Software Review: Password Officer 5.0 Deluxe - Page 2
Password Officer 5.0 Deluxe launches Internet Explorer, loads the page, enters the username and password, and even automatically clicks on the "Press Enter to continue" box. When using it with an application, it isn't too difficult to configure but can sometimes require a few minutes of getting the exact sequence of keystrokes, text, enter commands, tabs, etc. I was able to get my Password Officer to launch my SSH GUI client without trouble — a rather nifty use of the application, as some of the accounts I use with the SSH client have very difficult passwords to remember.
Now you may think that anyone could launch your copy of Password Officer, right click on the icon in the systray, and easily connect to your password-protected Web sites and/or applications. Compelson obviously thought of this and put a master password on the encrypted file it uses to store the passwords. This means that if you try to load the password file, you'll need to first enter the master password.
You can also opt to keep the encrypted file locally or on removable media (a USB pen drive might be a good choice). The file itself is relatively small (2 Web sites and one application with keystroke combinations and such created a file of 482 bytes). Even the application itself is small at less than 2MB (including all DLLs needed).
Password Officer can even go so far as to create passwords for you (say you are signing up for a new online account at a Website), with the length and character mix you want (you can specify which special characters are valid), and with one of three algorithms of your choice: Twofish, FIPS 181 DES, or FIPS 181 AES.
There are two drawbacks I've found with Password Officer. The first is its dependency on Internet Explorer for the Web portion of password recall. I'm not fond of Explorer due to the many problems that seem to crop up with it and the many vulnerabilities that have appeared of late. Try as I might, I couldn't get Password Officer to work with Netscape.
The second issue is that it doesn't pick up on application requests for changing the password (at least it didn't detect when the Linux box I was connecting to required a password change). Because it doesn't capture the password change, you have to manually go into Password Officer and change it for that specific application.
Keep in mind that while Password Officer does all the username and password entry for you, it doesn't take care of encryption over the wire. The security of the Web sites users visit and/or the insecurity of clear-text transmittal is still something that needs to be taken into consideration by the ever-vigilant network admin.
That all said, this application could prove beneficial for the administrator that attempts to get users to use their passwords safely. In fact, the administrator could set up all applications to be launched by Password Officer, put in the appropriate information, and off they go. At the very least, it may cause a few "sticky" gardens to fade away.