Enabling Compliance with Password Policies
Mandylion Research Labs
 
  Main | Products | Purchase | Regulatory Compliance | Company Info | News

 
Welcome to our news section. This archive contains articles that mention our company, products or technology as well as noteworthy articles on the authentication industry
Latest News

Federal Computer Week Review
Leading Federal and State IT Publication reviews Mandylion’s next generation token and states its “ready for enterprise deployment”
more info

Wall Street Journal Review
WSJ article provides overview of how corporations are coping with password overload and favorably describes the Mandylion Token as the hardware token solution. more info

Military Information Technology Magazine
Respected Military Journal Reviews DoD program which matured Mandylion token technology. more info

Civilian Agencies Deploy
The Commerce Department’s National Weather Service, Treasury’s Bureau of Alcohol, Tobacco, Firearms & Explosives and the National Institutes of Health Deploy tokens. more info

DoD Funds Development
Mandylion Labs technology was matured and showcased as part of a 3 year Advance Concept Technology Development and Demonstration Project funded by DoD Advanced Systems and Concepts. more info

How Strong Are Your Passwords? Security experts cite weak passwords as one of the most critical security threats to your infrastructure. But just what is a strong password? Are their tools that can help me audit and quantify my risk? more info
Vienna, Va. (September, 2004):
Under an Advanced Concept Technology Demonstration (ACTD) Program co-sponsored by Defense Information Systems Agency (DISA) and the Office of the Secretary of Defense Advanced Systems and Concepts, US Forces Combatant Commanders’ relayed their desire; a simple and reliable tool which could serve as a secure memory aide in the generation and recall of cryptographically strong passwords in Coalition environments.

An ACTD program is a formal DoD effort that rapidly evaluates and matures commercial technology to meet urgent needs of its warfighters. The ACTD surveyed the commercial marketplace for something similar to the technology requested and found a close fit with the Mandylion Password Managers already in use by many DoD activities.

The ACTD identified the Mandylion tokens as a fresh approach to the password management problem. Believing that the technology showed promise, the ACTD invited Mandylion to participate. Mandylion had no idea, however, of how thoroughly its product would be evaluated, tested and matured in this program.

"Upon the delivery of the first set of requested changes to the technology, Mandylion tokens were pressed into service in a worldwide Military exercise called Joint Warfare Interoperability Demonstration (JWID). The Mandylion tokens received a significant amount interest due to its uncannily simple approach to a very complex and daunting problem, password management. In actual tests, the warfighters gave the technology high grades for its effectiveness and utility.

With this positive feedback from the exercise, the ACTD set up a program to further test the technology in actual field environments while at the same time continuing with its development. 60 DoD activities encompassing all Services and fields of endeavor, from Joint Forces Command activities to the Services Research Labs were identified and approached to participate in the evaluation program. The evaluations commenced in November 2003 and concluded in July of 2004.

The key questions that the ACTD sought to have answered by these evaluations was 1) Was the technology an improvement over what they were currently using to manage their passwords; 2) Did they have alternatives; 3) What would improve the technology; and finally 4) How interested would the sites be in deploying it once it became commercially available. All responses gave the technology high marks for its usability and utility. All sites felt the use of the tokens was a clear improvement over existing methods. All had a desire to immediately deploy the technology in operations.

The feedback provided by the field testing was invaluable. It matured the technology from “cult gadget” into a true enterprise “tool”.

The new token is actually now a platform with a great deal of configuration and integration options. It comes with configuration software and cradles which now allow an administrator to quickly and securely configure multiple tokens on behalf of a group of users. The login policies, user screen names, and the generation, storage and update of up to 50 simultaneous login records can now managed with this next generation token

Compliance with Directives
“In addition to the customer exposure, another benefit of participating in the ACTD is the acceleration of product and technology certifications” stated Mr. David Schoenbrot, Vice President of Mandylion. “With the desire to mature and field successful ACTD technology as rapidly as possible, OSD and our Co-Sponsor DISA, provided invaluable mentoring throughout the various certification and policy reviews” added Schoenbrot.

As it turns out, because the Mandylion technology is not needed to either enforce or enable IA, it required no special certifications for routine use on almost any DoD system. according to the DoD Directive 8500. The Department of the Army issued Army Regulation 25-IA in the Fall of 2003 officially sanctioning the use of password generator tokens, when they are used as memory aides.

Transition from Development to User
Once a technology is matured, the goal of an ACTD shifts from development to transition; to get the technology to the warfighter. The ACTD is currently at that stage with the Mandylion Technology. All efforts are now focused on getting this proven technology that it has been matured to the warfighter as quickly and broadly as possible.

To that end, the ACTD has developed a formal transition and deployment strategy for the Mandylion Technology. In expending OSD resources on the transition, the ACTD hopes that the "early adopters” will further champion the technology within the Services and encourage its even wider adoption within the DoD community. With wide spread use of the technology, the ACTD will have accomplished its mission; identify and mature commercially available technology that meets an identified pressing need and deploy the technology to the warfighter to meet that need identified.

About the Technology
Mandylion Labs’ developed and patented this innovative and inexpensive password manager in a 6 year development effort. It is a key chain sized device that helps any user instantly create cryptographically strong passwords that immediately work with any web site, login or system. To insure purely random passcodes, algorithms embedded within the token’s firmware continuously sense and take input from the user's random and unique interaction with the device. This random data is utilized by the algorithms in generating passwords which can be throttled to meet any password policy as to length, composition and renewal period.

A key feature is that the device functions as a memory aide to the secure and convenient storage of a user’s passwords along with their automatic update. The technology was designed to do away with the inherent weaknesses traditionally associated with the use of passwords; namely the individual being asked to create, remember and regularly change their passwords. Passwords created with the device thwart all known brute force and dictionary type hacking attacks.

Originally developed for U.S. military and national security applications, more advanced versions of the device have the ability to embed user identifying watermarks within the passwords generated. The biometric version of the unit can asymmetrically bio-authenticate the individual logging in to an ordinary web site.

About Mandylion Labs
In 1998, Mandylion Labs originated a simple and intuitive concept toward password management. Today, we're a recognized as the leading innovator in access control utilizing durable password techniques. Government, Corporations and ISPs use our solutions to reduce the cost and complexity of managing their access control systems in the Window NT and Unix and Linux environments while increasing the enterprise's entire baseline of data security. Mandylion products provide organizations with a least cost compliance tool with the information assurance requirements of Sarbanes Oxley, Gramm-Leach Bliley, FISMA (Federal Information Security Management Act).

The Company is located in Vienna, Va. Our number is 703 – 628 4284.
Our e-mail address is info@mandylionlabs.com

Back to Press
 
© 1999 - 2006, Mandylion Research Labs, LLC. All rights reserved.