IBM Client Security Solutions. Password Manager Version 1.4 User s Guide

IBM

Client

Security

Solutions

Password

Manager

Version

1.4

User’s

Guide

IBM

Client

Security

Solutions

Password

Manager

Version

1.4

User’s

Guide

FirstEdition(October2004)

©CopyrightInternationalBusinessMachinesCorporation2004.Allrightsreserved.

Contents

Preface

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. v

Whoshouldreadthisguide . . . v

Howtousethisguide . . . v

Additionalinformation. . . v

Chapter

1.

Introduction

to

the

IBM

Client

Security

Password

Manager

.

.

.

.

.

. 1

Chapter

2.

Procedures

.

.

.

.

.

.

.

. 3

Creatingnewentries. . . 3

Recallingentries . . . 4

Managingentries. . . 4

Exportinglogininformation . . . 5

Chapter

3.

Limitations

.

.

.

.

.

.

.

.

. 7

Appendix.

Notices

and

Trademarks

.

.

. 9

Notices . . . 9

Preface

ThisguidecontainsinformationonusingtheIBMClientSecurityPassword Manager programtomanage andrecallyoursensitivelogininformation. Thisguideisorganizedasfollows:

Chapter1,“IntroductiontotheIBMClientSecurityPasswordManager”contains an overviewofIBMPasswordManagerfeaturesandfunctions.

Chapter2,“Procedures”containsproceduresforusingtheIBMClientSecurity PasswordManagerprogramtosetup,recall, andmanageyour logininformation. Chapter3,“Limitations”containshelpfulinformationforovercomingknown limitations andproblemsyoumightexperiencewhileusingtheinstructions providedin thisguide.

Who

should

read

this

guide

ThisguideisintendedforusersofClientSecuritySoftwareVersion4.0orhigher who wanthelp keepingtrackofalltheiruser IDs,passwords,andpersonal informationthatisusedtoregisterand logintoWebsitesorapplications. IBM ClientSecurityPasswordManagerVersion1.4supportstheWindows2000 and WindowsXPoperatingsystems.

How

to

use

this

guide

ThisguideisdesignedtohelpyouusetheIBMClientSecurity PasswordManager tosimplifyyour loginprocessandpasswordmanagement.

ThisguideandallotherdocumentationforClientSecuritycanbeaccessedfrom thehttp://www.pc.ibm.com/us/security/index.html IBMwebsite.

Additional

information

Youcanobtainadditionalinformationandsecurityproductupdates,when

Chapter

1.

Introduction

to

the

IBM

Client

Security

Password

Manager

TheIBM ClientSecurityPasswordManagerenablesyoutomanageyour sensitive and easy-to-forgetlogininformation,suchasuser IDs,passwords,andother personal information,with IBMClientSecurity.TheIBM ClientSecurityPassword Manager storesallinformationthrough theIBM embeddedSecuritySubsystem so thatyour UVMuser authenticationpolicycontrolsaccesstoyoursecure

applicationsand Websites.

Thismeansthatratherthanhavingtorememberand provideaplethoraof

individual passwords--allsubjecttodifferentrulesand expirationdates--youonly havetorememberonepassphrase,provideyour fingerprint,provideyour

proximitybadge,oranycombinationofidentificationelements.

TheIBM ClientSecurityPasswordManagerenablesyoutoperformthefollowing functions:

v _{Encryptallstored informationthroughtheIBMembeddedSecurity}

Subsystem

TheIBMPasswordManagerautomaticallyencryptsall informationthroughthe IBMembeddedSecurity Subsystem.Thisensures thatallyoursensitive

passwordinformationissecuredbytheIBM ClientSecurityencryptionkeys. v _{TransferuserIDsandpasswordsquickly andeasilyutilizinga simple}

type-and-transferinterface

UsetheIBMPasswordManager type-and-transferinterfacetoplaceinformation directlyintothelogondialogof yourwebbrowserorapplication.Thishelps minimizetypingerrorsandenablesyouto saveallofyour informationsecurely throughtheIBMembedded SecuritySubsystem.

v _{AutokeyuserIDsandpasswords}

TheIBMPasswordManagerautomatesyour loginprocess,enteringyourlogin informationautomaticallywhenyouaccessWebsitesenteredintotheIBM PasswordManager.

