

Infinite Menus Place Holder (Dreamweaver Design View) Home Products Large Business Facilities Campuses Mid-Sized Businesses Remote Users Smartcard Accessories Smartcard Readers Smartcards and Labels Buy Online Testimonials Partner Applications Case Studies About Us Company Background Company Officers News Press Releases Product Reviews In The News Industry White Papers Media Resource Center Newsletters Partners Partners Customer Support Downloads & Manuals FAQs Contact Tech Support Contact Us Contact Us

Frequently Asked Questions for Password Safe Viewing :

Backup/Restore
Security Questions
Smartcard
Power LogOn Card
Power LogOn Reader
Power LogOn Labels

General

Q: What makes a secure password?

A: More and more companies are requiring passwords that include a mixture of upper and lower case letters, numbers and special characters like punctuation marks. The more different types of characters used the stronger the password.

Two other factors also add to a password's security: Length - the total number of characters that make up a password; and randomness - the characters are arranged in a way such that they don't spell a word, make up any special date, or in any way can be associated with you. Putting your name in reverse order with your birth date is not considered secure.

Examples:

Weak password: john2006

Strong password: D%4@*bHx$jw#g

Sphinx Logon Manager includes a random character password generator to assist you in creating complex passwords. See the User Manual for more information.

Q: How am I expected to remember these long passwords?

A: That is where Power LogOn comes in. The information is stored on your card. Not only do you not have to remember them but you also don't have to type them in.

Q: Should I still write all my passwords down on a piece of paper?

A: It is always a good idea to have a backup should you need it. Power LogOn does supply a utility to Backup/Restore your card should your card ever be lost or damaged. Your backup file can be stored on a floppy disk, CD or memory stick for example and stored in a safe place.

If you do decide to still keep a written log of all your passwords, store the list in a safe place that cannot be easily found or accessed by others. Storing all your passwords in a Word document titled "Passwords" on your hard drive is not considered safe.

Q: What happens if I lose my card? Will others have access to my accounts?

A: Your card is protected by a Personal Identification Number (PIN) similar to your ATM card. As long as you protect your PIN, your card should be safe. Power LogOn allows three attempts to correctly enter you PIN. If all three attempts are wrong, then the card is locked and can only be unlocked using the Personal Unlock Key (PUK). If the PUK is entered correctly, the card is again functional with a default PIN reset to "12345." If the PUK is entered wrong three times, then the card is permanently disabled.

Q: If I lose my card do I have to contact every website to get my password sent to me to re-create my card?

A: No. Power LogOn includes a Backup/Restore utility. You can manually or automatically backup your entire card's content. This creates a password protected, encrypted data file that is not accessible by any other program and can be stored on one of many different medias: floppy disk, server, CD-ROM, memory stick, etc. You decide. To restore a card, simply place the new card into the reader, launch the Power LogOn application, select "Restore," type in the file's password, and the data from the last backup is restored onto the new card. The card's PIN is not affected. (see "Backup/Restore" for more information).

Q: I just got a new Power LogOn card. What's the default PIN?

A: The default PIN is "12345," unless otherwise specified by your installation.

Q: What if I forget my Power LogOn card PIN?

A: If you forget your Power LogOn card PIN and enter the wrong PIN repeatedly, your card will be "locked" and you will be prompted to enter your Power LogOn card PUK to "unlock" your card.

Q: What happens, if I enter the wrong PIN?

A: A new card will be locked after the third wrong PIN entry. However, if the second or third PIN entry is valid, the card's wrong PIN entry attempt counter is reset and all three tries are available again.

PUK

Q: I just got a new Power LogOn card. What's the default PUK?

A: The default PUK is "12345," unless otherwise specified by your installation.

Q: What's the PUK for?

A: Entry of the PUK (Personal Unlock Key) will be required to "unlock" your card if you ever "lock" your card by entering the wrong PIN repeatedly. You should be sure to keep your PUK in a safe place, where it will be accessible when you need it.

Q: What if I forget my PUK?

A: If you forget your Power LogOn card PUK, you will not be able to "unlock" your card after it has been "locked," as described above. If you can't unlock your card, you should ask your Power LogOn Administrator for a new card or you may have to purchase a replacement card by visiting our online store . Once you have your new card you can "Restore" Power LogOn data that you backed up previously, to your new card (see "Backup/Restore" for more information).

