Password overload got you down? Looking for relief without resorting to Post-it notes? Mandylion Labs\u2019 \u00fcber password manager promises a simple, secure method to manage password proliferation, and the gizmo can generate passwords based on administrator-specified schemas. The U.S. Defense Department has deemed the token secure enough for use in its facilities, but it\u2019s not for everyone. We\u2019ll tell you why.\n\nLove \u2019em or hate \u2019em, passwords are our central means to access everything: e-mail, VPNs and physical entrance to company facilities. But passwords have an inherent weakness: They are under users\u2019 control (think \u201cPost-it notes\u201d) and are therefore largely out of reach of administrators. In most cases, the best IT can do is create a functional password policy and cross its fingers.\nThat\u2019s where Mandylion Labs comes in; its device aims to help users generate strong passwords and store them in one secure place. The Mandylion system consists of \u201ctokens\u201d that store and generate cryptographically strong passwords, with a PC-based application and a USB connection.\n\n\nIf your company demands extremely strong passwords and regular access to a wide variety of systems, this is a valuable product to consider. Users who manage a minimal number of passwords may find the Mandylion manager helpful in remembering log-ins\u2014but it could also be more effort than it\u2019s worth. \n\n\nThe Mandylion token weighs less than 1 ounce. It\u2019s also small, at just 2.5 inches long. It looks like a purple plastic automobile remote door lock, with a notch at its base so you can throw it onto a key ring. The token has a tiny LCD display above its five-button navigation mechanism (four directional buttons and an Enter key).\n\n\nAdministrators initialize the tokens via the Mandylion cradle. They configure specific users or groups by entering up to 50 log-in record accounts, user names and password parameters into the Policy Master software. You can manually assign a password to log-in records or automatically generate passwords that meet structured or randomized guidelines. Passwords can be up to 14 characters long, using any ASCII character. Administrators can require users to change the password at regular intervals such as 30 days or 90 days. (We didn\u2019t have the token long enough to evaluate the renewal prompts.) \nA new user is prompted to enter and confirm a five-digit access code using the directional keys. Then he must update the passwords on applications and websites with the ones supplied by the token.\n\n\nAdministrators can lock the log-in records for specific users so that names and accounts cannot be modified without the admin Policy Master template. Network admins can also decide whether the token should be used strictly for work purposes (by blocking the users from entering personal log-in records) or if users can input new records themselves. \n\n\n\nWhy You Want One of These\nAccording to the company, Mandylion\u2019s password manager solution was designed for the U.S. Department of Defense. Its main strengths are its multilevel, \u201cdefense-in-depth\u201d security safeguards. We appreciate the level to which you can customize these safeguards.\n\nFor instance, the token\u2019s five-button code is not in itself particularly secure. A determined hacker could easily run through the list of possible combinations. However, depending on the level of security required, administrators can set the device to lock after one, three, five or 10 failed log-in attempts, and optionally erase the token\u2019s contents. An erased device can be \u201creprogrammed\u201d only by the user (if company policies permit it) or re-initialized by an administrator. \n\nBecause there is no bilateral communication between the token, cradle or software, one component cannot be used to pull information from, or to \u201cinterrogate\u201d another.\n\n\nOrganizations whose security policies prohibit passwords from being documented can employ the token as a password reminder using a system of offsets. For instance, users can be taught that all uppercase letters should be read as lowercase. Or the user could be instructed to add five sequential letters to uppercase letters. Using these offsets, a password that reads ABDE123A on the device might actually be fgij123f.\n\n\nOne cool feature lets users know if their tokens have been tampered with. If an incorrect log-in attempt is registered, the word \u201cTampered\u201d appears on the screen the next time the correct access code is entered.\n\n\nAnother plus is that the token\u2019s memory is unaffected by battery life or power loss. According to Mandylion, the token\u2019s battery should last for a year of regular daily use, at which time a new, 3-volt \u201ccoin cell\u201d style lithium battery can be inserted with no effect on the log-in records.\n\n\n\nWhy You Might Not Want One\nOur biggest complaint is one of trust: We never felt completely comfortable relying solely on the token. One reason was that we encountered issues with template settings that caused new passwords to be generated without initiation. To be fair, we were constantly creating new templates, associating them with our token and then running tests, which is atypical. We also had problems with passwords that we entered manually via the Policy Master software; we couldn\u2019t edit the passwords using the token\u2019s directional buttons. We could not auto-generate new passwords for these records; the token generated only a blank field or, in some instances, two or three characters that didn\u2019t fit any default password guidelines or any others we\u2019d specified. Mandylion is aware of this last issue and says it plans to address it in a later release.\n\nMany organizations rely on users to change their passwords. That\u2019s how the Mandylion token is designed, too. But administrators can\u2019t ensure users actually are updating passwords, unless password policy is assigned on the server. \n\nEntering log-in records is easy. However, typing in new records or editing existing ones on the token was a task we quickly learned to avoid. The token\u2019s gum-rubber buttons are not particularly responsive, and scrolling through 50 records could drive even the most patient CIO to tears. To edit an existing record, you must scroll through the entire alphabet until you find what you\u2019re looking for. \n\n\nLike the token\u2019s password field, both the account name and user or log-in name fields are limited to 14 characters. This was frustrating, as we have several longer log-ins. \n\n\nSince the token doesn\u2019t communicate with the user\u2019s PC or even the Policy Master template beyond the unilateral communications when transferring records, an administrator has no way to know if a token is compromised. You can\u2019t know whether the device was stolen and is being hacked, or if it rolled under a user\u2019s car seat.\n\n\nThe size and shape of the Mandylion token is suitable. If you don\u2019t keep very many keys on your key ring it won\u2019t be a problem, but it was somewhat awkward when attached to a ring with many keys. The token also feels rather delicate; after only a week and a half of regular use, it was a bit dinged up.\n\nFinally, Mandylion\u2019s password manager works only with PCs, so Mac and Linux users will want to steer clear.\n\n\nWould We Buy One? Probably Not\nPasswords are imperfect. They depend on people to secure and update them regularly. However, tools like the Mandylion password manager help administrators ensure that users comply with password security policies by making it as easy as possible.\n\nUsers must change passwords on their own, so this device is very much human dependent. But users who make Mandylion\u2019s solution a part of their routine will benefit from its strong password-generation capabilities and security safeguards. The Mandylion token could also be an invaluable tool for users in extremely sensitive environments with large numbers of log-in records. However, average users\u2014or users with 10 or fewer regularly used passwords, like us\u2014may be better off sticking with the good old-fashioned memory found inside your head.\n\n\nEmpty Mandylion Policy Master Template\nThe problems we encountered seemed to stem from the software\u2019s advanced features. Users who are simply handed a preconfigured token (with all editing functions locked) will find the token very simple to use, if a bit frustrating to navigate. However, administrators working with group templates may consider the Policy Master unwieldy.\n\n\nOverall, we were impressed with the \u201cdefense-in-depth\u201d approach to password security that Mandylion\u2019s password manager affords. However, we encountered enough issues with unintended password regeneration and editing that we would be hesitant to rely solely on the token for our authentication needs.