powerful, feature-rich solution for storing all your password and web forms information in a secure, centralized database on your hard drive. It uses industrial strength encryption to keep your data secure, while providing an easy-to-use interface for organizing, adding and editing your password and web forms records. The cryptographic algorithm can be selected from the variety of FIPS-140 compatible algorithms provided by n-Crypt.

The software provides many pre-defined templates for commonly used records such as Web site and Email accounts, so you can get started adding data right away. You are not just limited to the pre-defined templates or even to just storing records with passwords - you can create your own custom templates to store virtually any kind of data! Creating template from record makes it even more easy and convenient.

It is the most convenient and comprehensive password and personal data management software package in the market today.

The initial configuration of the n-Pass software yields valuable and reassuring insight into the software’s design. We were primarily satisfied by n-Trance’s decision to use the RSA cryptosystem. RSA is a potent encryption technology which continues to be a cornerstone of public encryption and signing. Secondly, rather than relying on a random seeding system which could be reverse-engineered, n-Pass relies on the user’s mouse movement over a randomly-selected image to produce the RSA-2048 key pair. This ensures that each key is truly individual, rather than unique for the user, but not necessarily uniquely-generated.

Generating the RSA-2048 key

Next, the system prompts you for a single password which is used to access the n-Pass software and unlock it for use. In this case, I chose a password that n-Pass considers to be of moderate complexity.

Once you’ve chosen a password, n-Pass requests your personal information and provides your public key. A public key is one half of an asymmetric RSA cryptosystem which can be freely given to anyone looking to send encrypted content to you. A sender uses your public key to encrypt the information. Upon receiving the data, a mathematically-related key in your possession called a private key is used for decryption. This private key should never be given to anyone.

n-Pass takes my personal info and generates my public key

Once you have finished the initial configuration, the n-Pass software presents a password box which should be filled with the password you previously selected. Once that is done, double-clicking on the n-Pass icon in your system tray will open the main program for use. We were inclined to begin our testing the software with its default configuration, so we minimized the application, which settled innocuously in the system tray.

n-Pass’ main window

User names, forms and passwords

One prominent feature of the application is that it requires very little out-of-the-box configuration; it promises to start recording user names, passwords and form information right away. While we visited numerous sign-in and registration pages in Firefox, n-Pass simply would not recognize that we were out for some authentication action. Even when we manually created entries for the various websites via the method indicated in the ensuing image, n-Pass would not recognize that forms were being filled out.

We manually added Gmail, Hotmail and Icrontic’s forum signup to no avail.

We begrudgingly switched to Internet Explorer 6.1 which immediately triggered n-Pass’ promised functions. Our credentials were automatically stored upon returning to Hotmail and other sites. N-pass even recognized that there were account prompts on Trillian throughout the course of reviewing this software.

IE6.1 and n-Pass finally start producing results.

Next we opted to try the auto-submission feature which automatically fills user names and passwords to sites in the n-Pass database, and then submits the login credentials as though you were pressing the submit button yourself. This worked well and cleanly on sites like GMail, Hotmail, Amazon, Newegg and Twitter.

Unfortunately, though, we ran into a spat of trouble when we went back and attempted another registration on Icrontic. We cleared out our records and started fresh as though we were a brand new user registering for the first time. In order to register, a user must first pass by the main forum page which has login prompts for existing users; n-Pass picked up on this and attempted to save a record for these boxes. As we had no user name and password to provide as a new user, we ignored the prompt but did not hit cancel, as cancelling the auto-save function tells n-Pass to disable auto-fill for future login attempts. Obviously, we would enjoy this feature once registered, so we moved ahead while n-Pass created a record for Icrontic composed of an empty user name and password. When we came to the screen to enter our new account information, n-Pass hammered the registration screen — which also prompts for a user name and password — with submission attempts. It brought our very capable test machine to an absolute crawl until we could kill the IE6 process and disable the auto-submission feature. It seemed as though n-Pass was unaware that there were more form elements than just the user name and password. More pleasantly, however, n-Pass processed personal identification and credit card verifications with nary a hitch. Dynamic and single-use forms appear to give n-Pass much more trouble than repetitive forms which always require the same information.

Next page »

Pages: 1 2 3

Tags: applications, security