v _{Exportyoursensitivelogininformationtoa securebrowser}

TheIBMPasswordManagerenablesyoutoexportyoursensitivelogin

informationsothatyoucansecurelycarryitfromcomputertocomputer.When youexportyourlogininformationfromIBM PasswordManager,a

password-protectedexportfileiscreatedthatcanbe storedonremovablemedia. Youcanusethisfiletoaccessyouruserinformationand passwords.

v _{Generaterandompasswords}

TheIBMPasswordManagerenablesyoutogeneraterandompasswordsfor eachWebsiteorapplication. Thisenablesyoutoincreasethesecurityofyour databecauseeachapplicationwillhavemuchmorerigorouspassword protectionenabled.Randompasswordsarefar moresecurethanuser-defined passwordsbecauseexperienceindicatesthatmostusersuseeasy-to-remember personalinformationforpasswordsthatareoftenrelativelyeasytocrack. v _{Editentriesusing thePasswordManagerinterface}

v _{AccessPasswordManagerfromtheicontrayon yourWindowsdesktopor}

witha simplekeyboardshortcut

TheIBMPasswordManagericonenablesyoutohaveinstantaccesswhenever youneedtoaddanotherapplication toPasswordManager,suchaswhenyou aresurfingtheWeb.EachPasswordManagerfunctioncanalso beeasily accessedbya simplekeyboardshortcut.

v _{Archiveyourlogininformation}

UsingtheClientSecurityarchivingfunction,theIBMPasswordManagerenables youtorestoreyour sensitivelogininformationfroma ClientSecurityarchiveto protectagainstaharddriveorsystemfailure.SeetheClientSecuritySoftware User’sGuideformore informationonhow toarchiveinformation.

Chapter

2.

Procedures

Thissectionprovides step-by-stepproceduresonhowtoperformcommon IBM ClientSecurity PasswordManager functions.

Creating

new

entries

TheIBM ClientSecurityPasswordManagerenablesuserstoenterinformationinto Websites andapplicationsusingthePasswordManagerinterface.TheIBM

PasswordManagerprogramencryptsandsavestheinformationthatisentered into theappropriatefields throughtheIBMembedded Securitysubsystem.Once theinformationissavedinPasswordManager,thesefields areautomatically populated withthissecureinformationwheneveraccesstotheWebsiteor application isgrantedaccordingtotheUVMuserauthenticationpolicy.

ToenterpasswordinformationintotheIBMClientSecurityPasswordManager, completethefollowingprocedure:

1. OpentheapplicationorWebsitelogonscreen.

2. Right-clickthePasswordManagericonintheWindowsicontrayandselect Create.

Note: ThePasswordManagerCreatefunctioncanalsobe accessedwiththe keyboardshortcutCtrl+Shift+H.

3. EntertheinformationforafieldinthePasswordManager-CreateNewEntry window.

Note: Theinformationinthisfieldmust belessthan260 charactersinlength. 4. Ifyoudonotwanttheenteredtexttobedisplayed,click theObscure typed

textforprivacycheckbox.

Note: Thischeck boxonlycontrolshowthetextisdisplayedwithin Password Manager.Afterthetextisdroppedintoa Websiteor application,its propertieswillbe controlledbythatapplication.

5. Use theSelectField ″target″icontodragthetextfromthePasswordManager utility intotheappropriate fieldontheWebsiteorapplication.

Note: Thisiconenablesthetexttobe copiedwithoutusingyour computer clipboardorothernon-securelocation.

6. Repeatstep 3throughstep 5foreachfield,asnecessary. 7. Click SaveNew Entry.

8. Type adescriptive nameforthenewentry.

9. Click theAdd″Enter″to automaticallysubmitentrycheckboxif youwant PasswordManagertosubmitthelogininformationafterrecalling.

Note: SomeWebsitesdo notusetheEnterkeytosubmitlogininformation.If loginisfailing,disablethisconveniencefeature.

Recalling

entries

Recalling passwordsusingtheIBM ClientSecurityPasswordManager issimple and easy.