Q: What happens, if I enter the wrong PUK?

A: A card will be permanently locked after the third wrong PUK entry. However, if the second or third PUK entry is valid, the card's wrong PUK entry attempt counter is reset and all three tries are available again.

Logon to Windows

Q: Why should I use my Power LogOn card to logon to Windows?

A: There are three main advantages when you use your Power LogOn card to logon to Windows.

First, no one will be able to look over your shoulder to learn your Windows logon information, because this information will be transferred directly from the Power LogOn card to Windows.
Second, you can choose a longer and more complex Windows password, since you won't have to remember it. Complex passwords provide better security.
Third, it's easy to change your Windows password frequently with Power LogOn. You can use the random password generation feature to generate a new password. Then, when you save your new password, Power LogOn automatically synchronizes the change with Windows.

Other advantages: You also have the option to use the "Card Control" feature. You can select what will happen when the card is removed from the reader. The computer can be locked, or you can be logged off, or the computer will shutdown, depending on your selection.

Q: I set up my Power LogOn card to logon to Windows, but the "Card Control" feature doesn't work. Did I do something wrong?

A: You must reboot your computer after entering the Windows logon information before you can use the "Card Control" feature. Also, when you remove your card from the reader, if Windows is busy doing something else - for example, if you just started your computer - Power LogOn will not react until Windows has finished processing. Note also that you must have logged on to Windows with your Power LogOn card in order to use the "Card Control" feature. If you logged on to Windows manually, Power LogOn will not have control over the "Card Control" feature.

Logon to Websites and Applications

Q: My Logon Entries screen does not have any information in it yet. How do I get started?

A: If the "Auto-Recorder" feature is active (under "Settings" - "General"), Power LogOn will offer to save logon information each time you logon to a website or application that Power LogOn does not know.

Or, if you prefer to switch the Auto-Recorder to inactive, you can click on the "Record" button to begin recording logon information. When Power LogOn is in your system tray (bottom right of screen), you can also right-click on the Power LogOn icon and click on the "Record" option to begin recording information onto your card.

To enter logon information into Power LogOn manually, click on the "New" button on the right side of the Logon Entries screen. The Logon Information window provides entry fields for your logon information. Click on the "i" button, whenever you need a more detailed description of an item. Note that when you enter information manually, you will only be able to transfer information with the "button-click" method, since Power LogOn cannot "Auto-fill" when information was entered manually.

Q: What's the easiest way to transfer logon information using Power LogOn?

A: The easiest way to enter logon information into a website or application using Power LogOn is with "Auto-Fill." When the "Auto-Fill" feature is set to active (under "Settings" - "General"), Power LogOn will automatically fill in logon information which was previously recorded. You can specify whether you want to automatically submit the information or not, by selecting an entry and clicking on the "Change" button. In most cases, it's a good idea to use the "Auto-fill and don't submit" option, which is the system default, since this provides you with more control.

Q: I specified that an entry should "Auto-Fill," but it doesn't - why?

A: First, make sure that "Auto-Fill" is set to active (under "Settings" - "General"). If yes, then you should be aware that some entries, even if they were recorded, will not be able to auto-fill. For example, if the URL website address for a website is constantly changing, Power LogOn will not be able to auto-fill, since Power LogOn will only auto-fill into exactly the same location which it recorded from. There are also a few websites that have hidden entry fields or commands, which cause the recording of the logon information to be unusable. In the two cases described above, you can either enter the information into Power LogOn manually and use the "button-click" fill method, or just "drag and drop" the information into the logon fields.

Q: When I select the "button-click" fill method, why am I sometimes prompted to use the "Fill Form" button in my web browser and other times prompted to use the Power LogOn "Logon Now" button?

A: You will be prompted to click on the "Fill Form" button in your web browser if the logon information was recorded by Power LogOn. (If the "Fill Form" button is not displayed in your web browser toolbar - displayed at the top of your screen when you are online - right-click on the toolbar and click on the "Power LogOn Logon Manager" selection to activate the Power LogOn buttons.) If you entered your logon information into Power LogOn manually, you will be prompted to click on the "Logon Now" button to transfer information.

