Security Review: Mandylion Password Manager

By mstie74 at 5:17 pm on January 31, 2008 | 3 Comments

Summary

Password complexity and policy enforcement in today’s enterprise has forced users to take unsecure measures to ensure recollection of the many passwords they use.  Users may put passwords in text files on their computer, re-use old passwords frequently, or write them down on Post-It notes.  Mandylion has created a convenient portable device to help store important passwords while providing military-grade protection for them.

Assets and Security Goals

  • Store and protect passwords entered into the device.
  • Prevent unauthorized users from discovering and reading passwords.
  • Provide portable, easy to use interface for password storage. 
  • Provide generated passwords, password policy enforcement, and password change intervals to the user.

Potential Adversaries

  • Any person who would want to discover passwords for malicious purposes.
  • Any person who may want to cause disruption to user’s work ability by stealing or destroying the device.

Potential Weaknesses

  • Four key keypad is used to enter a five keystroke password to activate the device.  This allows for only 1024 combinations for access.
  • Size of device could potentially make it easy to misplace or be stolen.
  • Adversary may see password as it is displayed by shoulder-surfing.

Potential Defenses

  • Unauthorized access control allows the device to permanently destroy all data when a preset amount of unauthorized access attempts are made.
  • Device attaches to key ring which allows good physical protection due to continuous possession.
  • Device indicates failed activation attempts by displaying a message on the screen following successful activation if it has been tempered with.
  • Limited viewing angle on LCD display may help prevent shoulder-surfing.

Risks

The risk of losing logons and passwords to an adversary could be potentially devastating.  This device has several nice features to protect the data within it should an adversary attempt unauthorized access.  However, if the protection features are not enabled, an adversary could brute force the device in a relatively short period of time and gain access to all the information within it.

Conclusion

The Mandylion Password Manager is surely a convenient device for the storage of passwords.  The password entry may be difficult due to the limited keypad and size of the device but the manufacturer states it is simple.  The protection built into the system was designed to meet Military standards and, if used properly, could definitely provide more than adequate protection.  When used in an enterprise environment, the configuration utilities can ensure password policy enforcement as well.

Filed under: Security Reviews3 Comments »

3 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by David St. Hilaire

    February 3, 2008 @ 12:27 pm

    In my opinion this device has some nice features for enterprise use, but has serious drawbacks that would prevent me from buying one.
    First, it only manages 50 logons. While this may sound like plenty, if I was to use this as my only password depository I would quickly run out putting me back into the situation I currently am where many sites/items share similar passwords.
    Second, passwords are limited to 14 characters or namespaces. If I was paranoid enough about security to buy this device and knew that I didn’t need to remember my passwords because they were stored on the fob, i would definitely want the capability for a longer limit than this (as it is, a number of my passwords wouldn’t fit on the fob).
    Third, it appears easy to misplace or steal. Though you can turn on a “self-destruct” feature that will erase the passwords if too many false attempts are made, i would be wary about turning on the feature unless they include a lock feature for the keys. Otherwise it could easily end up getting reset while in my pocket or backpack or even from my tendency to fiddle with anything in my hands.
    Lastly, how do I know that I can trust the randomness of the random password generator? A changing “strong” password is useless if my adversary can use his password manager to get the same sequence of passwords.

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Fabian

    February 3, 2008 @ 1:54 pm

    I think this is not a device for any individuals with important position or ones that hold secret information. As the blog said, a loss of this device could mean a devastating experience. The company can integrate a strong encryption technique to secure the content of the device. But it can be eventually cracked open. This device can either an extra help or an extra liability depending on the situation. If a legitimate/true user forgets the password to this device, then what will he/she do to gain access? Adding a complete reset features might not be a good solution.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Chad Mackley

    February 3, 2008 @ 5:12 pm

    I think it’s also important to point out that if the adversary can obtain the Manager and the Master Password, then all of the passwords have been compromised. Recovering from this would be much more involved than recovering from loosing one of multiple shared passwords.

    Also, obtaining the Manager and Master Password would prove difficult for an outside adversary yet for a coworker, it is definitely possible. With only 4 buttons to push and a password length of 5, watching and memorizing a coworkers password would prove relatively easy. At that point, the adversary would only need the coworker to forget his Manager on his desk for a few minutes to copy down a few passwords.

RSS feed for comments on this post