TorecallinformationstoredintheIBMClient SecurityPasswordManager, completethefollowingprocedure:

1. OpentheapplicationorWebsitelogonscreenfortheinformationthatyou wanttorecall.

2. Double-clickthePasswordManagericonintheWindowsicontray.Password Managerwillpopulatethefieldsonthelogonscreenwiththestored

information.

Note: ThePasswordManager Recallfunctioncanalsobe accessedwiththe keyboardshortcutCtrl+Shift+G.

3. EnteryourUVMpassphrase,or completetheaccessrequirementsspecifiedby theUVMuserauthenticationpolicy.

4. IftheAdd″Enter″toautomaticallysubmitentrycheck boxisnotchecked, clicktheSubmitbuttonontheapplication ortheWebsite.

Ifnoentryisrecalled,a promptwillaskyouifyouwouldliketocreatea new entry.ClickYesto launchthePasswordManager-CreateNewEntrywindow.

Managing

entries

The IBMClientSecurityPasswordManagerenablesuserstoworkwith informationstored inthePasswordManager.ThePasswordManager-Manage window enablesyoutochangeyouruser ID,password,and otherinformation enteredintoPasswordManagerthatpopulatethefieldsona Websiteor application.

Tochangeinformationstored intheIBMClientSecurityPasswordManager, completethefollowingprocedure:

1. Right-clickthePasswordManagericonintheWindows icontrayand click

Manage.

Note: ThePasswordManager Managefunctioncanalso beaccessedwiththe keyboardshortcutCtrl+Shift+B.

2. EnteryourUVMpassphrase,or completetheaccessrequirementsspecifiedby theUVMuserauthenticationpolicy.

3. Edityourinformation.Selectfromthefollowingoptions: v _{Entryinformation}

Toeditentryinformation,completethefollowingprocedure: a. Right-clicktheentryyouwanttoedit.

b. Selectfromthefollowingactions: – Add″Enter″

SelectAdd″Enter″toautomaticallyhaveyourentryinformation enteredintotheWeb siteorapplication.Acheckiconwillappearnext toAdd″Enter″whenthis functionisactivated.

– Delete

SelectDeletetodeletetheentryentirely. c. ClickSave Changes.

v _{Entryfieldinformation}

Toeditentryfieldinformation,completethefollowingprocedure: a. Right-clickthefieldyouwanttoedit.

b. Selectfromthefollowingactions: – Changeentryfield

SelectChangeEntryFieldtochangetheinformationstoredforthis field.Youcanchangeanentryfieldinoneofthefollowingways: - Bycreating arandomizedentry

Tocreatearandomizedentry,selectRandomize.PasswordManager willcreaterandomizedentriesthatare7,14,or127characters in length.

- Bymanuallyeditinganentryfield

Tomanuallyeditan entryfield,selectEditand makethe appropriatechangestothefield.

– Delete

SelectDeletetodeletetheentryfieldentirely.

Note: ChangingafieldinPasswordManagerwillonlyupdatethelogin informationwithin PasswordManager.Ifyouwantto increasethe securityofyour passwordsbyusingthePasswordManager randomizefeature,youmustsynchronizetheapplication orWeb sitewith thenew randompasswordgeneratedbythis feature.Use theconvenientPasswordManagerTransferField Tooltotransfer thenew randomizedpasswordintoapplicationor Website

″Change Password″form.Verifythatthenewpasswordisvalidfor theapplication orWebsiteand thenusetheSaveChanges inthe PasswordManger-ManageWindow. Thereisnoneedtore-create theentrywith thenew passwordsince allthenecessary

informationhasbeenretained. c. ClickSave Changes.

4. ClickSave Changes.

Exporting

login

information

TheIBM PasswordManager enablesyoutoexportyoursensitivelogininformation sothatyoucansecurelycarryitfromcomputertocomputer.Whenyouexport your logininformationfromtheIBM PasswordManager,a password-protected exportfileiscreatedthatcanbestoredonremovablemedia.Youcanusethisfile toaccessyouruser informationandpasswords.

Toexportthelogininformationthatisstored intheIBMClientSecurityPassword Manager,completethefollowingprocedure:

1. Right-clickthePasswordManagericonintheWindows icontrayand click

Manage.

Note: ThePasswordManager Managefunctioncanalsobe accessedwiththe keyboardshortcutCtrl+Shift+B.

