TheVault

Password are used everywhere. While they can be used to ensure secure authentication, there are many things that can diminish their usefulness to the point that they are useless. Here are a few problems with passwords:

  • Short passwords: Short passwords are easy to remember but also easy to crack. Currently the minimum length of a "secure" password is considered to be eight characters if it contains upper case, lower case, numbers, and special characters. However, as computing power increases, the length of time that it takes to crack an eight password decreases. For this reason, more and more organizations are starting to push for 10 character passwords while others are moving to even longer passphrases.
  • Too many passwords: Passwords are used everywhere. The average person has so many passwords, they find it very difficult to remember them all. As a result, users often make poor security choices such as:
    • Reusing the same password: When the same password is used for multiple applications, a single compromise can put many other systems at risk. This is bad enough when the same password is used for applications at the same security level, such as personal email and social media accounts. However, it is much worse when applications are at different security levels. For example, if users use the same password for their social networking site login and their corporate VPN account.
    • Writing passwords down: When overwhelmed with numerous passwords, some users start writing them down or putting them in insecure files that can be easily accessed by others.
    • Failing to change them regularly: Unchanged passwords can allow unauthorzed users to have long-term access to systems.
    • Using a highly predictable pattern to create new passwords: Similar to reusing passwords and writing passwords down, using the same simple pattern to create passwords can allow attackers to gain access to multiple systems and retain that access indefinitely.
  • Multiple devices: Multiple devices complicate password management. Many applications have the option to remember a user's password. For example, email clients and web browsers often do so. However, when users have multiple devices, changing passwords becomes a real nuisance since the password needs to be manually synchronized and changed in multiple places.
  • Insecure password storage: While many application will store users' passwords, they often do little to protect them and are easily compromised.

To help address these and other issues associated with password management, we created TheVault.

TheVault

TheVault is a password management application that allows you to securely store your passwords using AES encryption and access them from any supported system that you use. It is built with security in mind and offers the following features:

  • AES 256 encryption
  • Two factor authentication using one-time tokens and/or key files
  • TLS encrypted communications for synchronization
  • Auto-synchronization across all your systems (Windows, Mac, Android, iPhone/iPad)
  • Optional manual synchronization via network share or portable media
  • Auto-login and drag-and-drop login options
  • Secure storage of miscellaneous notes
  • Works with both local and web applications

TheVault requires users to remember just one password. All other passwords are managed by it. After login into TheVault (using one or two factor authentication), users only have to click on one of the managed accounts. TheVault then automatically logs into that account or allows the user to drag and drop the user's username and masked password into the corresponding fields after it automatically opens the application.

To prevent unauthorized access to credentials, TheVault can be configured to require a one-time token each time the application is accessed. And, to prevent key loggers from capturing your keystrokes while you enter your password for TheVault, the on-screen keyboard option can be used.

This is a BETA version and is not currently supported. The production version is expected to be released in the first quarter of 2015. Please check back then. Apple and Android versions will be avalaible at a later date.

For more information or to request a demostration, please contact us at: