Vienna, Va. (October 24, 2005):
Mandylion Research Labs, LLC today announced that its Password Manager token has received a favorable mention in the print edition of the
Wall Street Journal. In a Special Section,
”Technology; a Better Idea” of the October 24, 2005 edition, Journal writer
Marcelo Prince did an in-depth look at how in an era of heightened awareness of protecting online data, how large enterprises are coping with the proliferation of passwords and the burden it is placing on employees to comply with modern password policies. In this article, Prince provided an overview of the various methods and technologies corporations are utilizing to mitigate the burden of maintaining multiple passwords in a secure environment. In the section on
Password Tokens, writer Prince spoke only the Mandylion solution and devoted 7 paragraphs of the article to describe its features and the advantages of its use. The Mandylion token compared favorably to the other technologies reviewed including password synchronization software, single sign on systems and shareware programs such as
Password Safe and Roboform which act as “password wallets.”
Receiving such coveted exposure highlights Mandylion Labs’ growing presence in the security marketplace and reflects its innovative approach to secure password use and management, a significant issue facing virtually every enterprise. The article quoted Joseph Grajewski, President of Mandylion Labs, describing the advantages of password token solutions:
“…One advantage these devices offer is that they put stored passwords beyond the reach of hackers." "If a password is on the PC, it's in harm's way," says Joe Grajewski, president of Mandylion Research Labs LLC, of Oakton, Va.”
The Journal article describes in detail the features of the Mandylion Password Manager token:
“The token has a built-in password generator that creates random alphanumeric passwords; users can set parameters, such as length and the number of special characters like semicolons and dollar signs. Users can also enter passwords that are up to 14 characters long. The device can be placed in a cradle that hooks up to a PC; the user types the passwords on the PC and they are stored in the device. The passwords can also be entered using buttons on the token.”
“The tokens can prompt users to change their passwords at preset intervals, or automatically create new ones if desired. Users, however, must still type the passwords into their computers when needed and manually reset them as necessary on their PCs.”
“To view the passwords on the token's screen, users must press the five buttons on the token in a secret sequence that they create. The token can be programmed to erase its contents or prevent access for several hours after someone tries to unlock the token but presses the buttons incorrectly too many times.”
The full review and review comments from this article can be viewed online at:
“The focus as a Company and its innovative products is to improve cyber security and convenience as it relates to password use.” “As evidenced the DoD’s continued support of the technology, it's clear that we've succeeded,” said
Joseph Grajewski, president of Mandylion. “This success is a significant milestone for us as it underscores our continued leadership in password security and user authentication market.”
David Schoenbrot, Vice President of Mandylion added, “ Weak and carelessly managed passwords are now considered by the FBI as the No.2 vulnerability threatening our national computing infrastructure.” “The
GAO continues to report to Congress that Federal Information Security each Agency of the Federal Government continues to have systemic and significant security risks due to poor password management by the Federal Agency’s employees.”
Schoenbrot defended the Agency’s poor showing by adding “Before we developed our patent pending technology, there was no real effective way to address this threat while at the same time providing the user with convenience.” “Because no technology existed, it was a “do as I say, not as I do ”attitude toward proper security.” “Now we have enabling technology which can truly advance
Federal Information Security Policy by creating a culture of security among its computer users.”
About the Product
Mandylion Labs’ developed and patented this innovative and inexpensive password manager in a three year development effort. It is a key chain sized device that helps any user instantly create cryptographically strong passwords that immediately work with any web site, login or system. A key feature is that the device provides for the secure and convenient storage of a user’s passwords along with their automatic update. It was designed to do away with the inherent weaknesses traditionally associated with the use of passwords; namely the individual being asked to create, remember and regularly change their passwords. Passwords created with the device thwart all known brute force and dictionary type hacking attacks.
The token generates and manages up to 50 simultaneous login records. It is completely air-gapped from any system and fully self contained. To ensure purely random passcodes, algorithms embedded within the token’s firmware continuously sense and take input from the user's random and unique interaction with the device. This random data is utilized by the algorithms in generating passwords that can be throttled to meet any password policy as to length, composition and renewal period.
It is more than a smart card. It works instantly with
any login, any system and requires no client or
host software or apparatus. There is nothing to
The device allows security administrators to set the preferences and policies of each device on behalf of the user. This eliminates the need for the user to perform their own configuration of the unit.
Responding to U.S. combatant commanders’ concerns over the importance of cryptographically strong passwords in multinational environments, the Coalition Information Assurance-Common Operational Picture (C-IA COP) ACTD matured the commercially available device into an enterprise-grade tool.
After surveying the commercial marketplace, the C-IA COP ACTD found a close fit with the Mandylion Password Managers from Mandylion Research Labs, which were already in use by many DoD activities.
The ACTD matured the technology from “cult gadget” into an enterprise tool via participation and feedback in two worldwide military exercises, the Joint Warfare Interoperability Demonstration and over 60 DoD and civilian agency pilot programs funded by the ACTD.
The Army in late 2003 issued a regulation
officially sanctioning the use of password
generator tokens when used as memory aides.
While other information security products generally address only specific threats, Mandylion’s products improve the entire baseline level of data security for the enterprise. Further, with studies that show that now half of all help desk support calls are for password resets, the device has become a tool of cost containment for runaway tech support costs. Tokens, cradles and software are sold separately, and users can mix and match them to meet configuration requirements. Tokens cost $19.74 each, and cradles cost $269. Mandylion recommends that customers buy one cradle for every 25 tokens.
The Policy Master Configuration software is licensed in two-user, 25-user, 100-user and 500-user increments, with per-user pricing averaging $34. The total cost for tokens, cradles and software for a typical 100-user installation is about $65 per user. For a typical 500-user installation, the cost is about $45 per user.
About Mandylion Labs
The idea was inspired. Yet so simple. Rather than search to replace the use of passwords, just make them more convenient to use while removing the vulnerabilities associated with them. In 1998, Mandylion Labs originated this simple and intuitive concept toward password management. Today, we're a recognized as the leading innovator in access control utilizing durable password techniques. Government, Corporations and ISPs use our solutions to reduce the cost and complexity of managing their access control systems in the Window NT and Unix and Linux environments while increasing the enterprise's entire baseline of data security. With a web-centric economy pushing along expanding volumes of confidential information which is only separated from the public domain by an easily forgotten or worse, a hackable password, Mandylion’s solutions couldn't have come at a better time.
The apparatus and methods developed by the Company (5 separate patents pending effective 7/99 et al)
inexpensively provide computer users with convenience, privacy and security in the management
of their web site and LAN/WAN login passwords.
The Company is located in Vienna, Va. Our number is 703 – 628 4284.
Our e-mail address is