Password management company LogMeOnce has announced an update to both its consumers and business products. The announcements are the first in 10 months and are aimed at different audiences although businesses can get all of the consumer benefits which may well appeal to those with a large installed base of user owned devices.
Turning the tables on the hackers
One of the interesting features of LogMeOnce is something called Mugshot. There are thousands of posts on the Internet where device thieves have found their photos uploaded to the cloud photo storage of their victims. This has made it easier for law enforcement to identify and charge people with the theft of mobile phones, tablet computers and even laptops.
LogMeOnce has taken this a step further. If anyone attempts to connect using your credentials, it logs an image of them through whatever device they are using. It also captures other data about the device they are using such as IP Address, the GPS location of the device and time stamp. All of this is done silently in the background to prevent the potential hacker knowing what is going on.
According to Kevin Shahbazi, CEO of LogMeOnce: “Mugshot is like an alarm system for your digital property. The technology creates a digital fence around your account to detract hackers from entering. For those hackers willing to hop the ‘fence,’ an alarm is set off and action is taken so users can have a clear understanding of who is hacking them and where the threats are coming from. Hackers can be complete strangers, but often times they are an individual you know, like a former employee or partner, making Mugshot an extremely valuable and unique tool for our users.”
It is the latter part of Shahbazi’s statement that will attract the attention of a lot of corporate security teams. IP addresses can be faked and GPS data is often just an approximation. However, if the device is connected through a mobile data connection, the GPS data can be compared with other things to provide evidence of the hackers location. This approach to gathering information that can be used in a court case is something that enterprise security teams are slowly beginning to grasp.
Allowing enterprise IT to rebrand the product
An interesting update to the business edition sees LogMeOnce make it possible for enterprise IT administrators to brand the product. This means that they can use it to replace their existing credential management solution and deploy it as part of an enterprise software build. This will appeal to large organisations who otherwise would have to persuade users to use a different logon app than they are used to.
It is not just enterprises who will like this feature. Many of the emerging cloud service providers would see value in taking this on and adding it into their app store where it could be deployed to their customers user base. At present there doesn’t seem to be a lot of information on this ISV approach but with other password manager programmes going down that line it can’t be long before LogMeOnce follows suit.
Separating company and personal passwords
One thing that isn’t clear is how LogMeOnce will make it possible for users to keep separation between their work and personal identities. Nobody wants to have to deploy multiple apps to do the same job, especially as users continue to merge their work and personal experiences into a single location.
What would have been useful would be an option in the business version for administrators to deploy two databases – business and personal to the user. This would allow a user to tick a box to say that these credentials are used only for business, only for personal or both. If the user then changes job, only those credentials that are marked only for business would be revoked and the user would have the option to buy their own licence to continue to access their personal credentials.
Team sharing is more than just business
One interesting feature is that LogMeOnce users can share passwords with other people irrespective of whether they have the consumer or business editions. There is a caveat to that in that the more people you want to share with the more expensive edition you need to purchase but that makes sense.
This also then goes back to the enterprise scenario above. To present a user sharing their enterprise credentials with a business partner, friend or family member, the IT team can control who can be part of the team the credentials are shared with. This means that even if a hacker infiltrates a company and gains access to shared credentials, unless they can also create new domain users and add them to the team, they are limited in how they can share the credentials.
While there are many products out there in the credential management market LogMeOnce seems to have done a good job of trying to separate itself from the competition. It would have been nice to see an attempt to help users separate work and personal credentials but maybe that will come in the next update.