|
Security solutionsSeveral inexpensive solutions can lock your Palm up tight by Shawn Barnett Posted May 23, 2003
Now don't expect some great research project here, it's just time to introduce a few simple and effective security products that will provide decent security for your Palm OS device in case it is lost or stolen. As you read on pages 52 and 53, I lost my Palm recently and it sent me reeling. I had all my passwords protected in an encrypted database product called eWallet. I'm happy to report that there's no evidence that any of this information has been compromised, and I've been able to change all of the data since, so a successful hacker would get little more than an irrelevant and ineffectual collection of my old usernames and passwords.
I've known about eWallet the longest, so we'll start there. The premise is simple. You save your Web passwords, credit cards, email info, and other personal data-even your locker combination-in a database that can only be opened if you supply the password. This is the one password that you need to remember on your own, but the good news is that you can create a greater variety of higher quality passwords when you have a cool program to carry them around at the ready. Security experts suggest that the best encryption can be created using an eight digit "word" that includes random numbers and both upper and lower case letters; I put "word" in quotes because it's better if it's not a recognizable word at all. Having eWallet means that you can create completely unique passwords instead of the same one across multiple accounts for greater security and quick lookup. As more and more sites require passwords, such encrypted databases are indispensable.
eWallet uses 128 bit RC4 encryption. The password is not accessible anywhere on the device, since it's stored in a "hash." Okay, don't ask me what that is, but let's just say that you can't just look at the file with a text editor or even decompiler and find out what the password is, as you can do with some programs. It uses some sincerely modern technology that's tested and re-tested all the time for vulnerability.
eWallet, available across handheld platforms (PPC, HPC, and Palm), also has a desktop companion when you purchase the Professional Edition. Data is synced between the two computers, and can be entered in either location for easy maintenance. The same password is used to open the file on both platforms, of course.
It also has nifty icons you can use to more clearly mark the type of file you're looking at. A few come with the program, and more can be downloaded from the company website. Sounds can also be associated with each card you create, but I'm not sure of the benefit there. Users of old, monochrome Palms should bear in mind that these graphics take up more space on their handheld. More useful is eWallet's built-in feature to hide the password on the open card until you click the Show button. Helps protect against someone looking over your shoulder.
The desktop version can include live URL links, so you can click on the site and launch your browser. You can also have AutoPass enter your password for you. It's a great product that gives you a sense of security, yet it's easy to use. For Palm, Pocket PC, or desktop alone the price is US$19.95. For the Professional Edition, which includes a handheld and desktop version: US$29.95. www.iliumsoft.com
Cloak requires less explanation, since the concept is the same. A database stores your personal information and syncs it with your PC. Cloak uses 128 bit Blowfish encryption, and also stores your password in a hash. Though Cloak doesn't have the Show button, I do appreciate that they have fewer categories to choose from; it makes it easier to find the type of card I want so I can quickly enter the password and go. I also like the simple, graphics-free interface on both the PC and Palm, as well as the wide scroll bar, something other Palm OS programs need do adopt.
Unique to Cloak is the ability to beam records to other Cloak users, as well as email encrypted vCloak files. Passwords can then be distributed in encrypted form over an otherwise insecure email network.
I forgot to mention that both Cloak and eWallet will close when the unit is powered off for greater security. Cloak comes with both desktop and handheld versions for US$19.95. www.chapura.com
If you really want to lock things down, PDA Defense goes a lot further. It completely integrates with your PDA, taking over the Palm's built in security, offering anywhere from 64 bit, 128 bit, and 512 bit Blowfish encryption, depending on version.
I can't go into all the details, but the program's capabilities are extensive. Perhaps the most interesting to me is the Bit-wiping "bomb" that can be set, which will destroy all data based on user-selectable parameters. If the password is entered incorrectly more than a set number of times, or if the unit hasn't been HotSynced for a set number of days, the data gets deleted completely. You can choose to encrypt all your data files, or just a select few; you can even encrypt many program files and data on your removable media.
One of the drawbacks of encrypting your data files is that, on the Dragonball 33MHz units at least, data files open more slowly, like the Address Book. My 1067-entry database takes about three seconds to open. Not a big deal, but slower than the average Palm user is used to. Once it's been decrypted, it isn't re-encrypted until the program locks the system down again, either on system timeout or when the user selects. In my case, it's after two hours. You can also require a password before certain applications are even launchable. The Enterprise version has many options for IT departments wanting to regulate what their users can access, and just what security settings are implemented companywide. They can even have a company logo display on the software. Standard is US$19.95, Pro is US$29.95. Enterprise versions vary by application. www.pdadefense.com - -Shawn Barnett
| |||
[Homepage] All contents ©1995-2003 Pen Computing Magazine, Inc. All rights reserved. |