Saturday, 3 March 2012

MyLok Personal Edition Review | Technology News

MyLok is an unconventional alternative as far as password management solutions are concerned. It is completely portable, like most software in this category, but the application works only in correlation with a custom USB storage device issued by the developer, ii2P.

Sensitive information is not stored on the USB device, though. There is a built-in smart card for this, which can hold more than 250 passwords and IDs. Security of the data is achieved through on-chip encryption by a microprocessor running MULTOS (Multi Operating System); in addition, the microprocessor can self-destruct if tampered with.

Our tests were conducted on MyLok Personal edition, which is available for the price of $89.95 (€70). It features a 4GB USB drive that can be used for storing any file you want, since it does not interfere in any way with the sensitive information saved on the smart card.

Before using the application, you have to go through a registration process, which requires Internet connection and details about the USB device, such as serial number. Also, this is where you make the security settings for the device: two security questions and a PIN number which is asked each time you launch the software.

One of the biggest drawbacks of MyLok is easily noticeable right off the bat, since there is no way to import login data from other applications and you have to build up the database manually.

Looks are quite dull, showing the developer’s clear focus on functionality rather than aesthetics and versatility of the product is proof of this.

Review image Review image Review image

MyLok Manager is easy to handle and comes with a very simple menu, which lets you add to the database ID information and login credentials for both desktop applications and the web. There is a simple configuration panel that allows you to change the security questions and the PIN set during registration and reset the smart card to factory defaults (you need to know the default PIN to continue using the application).

Furthermore, the application sports backup and restore capabilities. Configuring the application is not a tough thing. The options let you set the length of the countersign created by the built-in password generator, enable automatic backup, log in and auto-launch dialog.

Unlike other password management alternatives, MyLok does not come with support for all popular web browsers. It only works with Internet Explorer and Mozilla Firefox, and not with all versions.

The application is not compatible with 64-bit IE and up until recently, it had no support for Firefox 8.0 and above. The latest version of MyLok, however, works with all versions of Mozilla’s browser, up to 9.0.1. However, the developer promises support for Chrome in the near future (late February of 2012).

Since it integrates in the aforementioned web browsers, working with the application is quite easy. In fact, you won’t be needing the manager too much, since adding new login credentials is done strictly with the web application.

As soon as you punch in the login credentials, a MyLok window should pop up allowing you to include them in the database. If no window pops up, like in our case with SpiderOak, you can add the details through a more “manual” approach: access “Register Credentials” function in the web app’s menu.

If credentials have been captured, the window opening up has the details already punched in, and you cannot edit them in any way. However, you can rename the profile name and the title of the entry. Furthermore, the entry can be added in the bookmarks section of the application, for easy access. All entries can be grouped in folders, for better organization. The window shows the input fields detected and the values.

Review image Review image Review image

During most of our testing MyLok managed to capture the credentials of a login screen or allowed us to expand the database through the “manual” approach instead. However, there were cases when we could not add credentials to the database.

Such instances included logging into Twitter and Hotmail accounts. Furthermore, working with the application in Internet Explorer on Windows 7 Professional and signing into Facebook caused the browser to crash. No such events were recorded when using a different auto-filler or when typing in the credentials manually.

One of the advantages MyLok offers over other password handlers on the market is support for split credentials. This allows you to register accounts that require multiple steps for logging in. The feature targets websites requiring an additional step to log in, such as the answer to a secret question, besides the standard user name and password.

The built-in password generator is rather limited in features compared to other alternatives. It can automatically create a non-editable, obfuscated string of characters based on internal algorithms, but you do not have any input in this. Nonetheless, you can build your own password through the virtual keyboard at your disposal.

Still on the downside, password generation can be done only for the accounts already available in the database. This means that it cannot be used to render countersigns when creating an account.

MyLok’s automatic fill-in abilities are not limited to web accounts, as the application can also handle desktop applications. It does not work with all programs, but you can use it with those that do not have complicated log-in forms.

Unlike web accounts, typing in the user name and password or storing the credentials is through keyboard shortcuts done in this case, which can be changed to your liking. Furthermore, for increased security, you can set MyLok to ask for the PIN number before signing into an application. This is also required to access MyLok Manager’s interface.

But not the same rule applies to the web app lodged in the browser’s interface, which can be used unhindered with stored bookmarks and identities after the initial validation of the PIN.

Review image Review image Review image
Review image

The Good

Security of the credentials database is impressive, with on-chip encryption (microprocessor running MULTOS operating system) and a PIN that is protected against brute-force attacks; PIN is blocked at the fifth incorrect attempt and can be unlocked only by ii2P.

The application features backup and restore, auto-fill for both account credentials (split log-ins supported) and IDs and comes with support for desktop applications.

It is completely portable and works with portable versions of web browsers as well. Accounts can be stored as bookmarks and are available straight from the web app.

The built-in virtual keyboard ensures that your information is kept secret from loggers, as MyLOK does not simulate the keystrokes to auto-populate your user ID and password fields.

The Bad

Access to the web app in the browser and the bookmarks it holds is unrestricted after punching the PIN upon launching the app. Storage is limited to the capacity of the EEPROM card, which is under 40KB.

You can now use it only with Internet Explorer 32-bit and Mozilla Firefox. IE crashed during our tests a short time after logging into Facebook with MyLok.

Automatic generation of new passwords can be done only for the accounts already available in the database. There are no options at your disposal, except for typing in the new countersign yourself, through the virtual keyboard.

The Truth

MyLok is quite different from what we’ve seen. It brings to the table state-of-the-art encryption technology and offers comfortable methods for logging into a web account or a desktop application.

But, on the downside, it is kind of rigid in terms of options and features. The hardware part of this password management setup is top notch, but the software side needs to be improved at a rapid pace in order to catch up with the rest of the competition; there is plenty of potential to move to pole-position as well.

No comments:

Post a Comment