Q: I clicked on the "Fill Form" button in my web browser, but nothing happened - why?

A: Similar to the "Auto-Fill" feature described above, some entries, even if they were recorded, will not work with the "Fill Form" button. For example, if the URL website address for a website is constantly changing, Power LogOn will not be able to fill in the information, since Power LogOn will only fill into exactly the same location which it recorded from. There are also a few websites that have hidden entry fields or commands, which cause the recording of the logon information to be unusable. In the two cases described above, you can either enter the information into Power LogOn manually and use the "button-click" fill method, or just "drag and drop" the information into the logon fields.

Q: I double-clicked on a website name in my selection list and nothing happened. Why not?

A: Single click on the website name, and click on the "Change" button, to view Logon Information for this website. Check to make sure that the web address which you designated for this website is correct, and includes "http" or "www," if required. The easiest way to ensure that this information is correct is to record the entry. Or, if the entry was entered manually, take the web address directly from your internet browser using the "Get URL" button.

Q: When I enter logon information into Power LogOn manually, why doesn't Power LogOn transfer my logon information into the website/application correctly?

A: Most logons are accomplished in a standard fashion, so Power LogOn will generally log you on correctly the first time that you click on the "Logon Now" button. If you're experiencing complications, consider the following:

Was your cursor in the target logon field? The most common mistake is that the cursor was not in the first logon field (usually the user name field) of your target website or application. Usually, the cursor will go to the first logon field automatically. However, if you click elsewhere in the meantime for example, you'll have to click back to the first logon field so that Power LogOn knows where the logon data should be entered. The cursor sometimes blinks, to show that it is active.

Did you click on the Power LogOn "Logon Now" button? Another easy mistake to make is to click on the logon button of your website or application, instead of clicking on the Power LogOn "Logon Now" button. The Power LogOn "Logon Now" button must be clicked in order to initiate the transferal of logon information from Power LogOn to the website/application.

Does Power LogOn start to enter the logon information, and stop before entry is completed? In rare cases, a website may take too long to process logon information, causing the logon process to time out. Or, if your computer hardware is slow, the logon process could also possibly time out. In either case, you can still use Power LogOn to securely store your user name and password information. Use the arrow buttons next to the user name and password to drag the information to your target website or application fields.

Do you have to customize your Power LogOn logon setup? If you have double-checked, and you do not have any of the common situations described above, you may have to customize the enter/tab keystrokes for this entry. This is easy to do in Power LogOn, by following the instructions below:

Check the number of tab or enter key strokes which are required by the website or application, by entering the user name and password information manually at the website or application. Power LogOn has a pre-set default setup of a single tab keystroke after the user name, and a single enter keystroke after the password.
If your logon entry differs from the Power LogOn default setup, make a note of how many tab or enter key strokes are required after each entry field.
To change the logon setup in the Power LogOn, single-click on the website or application name in the Logon screen, and click on the "Change" button to go to the Logon Information screen. Click on the "i" button, for additional assistance.

Tried all of the above, and still can't logon at a particular website or application? In the rare case that you can't get Power LogOn to transfer logon information for you, you can still use Power LogOn to securely store your user name and password information. Use the arrow buttons next to the user name and password to drag the information to your target website or application fields.

Q: Why does my logon to a saved website stop working when it had been working for some time?

A: Many times the owners of a website will make site changes and re-designs. In doing so the changes no longer coincides with the data stored. To fix the problem, manually re-enter your logon data and save to the card when asked. Finally, delete the old entry from Sphinx Logon Manager after the new entry is working.

Address and Payment Information

Q: My Address and Payment screens don't have any information in them yet. How do I get started?

A: Click on the Address or Payment tab then click on the "New" button. The entry window provides entry fields with program default labels. To change the labels, click on the "More" button. Click on the "i" button, for more information.

Q: How do I "drag and drop" information into a website or application?

A: Double-click on an entry. The "drag and drop" window for the entry will pop up. Click on the arrow to the left of an item, and keeping your mouse button pressed, drag it to the target website/application field. When you let go of your mouse at the target field, the information will be left there. Alternatively, you can copy/paste information to your target fields.

Backup / Restore

Q: Why should I backup my Power LogOn information?

