View Full Version : Visual Key CE security software for your Pocket PC
Ed Hansberry
04-25-2002, 04:19 PM
<a href="http://www.viskey.com/">http://www.viskey.com/</a><br /><br />Visual Key for Windows CE protects your pocket PC against unauthorized access. The program locks the computer and a graphic of your choice is displayed. Access will only be allowed if certain previously defined spots in the picture are clicked upon in the correct order.<br /><br /><img src="http://www.pocketpcthoughts.com/images/visualkey.gif" /><br /><br />Sort of a neat alternative to a regular sequence of numbers or a password. I've seen similar security programs for PC's being touted in the news. These are virutally impossible to crack using a computer to randomly generate the key. Given the 320X240 resolution of the Pocket PC and the fuzziness the app allows (30 pixel radius) 4 taps still allow 40,000,000 combinations, versus only 10,000 combinations using the standard 4 character input.
entropy1980
04-25-2002, 05:28 PM
Cool idea but with my luck I would forget where I pressed and be locked out of my Pocket PC!
Ed Hansberry
04-25-2002, 05:31 PM
Cool idea but with my luck I would forget where I pressed and be locked out of my Pocket PC!
I would assume like other security measures, a hard reset will clear the code (as well as your data) out so you could at least use your PPC. The key would be to get a picture of something familier and press on 4 objects you could easily remember.
Andrew Duffy
04-25-2002, 05:33 PM
This is a nice replacement for the standard screen lock, but it won't protect your data from a determined thief. I guess it would still be possible to use the development tools to connect to the machine and terminate the process showing the lockout screen, or at least to browse the file system. If ActiveSync needs a partnership set up there are third-party syncronising tools available.<p>
If anyone knows of good quality encryption software for the Pocket PC it would be nice to hear about it. By good quality I mean that it uses a recognised standard encryption scheme, has a good key generator (generating random numbers would be a matter of tapping the screen), allows the use of a long passphrase to unlock the key and works as transparently as possible.
entropy1980
04-25-2002, 05:41 PM
I would assume like other security measures, a hard reset will clear the code (as well as your data) out so you could at least use your PPC. The key would be to get a picture of something familier and press on 4 objects you could easily remember.
yeah but any picture with easy to spot objects might detract from it's security as someone else could easily just try any number of the objects ( if they are easy to spot) Otherwise I still agree it's a great idea.
Ed Hansberry
04-25-2002, 05:41 PM
This is a nice replacement for the standard screen lock, but it won't protect your data from a determined thief. I guess it would still be possible to use the development tools to connect to the machine and terminate the process showing the lockout screen, or at least to browse the file system. If ActiveSync needs a partnership set up there are third-party syncronising tools available.<p>
If anyone knows of good quality encryption software for the Pocket PC it would be nice to hear about it. By good quality I mean that it uses a recognised standard encryption scheme, has a good key generator (generating random numbers would be a matter of tapping the screen), allows the use of a long passphrase to unlock the key and works as transparently as possible.
I don't know how Visual Key works, but if you have the standard security set on your Pocket PC, the PPC will not allow any communication with the device without the password, either via the screen or the serial/USB port. Third party sync tools cannot bypass it.
You are right, a determined thief could figure it out, but the cost of doing so (time and money) is so high, unless the thief knew it contained missle launch codes or passcodes to million dollar bank accounts, it isn't going to be worthwhile. Most people just want the device anyway so a hard reset takes care of that, but also clears out your data. That is why you should NEVER put confidential info in the ROM memory store or on a storage card.
Gerard
04-25-2002, 06:51 PM
I was involved quite heavily in beta testing this, and saw two forced hard resets. One was the result of an error in one early version beta. The other was because I forgot the input taps I'd last chosen. I tried for three hours. I knew exactly which 8 points I had selected, but there was no way I could get them in the right order. It was frustrating in the extreme, as there were several new emails I did not want to lose between me and my last backup (I only do email on the Casio, and automatically delete them from the server on download).
I tried the Activesync connection, but that beta was apparently causing an error in the text-based password version. I couldn't access the device in any way, so I hard reset and started over.
Since then, I have found that this software is not a problem at all as long as I rehearse the pattern very well. I would recommend a screenshot record of input points ('Hints' turned on and using a delayed-snapshot program like PQView to shoot only once you've had time to input all your points). Print this out, delete the original, and put the image somewhere secure. Just in case you forget. Another precaution, which applies generally anyway, is BACKUP!
Great software nicely presented. They have done a fine job.
Ed Hansberry
04-25-2002, 06:56 PM
I knew exactly which 8 points I had selected, but there was no way I could get them in the right order.
8 points? 8O Isn't that somewhere near 48.9 gajillion possible combinations?
Gerard
04-25-2002, 07:18 PM
At least. ;) Enough that a cracker would have to be very, very patient, besides having an inhuman memory, to have any hope in about a thousand years of getting into my phone list. As if I have anything secret in here... Seriously, I doubt any thief would be even remotely interested in my data, any of it. It's useless to anyone but me. I don't store credit card data here, nor any passwords to sites that would offer access to my bank accounts (not that that would do them any good anyway - I'm broke!). But it is easy to see how a deployed set of corporate devices should be secured, as the users seem a lot less likely to feel the same sort of protectiveness for their borrowed or given devices as does someone like me. And company data could, in many cases, offer potential damage to the company. VisKeyCE seems a decent level of security with even 4 tap combinations, and as any number can be used, this can easily be increased to absurd levels of protection. Just gotta remember the lousy tap-points, or else...
Ed Hansberry
04-25-2002, 08:15 PM
I don't store credit card data here, nor any passwords to sites that would offer access to my bank accounts (not that that would do them any good anyway - I'm broke!)
I use eWallet for that, and keep the 128bit encrypted file in RAM. If my device is stolen, they would have to hard-reset to get the device to work, and that would wipe out the file. If by *some* chance they were to get the file, they then have a mondo task of unencrypting that data file.
You run a much higher risk of losing your real wallet and all of that stuff is right there anyway.
eric linsley
04-26-2002, 03:09 AM
i also beta tested and i think it was fantastic
you could go and pick betwee 1- 8 spots on your screen "order specific"
plus you had the option of doing the quick login where if the code was correct it would automaticly log you in rather than having to hit the login key
plus it comes wiht free softwar that alllows you to import your own gis as well as alter them to fit the screen
over all i relay recomend it
hollis_f
04-26-2002, 08:34 AM
Another beta tester who's most impressed.
The built-in password protection was always too much of a pain. This really helps security by making it easier to enter the password. And security that's easy to use is security that will be used.
vBulletin® v3.8.9, Copyright ©2000-2019, vBulletin Solutions, Inc.