Why You Want One of These
According to the company, Mandylion’s password manager solution was designed for the U.S. Department of Defense. Its main strengths are its multilevel, “defense-in-depth” security safeguards. We appreciate the level to which you can customize these safeguards.

For instance, the token’s five-button code is not in itself particularly secure. A determined hacker could easily run through the list of possible combinations. However, depending on the level of security required, administrators can set the device to lock after one, three, five or 10 failed log-in attempts, and optionally erase the token’s contents. An erased device can be “reprogrammed” only by the user (if company policies permit it) or re-initialized by an administrator.

Because there is no bilateral communication between the token, cradle or software, one component cannot be used to pull information from, or to “interrogate” another.

Organizations whose security policies prohibit passwords from being documented can employ the token as a password reminder using a system of offsets. For instance, users can be taught that all uppercase letters should be read as lowercase. Or the user could be instructed to add five sequential letters to uppercase letters. Using these offsets, a password that reads ABDE123A on the device might actually be fgij123f.

One cool feature lets users know if their tokens have been tampered with. If an incorrect log-in attempt is registered, the word “Tampered” appears on the screen the next time the correct access code is entered.

Another plus is that the token’s memory is unaffected by battery life or power loss. According to Mandylion, the token’s battery should last for a year of regular daily use, at which time a new, 3-volt “coin cell” style lithium battery can be inserted with no effect on the log-in records.