Enabling Compliance with Password Policies
Mandylion Research Labs
  Main | Products | Purchase | Regulatory Compliance | Company Info | News

Platform Components




The Tokens

Configuration Utilities



www mandylionlabs.com

The Mandylion token has been designed from the ground up for policy compliant access and use password controlled applications. It does away with the inherent weaknesses associated with passwords; the reliance on the individual to create, remember and regularly change them..

The Mandylion token works instantly and requires no client software or hardware. It empowers the end user to comply with all password construction requirements..

The basic features of the Mandylion Password Management tool:

bullet Manages up to 50 Login Records Simultaneously
bullet Generates Cryptographically Strong Passwords
bullet Manages Root and Group Passwords
bullet Trusted Storage Pre-Configurable on Behalf of User or Self Configurable
bullet Recoverable Automatic Tamper & Destroy Security Functions
bullet Multi-Layer, Defense-in-Depth Approach
bullet Permanent memory unaffected by battery life or loss of power.

It’s a Proven Solution! Mandylion is the only password manager token tested and matured by a DoD research program and deployed to thousands of DoD and Federal Personnel.

Generates Strong Passwords! Kinetic circuitry actually senses your use of the unit. This aids the unit’s processor in the generation of strong passwords which thwart all known password cracking techniques including dictionary and brute force approaches. Passwords can be any length up to 14 characters or namespaces.

It's Convenient! It securely stores and displays up to 50 passwords, PIN-s, phone numbers or security codes and keys. Convenient key-chain size lets you keep it securely under your physical control right along with your "regular" keys.

It's Secure! Because only you can turn it on. It's temper resistant inside and out. Unit can be set to lock out intruders.

It Can Make Up Passwords for You. A built-in password generator helps you create long length "non-word" passwords to be used with any login. (You can even set the parameters such as length, alpha numeric. special character and positioning)

Preconfigurable. Can be configured by the organization on behalf of the user. Handles incremental updates as well as group passwords. The enterprise can control what the user can modify on the token.

It's Automatic! Prompts you to change your password at preset intervals, then can automatically create a new one, if desired (Govt. prescribed renewal intervals are built-in selections)

It's Intuitive! Designed from the ground up as the world's first personal manager. Along with each password , it can store the site's name, your user ID and account number. Easy to use interface allows for quick display of most frequently used passwords

It's a Total Protection System. Designed in conformity with stringent U.S. Military, National Institute of Standards and Technology and National Security Agency standards for the secure creation, management and use of passwords.

Tamper Resistant. Only the authorized user it is assigned to can turn it on. Circuitry is designed to thwart electronic bypass. Unit has user selectable lockout settings.

It Works Immediately. No software needed. Nothing to install. Can be instantly used with any Web site, intranet or system, that requires user-input passwords for access. Works with all standard user login methods.

Carefree Operation. Uses standard batteries. Batteries last about a year with daily use. All passwords and settings are stored in permanent and protected memory which is unaffected by battery life loss of power.

Configuration Utility and Cradle. The autoload version of the token can be configured either manually on the token itself or via the Policy Master Configuration Utility and downloaded to the token.

Operation is Simple and Intuitive. You can use it to add convenience while improving your security anywhere you use passwords, PINs or pass codes.
(back to top)

Use of the Mandylion solution provides three benefits:

User and Administrator Convenience. Currently, passwords are an inconvenience and a burden for the average computer user. Policy is clear; compliance is difficult. The Mandylion token empowers the user to comply with IA access control policy not through enforcement, but through convenience. Empowering the user to comply with strong password policy helps promulgate the IA message vs. defeat or erode it with "human" work arounds.

For the network administrator, it is the only solution which professionally and securely manages root passwords and logins under shared control.

Information Assurance. Poorly constructed passwords that are not well managed are an inherent weakness and significant vulnerability to the information Assurance infrastructure. Regardless of the encrypted transmission techniques employed in its transport, the captured cipher text of a cryptographically weak password is easily discerned and obtained through a brute force attack. read more

Cost Savings. Password reset costs are a significant portion of the help desk budget. The Mandylion token empowers the user to literally and securely keep these codes at their fingertips.
read more

Easy Implementation. Works instantly with all standard user login methods. Because it's standalone apparatus, you can independently use with any Web site or host. Hosts and Web sites seeking enhanced access control can easily incorporate it into their existing login methods.

Instantly Creates Strong Security Policy. In work environments, distribution and surrender of units can be integrated with personnel procedure to ensure that access is being properly authorized and further, being properly terminated on timely basis.
(back to top)

© 1999 - 2006, Mandylion Research Labs, LLC. All rights reserved.