Elcomsoft Password Store


ElcomSoft Opens a Password Store to Sell Passwords Balancing Strength and Memorability

ElcomSoft Password StoreElcomSoft Co. Ltd. announces the opening of ElcomSoft Password Store, an online service to supply customers with guaranteed secure passwords. The new Password Store provides customers a variety of selections, and complies with all industrial and government requirements regarding the length and complexity of passwords being sold. As a value-added service, the company offers near-instant recovery of all passwords sold through its Password Store for a nominal fee.

Background

The many different security policies and government regulations make standard practices of choosing passwords inadequate (passwords are too easy to break) or unfeasible (passwords are impossible to memorize, get written on yellow stickers, and get easily hijacked). While extensive guidelines are available to create passwords that balance strength and memorability, the instructions are often complicated and contradicting.

“Most fellows don’t get it”, says ElcomSoft CEO Vladimir Katalov. “They’ll choose memorisable passwords and we break them in minutes. Or they choose strong passwords and put them on a sticker. Either way it’s plain wrong”, he adds.

About ElcomSoft Password Store

To facilitate the needs of its customers, ElcomSoft Co. Ltd. employed its extensive expertise in the areas of information security and password recovery, and offers a service to provide the perfect balance between password strength and memorability. After breaking millions of passwords, the company has inside information on what’s strong, what’s weak, and what’s adequate for every task.

“Before ElcomSoft Password Store, the only way to ensure security was hiring professional security consultants to create custom passwords. Need I mention hefty bills?” asks Vladimir Katalov.

Offering three strength levels and several additional options, ElcomSoft offers an economical way to create passwords perfect for the type of information they protect. Customers can choose passwords that are short and strong, long and extremely strong, or very long and guaranteed unbreakable. For a small extra fee, Password Store customers can choose passwords that are easy to pronounce or quick to memorize, without sacrificing a single bit of security. In addition, ElcomSoft offer a “gift-wrap” option that accompanies every password with a digital authenticity certificate.

Secure Password Delivery

The company paid a lot of attention building a vehicle to deliver passwords to the customer in a completely secure manner. Based on ElcomSoft’s own password breaking tools, all standard delivery methods such as email or plain-text embedded into an HTML page were deemed completely insecure.

“We struggled with the issue”, says Andy Malyshev, ElcomSoft CTO. “Generating the right password is easy for a company of our background. Ensuring that our customer and our customer only can have access to it is not”, he adds.

After careful consideration, the company built a unique proprietary system displaying passwords exclusively in human-readable, non-cacheable form. The passwords are delivered via single-use virtual scratch cards.

“Scratch cards are universally accepted for delivering single-use, sensitive information to buyers of lottery tickets, phone calling cards, and similar”, says Olga Koksharova, the company’s Marketing Director. “The idea is similar. We use proprietary software that runs in the customer’s Web browser, displaying passwords in human-readable form after the user moves the mouse to ‘scratch off’ the protection layer. We analyzed the toughest captchas and built our own in order to block automated character recognition tools used by three-letter agencies and some terrorist organizations”.

Value-Added Services

As a value-added service, ElcomSoft offers exclusive password recovery service to all customers of its Password Store. For a nominal fee, forgotten passwords can be recovered in an instant. Under no circumstances will the company sell passwords to any third-parties or upload the lists to the three-letter agencies, government or law enforcement officials unless they become our clients and buy their own passwords.