A: For contact chip card users, it's especially important to make frequent backups of your Power LogOn information. Then, if your card becomes defective or is lost (or if you lock yourself out of your card and forget your PUK), you can load your backup information onto a new card.

You will be prompted to enter a backup password when you backup your information. Be sure to keep this backup password in a secure place, so that it will be accessible if you ever need it. You must have your backup password in order to restore backup information to a new card.

Q: If I backup my Power LogOn data, can someone else use it?

A: Power LogOn backup information is stored in an encrypted file, either on a floppy disk or on your hard or network drive. The backup information can be restored to any Power LogOn card as long as you know the backup password. For this reason, it's important to ensure that the backup password and the backup itself are kept securely.

Q: What's the safest way to store my backup information?

A: You can backup your Power LogOn information to a floppy disk, your hard drive, or to a custom path. Saving your Power LogOn information to a floppy disk which you store in a physically secure location is usually the best option. However depending on your individual installation, you should use your best judgment to consider which location you should use. The advantages and disadvantages of each location are discussed further in the User's Manual.

Q: What happens if I restore backup information, and my Power LogOn program and/or card still has data in it?

A: Power LogOn will overwrite all information in your Power LogOn program and card with the information in your backup file, when you perform the restore function.

Security Questions

Q: Is there a way that I can leave my Power LogOn data accessible to me but safe from others without closing the program, for example, when I step away from my desk?

A: There are a couple of ways you can do this. One option is to use the Windows screen saver lock option, so that access to your computer is locked when the screen saver is activated. In this case, you will be prompted to present your card to the reader and enter your card PIN to unlock the computer. See "Logon to Windows / Networks with Card" chapter in the User's Manual for more information. Another option is to set the PIN verification timeout to "0," so that you will be required to enter your PIN each time that you open the Power LogOn program from the system tray. See "Settings" chapter in the User's Manual for more information.

Q: How secure is my Power LogOn data?

A: Your Power LogOn data is protected by a layer of DES encryption and an additional layer of proprietary encryption. DES encryption is widely regarded as providing very strong protection, and is very time-consuming to crack. The additional layer of proprietary encryption is even harder to crack. Because it's proprietary, there are no known routines which can be used to decipher it.

Smartcard Questions

Q: Why use a smart card to store my sensitive data?

A: A smart card functions like a micro-computer, whose only task is to keep your data and identity safe. This technology is far more secure than storing valuable personal data on your computer or an external USB device.

Q: There are programs that make it possible for my computer to also encrypt and decrypt my personal data. Why is a smart card better?

A: A smart card is protected by a PIN, and if the wrong PIN is entered several times, the card's internal microprocessor will lock access to the card. Your data on a hard drive or USB device may also be protected by a PIN that forbids entry after several wrong PIN entries, but the difference is that the data on the computer can be copied, therefore the number of times a hacker can try to crack your data is limitless. In contrast, once a smart card is locked up, it is very difficult, if not impossible to open again. That means that even if your smart card is lost or stolen, your sensitive data (passwords, credit card info... ) is still safe

In contrast, if your sensitive data is merely stored on a hard drive or portable storage device, it is vulnerable to multiple types of attacks. For most software products that rely on data encryption alone (without the added security of a smart card), there are hacker tools available to crack or bypass the password security. If these hacker tools are not yet available, security can be broken by brute-force attacks or reverse engineering.

Furthermore, smart cards contain cryptographic keys that are used for secure authentication and on-card data encryption. These keys are protected by the smart cards security features and never leave the card during authentication or encryption processes. All of these reasons mean that smart cards - with their small size, high portability and high-end security features - are the ideal storage device for your most security sensitive data (passwords, credit card info, certificates, health info...)

In summary: A smart card (or secure token) offers a much higher degree of protection since the card is specifically designed to protect your data from unauthorized access. Computer hard drives, removable disks or external mass storage devices, in contrast, are open systems that do not have comparable hardware and firmware protection mechanisms.

Power LogOn Card

Q: The card is in the reader but the Power LogOn software cannot find the card. Why not?

A: There could be several reasons.

