 |
The Password Key Philosophy |
SURPRISE! Password Key is not 100% Fool-proof!
PLEASE READ ALL OF THIS BEFORE USING Password Key!
|
|
The Password Key Philosophy |
PLEASE READ ALL OF THIS BEFORE USING Password Key!
In order to be safe for your computer and hard drive, we never intended Password Key to be invincible. That makes it possible to be locked out of your computer. There are ways to circumvent its operation! It is intended to provide you with a limited security environment and a way to find out if someone is tampering with your system. Do not consider your system to be under "Lock and Key" while Password Key is running. The old adage of "Locks are for honest people" applies here.
Version 2.x was more secure than 1.x, Version 3.x is still more secure, and 4.x offers more ease of use in viewing the log if/when a problem occurs and adds compatibility with current operating systems. Use Password Key to be aware of problems, not as an excuse to ignore them.
Still, remember that you are ultimately responsible for what is on your computer. Only you can keep things OFF of it, only you can check it for viruses, only you can back it up.
Password Key offers no warranties, expressed or implied as to the protection of your computer or its software.
Ok, I'll go ahead and spell it out... I've gotten a lot of responses from new users who say: "Did you know you could defeat Password Key with by holding the Shift Key down to disable extensions in System 7.x and later?" My answer is "Yes. I know." Then I have to tell them the philosophy behind my creating Password Key in the first place. So, here it is:
(UPDATE 9/98 - There is now a fix for this in systems through 8.6 and even in some versions of OS 9.x! Shift Key Suite, by Marc Menningmann, downloadable at: <http://www.kagi.com/mennigmann/files/Shift_Key_Suite_1.0.hqx> can turn off the shift key during startup and eliminate this concern for those who want protection EVEN if it modifies the system.)
I, too, have had experience with other programs that secure a Mac Hard drive, and frankly, that's why I wrote Password Key. I've seen whole disk drives locked up so that they can not be accessed, even with the correct password. This kind of "protection" I DON'T need! So, my primary objective was to write a program that would offer as much protection as possible without modifying the system files or the hard disk driver, like some of these others do.
Armed with this goal, I designed Password Key to keep out up to 90%+ of the casual "browsers" around. In other words, 5-10% of the users out there will be able to figure out that they can bypass Password Key and access the user's system. However, I've built in features that help you "catch" even these smarties. Yes, it's true, that holding the shift key down will disable Password Key (and most of the other add-on features of a system like printing and network services), but with Password Key, you will probably still be alerted that there is someone snooping around, allowing you to take further precautions, or even catch someone in the act.
Here's how it works: Password Key runs at startup by putting an alias of it in the startup folder. Each time it is run, it records the date and time. This is stored in it's "PASSWORD" data file. Then, any attempt to enter incorrect passwords is met with a beep, and the "wrong" password is also recorded in the file along with the date and time. If an attempt to bypass the program with the control-option-esc sequence is tried, Password Key records the event along with which key was pressed and date and time, then immediately shuts down the system. If five "bad" passwords are entered, it sounds a siren, gives a warning that you've violated the system, records the bad attempt, and shuts down the system. Needless to say, I've designed it to keep lots of records.
At this time, a really smart/well-educated user might then restart the machine and hold down the shift key to disable extensions. He/she will be rewarded with full access to the machine. This is unfortunate, but as I mentioned before, it will only happen with 5-10% of the people, in my opinion. But the next time the owner starts up the machine, and Password Key runs, it reads the PASSWORD file and finds that the last time it was run, there was not a successful entry. After the entry of the correct password, Password Key then alerts the user to the problem and offers them a chance to view the log immediately within Password Key. They can then see any and all attempts to enter the system along with the date and time.
Many find that the people messing with their systems are after-hours employees like night watchmen, cleaning crews, etc. The date/time stamp helps to show WHEN this access is taking place. Also, you can run it while you're away from your desk. That would help you to know if anyone tries to access it while you're out to lunch or gone on break.
In my opinion (I know... who cares? ), this is as much protection as MOST people need. It keeps out the honest people, lets people know you're not interested in having them access your machine, and alerts you whenever someone starts messing with it. PLUS: It is completely SAFE! Even for HFS+ Drives!