SecuriKey USB Computer Protection Key
Protect your Laptop against Data Theft
|
|
You don't leave your house or car unlocked. So why
not also lock your computers with the new Securikey?
This simple small device plugs in to a computer's USB
port. Without the device plugged in, your computer and
its data is
securely locked.
|
If you have a computer that
runs Windows 2000/2003 or XP, this device can add an extra level of
security, making it harder (but not impossible) for unauthorized
people to steal your data.
Do you need the extra security
of Securikey?
Maybe your computer is
already protected by the need to type in a username and
password. What are the added benefits of the Securikey
system?
The chances are your present
username and password do not offer very robust protection.
When you turn your computer on, the log-in screen already shows
your username - all a hacker needs to do is guess your password
and they can access your computer. How
guess-proof is your password?
Indeed, maybe they don't
even need that. Do you have a 'Guest' account on your
computer? Maybe there is a default guest account that
allows anyone to access your computer without a password.
Or maybe the Administrator account also has a vulnerable password.
Or perhaps there is another user account on the system which has
no password. Or perhaps you have shared drives that could
be accessed by connecting your computer to a second computer.
Even if none of these very
basic vulnerabilities are present, a motivated hacker can
probably break through the default Windows security and access
the data on your hard drive. There are even various 'hacker' utilities that can reset the Administrator password on
a computer, giving the person who used the utility complete
access to the computer's contents. Securikey advise that a
skilled hacker can get into your password protected computer in
less than 15 seconds.
If your computer is fixed in
place, in your office or at home, your vulnerability to
data or identity theft from a stranger is low, because a thief
first must break in to your home or office. But if you travel with a
laptop, your vulnerability goes sky-high, because your laptop is
much more vulnerable to being stolen.
Laptop thefts are sharply
increasing. 53% more laptops were stolen in 2001 than in
2000. In 2002, this number is believed to have increased
by at least a further 15%, up to a staggering 620,000 (more than
one every minute).
The harm due to lost and misused data eclipses
the underlying cost of the laptop itself. A 2001 FBI study
showed that the average loss resulting from a laptop theft was
$89,000. Another source suggests that 57% of all
corporate information that is stolen comes from mis-using laptops
to get access into corporate servers.
Here's a
June 04 article that dramatically shows the extent and
prevalence of the problem of laptop data theft. In one
test case, 70 of 100 lost laptops proved to have vulnerable
data. In another, one in three password protected
computers were quickly defeated.
Plainly, it is prudent to
secure your laptop as robustly as possible.
Securikey Protection - what you get
When you buy a Securikey
kit, you get two USB Securikey devices (sometimes called keys,
sometimes called tokens). They can be
used as two keys to the one computer, or two different users
can each have their own key (and matching personal profile with
different access rights) for the one computer, whichever you
prefer.
Extra keys can be purchased
from Securikey.
The keys measure 2.125" x
0.5" x 0.25", and weigh a quarter ounce.
There is a small keyring at the end of both keys (the picture
above doesn't show the keyring on the second key).
Both keys are identical, so
if you're choosing to use them for different people and
different user profiles, you'll need to somehow scratch an
identifying mark on each key so you don't get them confused.
Identifying keys could
become even more problematic in a corporate environment, with a
potential confusion of different keys and no easy way of
matching up keys with their users and computers.
The two keys are very
attractively packed in a lovely aluminium case. I'll
probably keep the case for years - it looks much too 'useful'
and 'good' to throw away, but I'll probably never use it for
anything else!
Also included is a CDrom
with the necessary software on it and a 35 page small sized
Getting Started guide.
There was no warranty
information, and neither could I find any information on their
website,
but I'm told there is a generous two year warranty on the keys.
The Securikey is compatible
with all PC systems that have a USB port and either Windows 2000/2003
or Windows XP.