First, test if the reader is functioning. Is the green LED light illuminated?
1. Yes,
  1. Check if any foreign objects have been inserted into the reader. If so, carefully try to remove it. If you cannot, please contact Access Smart at support@access-smart.com or call 1-877- 795-6466 for a new or replacement reader.
  2. Go to step 2 below.
2. No,
  1. Desktop reader: Check the reader cable is properly connected to the computer's USB, or Notebook reader: Check that the reader is not upside down (Access Smart label is facing up), the correct end is being inserted into the computer (see arrow on label), and that the reader is fully seated into the PCMCIA port.
  2. To check if Windows sees the reader. Click "Start," "Control Panel," "System," "Hardware" tab, and "Device Manager" button. Look to see if there is a "Smart Card Reader" item without any errors or exclamation marks. If there is no listing, then the drivers were not installed correctly. See "Reader" below for more information. If there is an exclamation point, then there may be a hardware or driver conflict. You may want to contact Access Smart's technical support for assistance.
Next, test if the card has not been altered in a way to prevent the contact module from communicating with the reader. Is the gold chip module clearly visible, free of paper or other foreign objects, and has not been damaged or deformed?
1. Be sure the label was not placed on the wrong side of the card such that it covers the gold module.
2. Remove any foreign object covering the module.
3. Does the card look like it has been bent, folded or mishandled in such a way that it is not in its original condition when shipped? If so the chip may have been damaged and the card will have to be replaced. Data can be restored onto the replacement card using the Backup/Restore commands, assuming you did back-up the original card's data.
Finally test if the card is being inserted correctly into the reader?
1. Desktop reader: Orientate the card's gold chip facing the same way as the "Access Smart" label on the reader. (Example: If reader is mounted on the base and the reader is in its vertical position with the Access Smart label facing toward you, the gold module should also be facing toward you when you insert the module end of the card into the reader slot).
2. Notebook reader: The gold module face of the card should be facing up, and the module end of the card should be slid into the reader just above the plastic tab. You may want to remove the reader from the notebook computer and see how the card fits into the reader. Re-insert the reader and slide in the card again. Push the card into the reader until it is fully seated.
Inserting a card in a reader should briefly switch the LED from its continuous green state to red. This indicates that the card is being detected and powered up by the reader.

Power LogOn Reader

Q: Why doesn't the Power LogOn reader driver load or the Power LogOn reader doesn't appear on the device manager list?

A: First, the reader has to be connected to the computer. In Microsoft's Device Manager window you should see a listing for "Smart card readers." The desktop reader will appear as "CardMan 3x21"; the notebook reader will appear as "CardMan 4040." If a different reader or additional readers appear under the "Smart card readers" heading then you have another smartcard reader installed on your computer that is conflicting with the Power LogOn reader. Other smart card readers typically work with the Power LogOn software so you may not need to install our reader.

Q: Can I use a smartcard reader from another manufacturer?

A: Power LogOn is designed to work with a number of different readers from different manufacturers. In all likelihood your reader will work with Power LogOn. While Access Smart technical support can work with you to resolve general conflicts, you may have to contact the other reader manufacturer for updates; or you may have to switch over to a Power LogOn reader from Access Smart.

Q: How do I manually install a reader driver?

A: First connect the smart card reader to the computer. In many cases Windows will detect the reader and load the drivers. If not, you may need to manually load the drivers (advanced users), or contact Access Smart's technical support. Note that you should be connected to the internet to allow Windows Update to install the latest driver for the smart card reader.

Power LogOn Printer Labels

Q: The printing of the label is off by 90 degrees?

A: The templates are set up to print with the label loaded into the printer narrow side first. Also be sure that the label is the correct side up depending on how your printer operates.

Q: Do I remove an old label from the card or do I put a new one on top of the old label?

A: You must remove the old label since stacking labels on top of each other will eventually make the card too thick to input into a reader.

Q: How best to remove a label?

A: Peel up one of the corners. While holding the corner slowly but firmly pull the label back upon itself. The label should come off in one piece. There should be little to no glue left behind on the card, but if you need to remove any excessive amounts, an automotive bug and tar removal product should work.

Q: Why do you supply extra labels?

A: In case you experience any set up, printing or installation issues we give you extra labels. Also, if you wish to change the label's graphics at a later date, you have labels to accommodate your needs. You can purchase additional labels from the Access Smart web site by visiting our online store.

Get the latest security news from Access Smart — Enter your email address:
Click here to learn more about how to protect your company from a data breach