Software Review: Password Officer 5.0 Deluxe
Compelson Laboratories crafts an application that can help foster proper password security within an organization. The days of the 'password sticky note' may be coming to an end, much to the relief of security pros.
As administrators and dispensers of technical support help, we often face one particular challenge that makes us want to pull our hair out: convincing our users of the importance of good password security. It is a challenge we've all faced at one point or another.
Users end up doing one of two bad extremes. The first is the usage of known information as a password, such as using their SSN, birthdate, username, spouse/partner's name, child's name, etc. Or worse, they'll use dictionary words such as "password" (the most common dictionary word) or no password at all (blank).
On the other side are the users that single-handedly keep 3M and other "sticky" manufacturers happy. Their monitors are gardens of colorful stickies that hold everything from reminders of anniversaries, projects, and shopping lists to account information, passwords, and PINs — all in plain sight!
Some figure they will be creative and hide their passwords under their keyboards, behind their computers, or in their top desk drawers. This is particularly true when administrators provide users with longer, more complex passwords. Users have notoriously short memories and seem to have difficultly remembering a password even if they use the same one for months. So how do administrators go about resolving the password challenge?
Compelson Laboratories has come up with a pretty nifty tool called Password Officer 5.0 Deluxe that is designed to remember passwords for users and store them in an encrypted file. The program is intelligent enough to know which applications and/or Web sites are associated with which usernames and passwords. It can also optionally be used with a smart card environment.
Password Officer 5.0 Deluxe is for Windows-based systems (Windows 95, 98, ME, NT, XP) and interacts with Internet Explorer as its browser of choice (more on this later in the article). It has two "installs": one is the standard double-click and install into the system, while the other is to use the product directly from disk (useful for users who don't have administrative rights on their NT/XP boxes — which was my situation).
I decided to experiment with it on a few Web sites and a few applications. Once I set up the sites and applications, I selected the option for them to reside in the systray. This meant I could now just go to the icon and select which site I want, and, viola, I was in!