Installation
It would have been nice to
find a 'Quick Start' single sheet in with the other
documentation. I'm always confused whether you should
first load the software and then plug in the device, or plug in
the device first and follow the Windows prompts, when adding new
USB devices, and I had to carefully read a lot of the Getting
Started booklet before feeling confident I knew what I was
doing. In bold type was the rather chilling statement that
:
failure to follow
these instructions could result in becoming locked out of
your computer system.
which motivated me to follow
through the installation with more care than normal. Which
also meant that any glitches in the installation process were
also more alarming.
I had my first problem while
installing when it asked me for my user name. Did it mean
my official log in user ID, or did it just mean any type of name
at all? There was no help option in the install program
and the Getting Started guide didn't answer the question either.
I chose to answer with a unique name, not my log in name.
This didn't seem to cause any problem.
But then - aaagh! What
appeared on screen was not what I was told to expect in the
Getting Started (GS) guide. The GS guide suggested I'd be asked
for a Profile Name, but the actual program skipped this step and
went on to the next screen shown in the GS guide. The
grave warning about failure to follow the instructions resonated
in my mind, and I wondered if I'd done something wrong.
The install program
instructed me to now connect the Securikey to my computer, and
said that I'd have to plug it into every possible USB port so
that the system would load the necessary drivers for each port.
That promised to be a problem - my two port laptop has one port
always in use for
my mouse, but I decided to first get the device installed on the
free port.
The 'Found New Hardware'
wizard started up, and the GS guide merely said 'if you're
unfamiliar with dialogs that Windows displays when it finds new
hardware, please read through the Hardware Setup sections for
either Windows 2000 or Windows XP'!
Wow. That is one of
the
most unhelpful and unfriendly statements I've ever seen in a
manual, and when you keep in mind (as I anxiously was) that if
you
don't do this perfectly, you might end up locked out of your system,
this is a totally unsatisfactory level of documentation and
support by the manufacturer.
Securikey subsequently
explained that this comment was intended to direct the user to
supplementary help files that could be found on the CDrom.
So, looking at the Found New
Hardware wizard, I wondered - do I want to install the software
automatically or manually? Other USB devices have always
said, in their documentation, which option to use, but in this critical case, I was on my
own.
Making the matter worse was I couldn't call Customer
Support, because their 40 hour/week support service was closed.
This lack of documentation is unsatisfactory in a product aimed
at ordinary end users.
I persevered (and installed the
software automatically).
The next step was
unavoidably
laborious. Due to inadequacies in how Microsoft handles
USB devices, it is necessary to install the Securikey on every
USB port on your computer. Although I only have two USB
ports on my laptop, I also use a four port hub to give me more
USB ports. So I had to install the Securikey driver ten
times! (Once each for the two USB ports, then four times while
the hub was in one port, and another four times when it was in
the other port.)
This was compounded by the
fact that I was using one of the ports for my mouse, but
eventually I got the device recognized and set up each of the
ten different ways.
Now for another important
choice - what do I want the computer to do when the Securikey is
removed? The choices are to lock the computer, put the
computer into standby mode, log off my user account, or shut the
computer down. After thinking about this, I decided that
the choice I most wanted was, alas, not available!
I
wanted the computer not to go to standby mode (which still draws
power from the battery) but to hibernate mode (which does not
use any power, and still allows for a very fast power down and
subsequent restart).
Some computers have compatibility problems with the standby
mode, and I never like to use this option.
I chose the option to lock the
computer, although I didn't really know what this meant.
After completing the
registration process (see below) the install was finished.
Lastly, I rebooted my computer.
When restarting, a brief message flashed on the screen that said something
about Securikey. Hopefully it wasn't anything important,
although a nagging fear caused me to think 'why would they show
a message if it wasn't important'. I typed my password
into the normal looking log-in screen, and there I was -
properly logged in, with everything seeming to work perfectly.
Using the Securikey
I pulled the Securikey out
of the USB port, and about three seconds later, the screen
changed to a blue screen with a window asking me to insert the
Securikey. When I re-inserted the key, I had to enter
my Windows user password to get back into the system.
That was easy.
Securikey in = computer works. Securikey out = computer
stops working.
