|User's guide (web) - Infinity PasswordSafe
(For details on using the Infinity PasswordSafe WinLogon features, please see the Infinity PasswordSafe WinLogon user's guide).
Since the release of the first Infinity USB, it has been possible to store and manage passwords on a smartcard, using the appropriate 3rd party software.
WB Electronics has now made it much easier with Infinity PasswordSafe, a free utility for use with Infinity USB Unlimited and Infinity USB Smart, for secure password storage and distribution.
Infinity PasswordSafe currently works with all Atmel AT90S8515 based cards (Funcard1-Funcard7 / PrussianCard1-PrussianCard5, DragonLoaderCard (AVR)), PIC16F87x-based cards (Silvercard, GreenCard1 and GreenCard2) and GoldCard (PIC16F84(A) + 24LC16).
Up to more than 1000 passwords can be stored on a single smartcard, and passwords are easily accessed with a custom shortcut key.
When a stored password is needed, simply place the cursor in the password (or username) field in the current running application, and press the shortcut key. A list of all passwords will appear, and clicking the needed password will paste it into the password field of the application.
Besides storing your passwords, Infinity PasswordSafe can also store basic information that you often use on the PC or internet. This information could be your name, address, phone number, e-mail address and credit card information, or any type of information that is often used when filling out web-forms, online shopping, registering at forums etc. Basic information is ofcourse stored securely encrypted and is accessed separately from your passwords.
Why is it a good idea to use Infinity PasswordSafe?
- All your passwords are easily accessible and secure at the same time.
- The Windows logon sequence is safer and easier because of the possibility of having a physical access media (smartcard) combined with a password.
- Not having to remember all your individual passwords makes it easier to use unique and strong passwords.
- Storing the passwords on a smartcard, makes it possible to take the passwords with you, for use on another PC.
- Separating the passwords from the PC by using a smartcard improves security.
- Different users on the same PC can each have their own PasswordSafe smartcard, with their own passwords.
- Distributing new passwords to clients or users is easy and secure.
Disclaimer: WB Electronics can not be held responsible for any loss of data that may occur using this product.
Download Infinity PasswordSafe from www.infinityusb.com/download and run the setupfile.
During installation you can choose to "Run Infinity PasswordSafe when Windows starts", which is recommended.
After the setup is done, open Infinity PasswordSafe.
(With no card inserted, the list of password will be empty).
Pressing the close button will minimize the window to the systray.
Doubleclicking the icon in the systray will open the mainwindow, while rightclicking will make it possible to go directly to the settings window.
The default shortcut key for the password-list popup is F11, and for the basic information popup F10, but these can be changed into any key not currently in use by the system. Simply place the cursor in the input-box, and press the key you wish to use.
"Run PasswordSafe when Windows starts" – Starts PasswordSafe when Windows starts, this setting is recommended for easy access to your information.
"Minimize mainwindow to tray on startup" - The mainwindows will not show but the software will minimize directly to tray if this option is checked.
"Always execute macro for passwords" - When pressing the shortcut key, the list of passwords will show. When choosing a password on the list a small dialogue asking which action you would like to perform pops up, if this option is checked, the macro for the password item will be executed directly.
"Show username and password in list" - Shows username and password on the password list and popup, if option is checked, this setting is not recommended for most users.
"Show passwords in plaintext" - Shows password in plaintext instead of "********" on the password list, if option is checked ("Show username and password in list" must also be checked), this setting is not recommended for most users.
Preparing a card
Insert a Funcard ((Funcard1-Funcard7 / PrussianCard1-PrussianCard5 or DragonLoaderCard (AVR)) or a PIC-based card (Silvercard, GreenCard1, GreenCard2), and choose Format in the Tools menu.
Choose a master password for accessing the entire card (the master password can be changed later). It is recommended to use a strong password (at least 8 characters consisting of lowercase (a-z) and uppercase (A-Z) letters, digits (0-9) and special characters (!"#¤%/). If you don't enter a password, the card will be directly accessible when inserted.
Now choose a suitable name for the card, and press start. Formatting takes up to 2 minutes (depends on the size of the external EEprom), and erases the entire card, including any previously stored passwords.
If the CPU on the card due to any circumstance gets erased or overwritten, the repair button can be used to rewrite the loader on the card. All passwords are stored in the external EEprom and will therefore not be deleted by using the repair button.
If you entered a master password when formatting, you'll be prompted for the master password, when inserting the card.
After entering the (correct) password, all items will be displayed in the list. Empty cards will ofcourse result in an empty list.
Pressing the add button opens up the add item dialogue:
"Name" - Choose a name for this item (for instance "Web bank").