2. EnteryourUVMpassphrase,or completetheaccessrequirementsspecifiedby theUVMuser authenticationpolicy.

3. ClickExport.TheSaveAswindow isdisplayed withthedefaultpathand PwMgrExportReaderfilename.

5. ClickSave toacceptthespecified locationand filename.Ascreenisdisplayed thatpromptsyoutoestablishapassphraseforyourexportfile.

6. Seta passphraseforyour exportfileand clickOK.Thispassphrasewillbe requiredtoaccesstheexporteddata.Amessageisdisplayedindicatingthatthe exportcompletedsuccessfully.

7. ClickOK.

8. ClosetheIBMPasswordManager.

9. Retrievethecreatedexportfilefromthelocationthatyoudesignatedand copy ittoa removablemedium.

Before youcanopenthisfileonanothercomputer,youwillbepromptedforthe exportpassphrasethatyouestablishedintheaboveprocedure.IBM Password Manager displaysyoursensitiveinformationina securereader.Thisinformation cannotbeprinted orsavedtothecomputerharddrive.ClickOKtoclosethe exportreaderfile.

Chapter

3.

Limitations

Thissectioncontains informationaboutknown limitationsrelatedtotheIBM ClientSecurity PasswordManager.

TheIBMClientSecurityPasswordManagerdoesnotsupportNetscape

Appendix.

Notices

and

Trademarks

ThisappendixgiveslegalnoticeforIBMproductsaswellastrademark information.

Notices

Thisinformationwasdevelopedforproductsandservices offeredintheU.S.A. IBM maynotoffertheproducts,services,orfeaturesdiscussedinthisdocumentin othercountries.Consultyour localIBMrepresentativeforinformationonthe productsand servicescurrentlyavailableinyourarea.Anyreferencetoan IBM product, program,orserviceisnotintendedtostateorimplythatonlythatIBM product, program,orservicemaybe used.Anyfunctionallyequivalentproduct, program, orservicethatdoesnotinfringeanyIBMintellectualpropertyrightmay be usedinstead.However, itistheuser’sresponsibility toevaluateandverifythe operationofanynon-IBMproduct,program, orservice.

IBM mayhavepatentsorpendingpatent applicationscoveringsubjectmatter described inthisdocument.Thefurnishingofthisdocumentdoesnotgiveyou anylicensetothesepatents.Youcansend licenseinquiries,inwriting,to: IBM DirectorofLicensing

IBM Corporation North CastleDrive Armonk,NY10504-1785 U.S.A.

Thefollowingparagraphdoesnotapplyto theUnited Kingdomor anyother country wheresuchprovisionsareinconsistentwithlocallaw:

INTERNATIONALBUSINESSMACHINESCORPORATIONPROVIDES THIS PUBLICATION″ASIS″WITHOUTWARRANTYOFANYKIND,EITHER EXPRESSORIMPLIED,INCLUDING,BUTNOTLIMITED TO,THEIMPLIED WARRANTIESOFNON-INFRINGEMENT,MERCHANTABILITYORFITNESS FORAPARTICULARPURPOSE.Somestatesdo notallowdisclaimerofexpress or impliedwarrantiesincertaintransactions,therefore,thisstatementmaynotapply toyou.

Thisinformationcouldinclude technicalinaccuraciesortypographicalerrors. Changes areperiodicallymadetotheinformationherein;these changeswillbe incorporatedinneweditionsof thepublication.IBM maymakeimprovements and/or changesintheproduct(s)and/ortheprogram(s)describedinthis publication atanytimewithoutnotice.

The licensedprogramdescribedinthis documentandalllicensedmaterial

available foritareprovidedbyIBMundertermsoftheIBMCustomerAgreement, IBM InternationalProgramLicenseAgreementoranyequivalentagreement betweenus.

Trademarks

IBM andSecureWayaretrademarksoftheIBMCorporation intheUnitedStates, othercountries,orboth.

Tivoliisa trademarkofTivoliSystemsInc. intheUnitedStates, othercountries,or both.

Microsoft, Windows,andWindowsNTaretrademarksofMicrosoft Corporationin theUnitedStates,othercountries,orboth.

Other company,product, andservicenamesmaybetrademarksorservicemarks of others.