I shut my computer down to a
hibernation state and then restarted it. Same procedure.
Again, simple.
So, although the install
involved several worrying areas of ambiguity, it seemed to have
all been completed satisfactorily, and my PC was now more secure
than before. Excellent.
I experimented adding and
removing other USB devices, and generally there seemed to be no problem or
interference between them and the Securikey, with one notable
exception being the Slim Cam 300 -
often plugging in this device would cause the computer to think
I'd unplugged the Securikey and so lock itself up, requiring me
to go through the password re-entry to restart. This is
almost certainly the 'fault' of bad software written for the
Slim Cam 300, but the inconvenience occurred, not matter which
vendor was at fault.
I
could also sometimes cause anomalous behavior by unplugging and replugging the Securikey repeatedly, or 'at the wrong time'.
The system did not seem to be absolutely rock solidly stable,
although for ordinary users, not trying to crash the system,
there shouldn't be a problem.
The USB key sticks out about
1½" from the USB port, a similar distance to most other USB
connectors. This does not cause a problem on a flight,
because the opened screen stretches further back than the USB
device.
It is a shame that the
documentation is not more complete and user friendly, but once one has
succeeded in installing and configuring the system, using it
is an easy 'no-brainer'.
How Secure is Securikey
Alas, the answer to this
question is 'not completely'. In its default configuration, even
a fairly unskilled computer hacker could quickly defeat the
protection it offers.
You can make two tweaks to
greatly increase the security of your data. First, set the
Securikey service so that it prevents your computer starting
in Safe Mode.
Second, enable the Encrypted
File System in Windows so that, even if a person can access your
data, it is encoded and can't be read without your logon.
Securikey advise that with modern powerful CPUs, there is
almost no noticeable slowdown in overall performance when using
a file system with encrypted rather than clear data.
While the adage 'locks are
for honest people' applies to the Securikey as well as to
traditional locks, using the Securikey system will make your
system very much less vulnerable than it presently is.
Of course, your laptop will
still be an attractive object to steal, as a laptop, rather than
as a valuable data source, so still be careful with your laptop.
Somewhat more Secure, but also
Somewhat less Reliable
While Securikey adds a layer
of added security, it also adds a layer of extra vulnerability
to your computing. What happens if your key is lost, or
damaged, or malfunctions? Or if you simply forget to bring
the key with you?
A Securikey support representative admitted that
sometimes when a computer crashes it is possible that it somehow
also scrambles the security data stored on the key, making it
inoperable and needing to be replaced.
If you're traveling and -
for whatever reason - you need to get a replacement key, you
will find yourself with an inoperable laptop for
a day or more until you can get a new key or somehow otherwise hack
your way into your computer and restore it to working without
the missing/broken key.
But, the issue you need to
consider is : Which is more likely to
happen - your laptop will be stolen and the Securikey system will protect
the data on it; or that you'll lose or break the key and
find yourself shut out of your computer when you need
it the most?
Most people will almost
certainly feel that the very small risk that Securikey presents
is many times outweighed by the very large extra security it
provides.
Securikey will send out a replacement key the same day you call
in to ask for one, so in theory, with overnight shipping, you
should never be more than one business day away from a new key
while in the US. A replacement key costs $45 plus
shipping.
Plainly, the Securikey is
not without its own set of risks, and with that in mind, I
decided I'd use the second key that came in the box as an
emergency duplicate, rather than giving it to someone else to
use.
The Vital Importance of
Registration
Securikey can only create a
replacement key for you if they know the unique identify for the
key you lost. When you register - either on line, or by
printed out form that can be mailed or faxed to them - this
information is sent to them.
But if you don't register,
and don't have this information stored somewhere yourself, if
you need a replacement key for a system that you've completely secured,
you're dead in the water and the only thing you can do is
reformat the hard disk and lose all your data.
Securikey's CEO, Bennett
Griffin, explains it this way : 'We strongly encourage
users to register SecuriKey. It's essentially a free insurance
policy to ensure that a duplicate token can be made if it is
ever needed.'