"Description" - Choose a description (for instance "Personal web bank account").
"URL / www" – Enter the internet address for this item (if any), (for instance "www.webbank.com").
"Username" - Enter the username you use to access the service.
"Password" - Enter the password you use to access the service. If you are about to register on a website and you need a strong password you can use the auto generate button to the right of the password field, this will insert a strong password of 8 characters into the field. If you need a longer password you can manually append characters to the auto generated password.
"Macro" – This field shows the default macro for this item, if you need to change the macro use the icon to the right of the macro field, this will open the edit macro window.
A macro is a sequence of commands that will be executed when activated. This is useful when logging into websites or other password protected areas. A normal login page consist of a [Username] field, a [Password] field and a [Submit] button, if you activate a macro in the username field and you wish to automatically insert the username, password and submit, then the macro should look like this . pastes the username into the username-field, tab’s to the next input field (password field), inserts the password and submits the form. You can customize the sequence of commands to fit most web pages or applications.
A macro for logging into Hotmail, Web forums, and most password protected web resources is . Some login prompts require more than one in order to reach the password field.
Passwords, URLs and macros
There are different ways to activate a password, URL or macro depending on what the password is needed for. If you are presented with a logon screen and you need your username and/or password, place the cursor in the username field and press F11 (or your chosen password hotkey) now click (or press enter on) the correct password item. Depending on which information you have entered for this item you will have several options to choose from. Select “Run macro” if you need to insert both username, password and submit the form. If a valid macro has been entered the username and password field should be filled correctly and the window should be submitted. If you only need either username or password, just select “Username” or “Password” and this will be inserted into the input field.
If you wish to navigate to an URL (internet address) you can activate the password window hotkey anywhere, select the appropriate item from the password/URL list and choose “Goto URL”. If you already know that you need to logon to the site you should choose “Goto URL and run macro” instead, this will launch the browser and navigate to the website. Once the website is loaded simple left-click (or press enter) in the username field (or anywhere that the macro should be executed). Depending on the macro this will log you on to the website.
In order to fill out the logon window you need to have defined the correct macro, if this has not been done before, the item can be edited directly from the password selection window or the main window.
If the setting "Always execute macro only" is enabled you will not have any options to choose from, once you select an item the macro the this item will be executed directly.
For maximum security, follow these basic rules.
- Choose a strong password as the master password for a card. If you loose the PasswordSafe smartcard or it gets stolen, somebody else can only decrypt the card and get access to your passwords by guessing the master password.
If you choose to use a blank master password (for convenience), the contents of the card is still encrypted, and therefore only accessible if another person knows it's a PasswordSafe card. Don't write "Infinity PasswordSafe" on the card.
- Choose a unique (and strong) password for each of your accounts, ie. one for your webbank, a different for your mailaccount etc.
- Users often choose the same (simple) password for all accounts because it is easier to remember, but this leads to security problems if just one webservice gets compromised.
With the Infinity PasswordSafe you don't need to remember 10 different passwords.
- Remove the PasswordSafe smartcard when it's not being used. If you're leaving the PC for a while, take the PasswordSafe card with you.
- Do not let your browser store web passwords, and don't use the "remember me" function on some websites. If somebody steals your entire PC they'll easily be able to access all your personal information using the stored passwords.
- Use a strong complicated Windows logon password and store this on your PasswordSafe card using the PasswordSafe WinLogon feature. Remember to always have a remote copy of your Windows password if you should loose your PasswordSafe card.
Name, description, passwords and usernames are stored in the external EEprom on the smartcard, encrypted using a 128bit Blowfish algorithm.
No passwords or any other secure information is stored on the PC.
The size of the external EEprom directly determines how many sets (Name / description / passwords / username sets) can be stored on a card:
- Funcard / Funcard2 (AT90S8515 + 24C64) - 62 items
- Funcard3 / PrussianCard (AT90S8515 + 24C128) - 126 items
- Funcard4 / PrussianCard2 (AT90S8515 + 24C256) - 254 items
- Funcard5 / PrussianCard3 (AT90S8515 + 24C512) - 510 items
- Funcard6 / PrussianCard4 (AT90S8515 + 24C1024) - 1022 items
- Funcard7 / PrussianCard5 / DragonLoaderCard AVR (AT90S8515 + 2*24C1024) - 1022 items
- Goldcard (PIC16F84(A) + 24C16) - 14 items
- Silvercard (PIC16F87x + 24C64) - 62 items
- Greencard (PIC16F87x + 24C128) - 126 items
- Greencard2 (PIC16F87x + 24C256) - 254 items