With this sensible advice in
mind, I broke the habit of a lifetime and registered my
keys. You should, too.
The Second Key
Each unit includes two keys.
The second key can be used to identify a second account on the
computer, or it can be used as a duplicate key in case you lose
the first one.
I decided to make my second
key a duplicate of the first. But, how? The manual
was silent on how to make the second key a duplicate of the
first, and neither did the online help files explain the
situation.
After some fruitless and
confusing experimentation, I gave up, and decided to
call Customer Support to see if
they could tell me what to do.
Customer support operates
9-5 weekdays, CST. Annoyingly, when you call in, if
no-one is available to take your call, you don't have an option
to wait on hold, but instead you must leave a message and await a
call back. For people that have busy days, it is often
just not practical to be called back, and a game of phone tag
evolves over potentially several days - a massive problem if the
reason for the call is that you're locked out of your computer.
When I did get through to a
person (quickly, on the second call) he was very helpful. It turned out
that the second key is automatically configured as a duplicate
of the first key, and that no extra programming or setup is
required for it to act as a replica of the first key.
Use on Multiple Computers
There appears to be no
reason why you couldn't load the Securikey software on more than
one computer. But you would be limited to only using as
many computers, simultaneously, as you had appropriate keys.
For multi-user,
multi-computer, network environments, Securikey also offer a
an enterprise version product. This has some other nice features as well, such
as giving the Network Administrator a 'master key' and the
ability to create duplicate keys for any user who has lost/broken
his key. Because these duplicate keys can be instantly
created on site, the downtime from a lost/damaged key is reduced
to almost zero.
Where to Buy
Several vendors are listed
on the Securikey's
website,
and the company will also sell the product directly to you.
It lists for $129.
At present,
YourMobileDesk is selling the product at the lowest price, for
$100.
You can also buy extra keys,
at a cost of $50 each.
If you lose a key and need a
duplicate, you can order one for $45. It will be shipped
the same day you order it.
Alternatives to Securikey
There is a 'heavy duty'
alternative to Securikey offered by the respected company, RSA
Security. However, their
website
is almost completely impenetrable in terms of providing
absolutely no easy to
understand information, and it also chooses not to display pricing
(which invariably means either that the pricing is exorbitant
and the company is too embarrassed to show it, or else that
pricing is very 'negotiable'!). RSA's product also
requires the user to be connected to their company network for
the verification process to occur, making it much less appropriate if
you're traveling on the road and often needing to use a laptop
while off-line.
There is also an interesting
alternative approach offered by
Kanguru Solutions. Their Wizard device appears to 'hide' parts
of your hard disk if it is not plugged in to your computer. Kanguru's PR people declined to provide a unit for comparative
evaluation, so draw your own conclusions about its
effectiveness.
Summary
The concept of what
Securikey is and does is excellent. A simple convenient
hardware 'lock' on your laptop provides very valuable
protection, making it difficult for thieves to steal not only
your laptop but also the precious and private data stored on it.
But, with its default
settings, 'difficult' is not the same as 'impossible', and while
adding an extra level of security to your data, it also adds a
very slight level of potential inconvenience (if the key gets lost or
fails).
Although sold at a
suitably high price, and designed as an 'end user' product to be
used by and installed by 'ordinary' people rather than IT
professionals, it does not come with adequate
documentation. It was difficult to understand, install, and
use correctly.
Many users might choose the
simpler procedure of simply ensuring that Windows security
settings and account privileges are sensibly configured, and to
use a hard to guess password, however this might be a poor
strategy, because regular Windows security (if the two words
aren't oxymoronic!) can be penetrated in 15 seconds by a skilled
hacker.
This is a great concept.
Related Articles, etc
|
If so, please donate to keep the website free and fund the addition of more articles like this. Any help is most appreciated - simply click below to securely send a contribution through a credit card and Paypal.
|
Originally published
27 Feb 2004, last update
21 Jul 2020
You may freely reproduce or distribute this article for noncommercial purposes as long as you give credit to me as original writer.
|