Single Sign-On Goes to Work

Passlogix's V-Go SSO 3.1 is good for users at the same workstation but not so good for kiosks.

The latest version of V-Go SSO, Passlogix Inc.s single-sign-on utility, includes major new capabilities that belie its ".1" status. In eWeek Labs tests, V-Go 3.1 allowed us to easily manage passwords for all of our test applications and enabled us to use any LDAP-compatible directory to centrally manage user credentials. However, aside from options configured at installation, there is no way to centrally manage V-Go SSO clients once they are out in the enterprise.

Released last month and priced at $65 per seat, V-Go SSO 3.1 is compelling because in nearly every case in our tests, it provided a very high level of password security while requiring almost no server-side software and no hardware.

Compared with products such as Computer Associates International Inc.s Single Sign-On, which employs an API to provide log-on customizations, V-Go SSO might seem underpowered. The product has no central management tool and doesnt provide an API for more extensive application-handling actions such as group log-out—a capability that, for example, kiosk users in a hospital might want, although it has a serviceable scripting capability that allows administrators to support log-ins for custom applications. However, our tests showed that for ease of implementation and ease of use, V-Go SSO is hard to beat.

V-Go SSO does two things: It recognizes when a password is required by an application and gives the user an easy interface with which to supply the correct credentials. In tests, V-Go SSO identified every user name/password challenge and subsequently supplied the correct password.

We used V-Go SSO with slapd, a stand-alone LDAP processor from the OpenLDAP Foundation, during tests. It was a straightforward process to configure the V-Go SSO client to check the slapd server for user credentials. Using an LDAP directory, IT managers can simply remove an end-user credential, and V-Go will prohibit that user from logging in to any application. This significantly reduces the potential for unauthorized access by former contractors and employees.

In addition, IT managers can configure V-Go SSO to create new passwords for users to access applications and Web sites that they use—passwords that are not revealed to the end user. In tests, we created accounts that required a user name and password. While we continued to use the same V-Go password, we were unable to access the accounts independently of V-Go. This adds a layer of security because users must have access to a system with V-Go installed to get into the applications.

In the flock of end-user credential management tools, V-Go SSO is competitive not just with single-sign-on tools but also with password self-management tools such as Courion Corp.s PasswordCourier. Where PasswordCourier enables users to replace a lost or stolen password by going though an automated system and thus bypassing the help desk, V-Go SSO operates on the idea that a single strong password will reduce the number of times a password will be forgotten.

V-Go SSO also differs from other single-sign-on tools in that it is designed to authenticate users on the PC they are using. During tests, when we logged on to V-Go SSO, we supplied a password to V-Go that was verified with an encrypted file on the test machine. Thus, even if a user were working on a password-protected application or document away from the network—for example, on an airplane—that application would still be available because password authentication happens locally.

V-Go comes with built-in recognition for a wide range of terminal emulators, common desktop applications and many client/server utilities.

For applications that are not already included in V-Go SSO, Passlogix provides configuration utilities that should improve the chances that IT managers will get the new application up and running with few problems. This feature is connected to a pair of handy utilities in V-Go SSO 3.1 that made it easy for us to customize the product for deployment to the desktop. We configured the ftulist.ini file, which assists first-time users through initial configuration; and the entlist.ini file, which adds log-on support for additional programs.

Although the configuration utilities should help administrators deploy V-Go SSO, and the setup wizard was very simple to use, managers should plan on a lot of hand-holding when rolling out the product. V-Go SSO replaces the traditional password with a variety of themed pass symbols. For example, to log in to V-Go SSO, we selected the time theme. Other themes include meals (chicken + corn + broccoli + bread = my password) along with about 10 others. Users could easily get confused about how to set these theme passwords—and be tempted to write down their new password combination.

Senior Analyst Cameron Sturdevant can be contacted at [email protected]

Usability - A

Capability - B

Performance - B

Interoperability - A

Manageability - B

The latest version of Passlogixs V-Go single-sign-on utility has gained new LDAP integration capabilities that make the product more attractive to IT managers who need to get a password management system up and running quickly.

SHORT-TERM BUSINESS IMPACT // V-Go SSO can be deployed rapidly, but most enterprise users will need to tailor the tool so that it automatically recognizes their custom applications.

LONG-TERM BUSINESS IMPACT // Once in place, V-Go SSO 3.1 requires little ongoing maintenance to keep working properly. IT managers should expect to see a reduction in help desk calls for password resets, and its reasonable to expect fewer break-ins that are based on easy-to-guess passwords.

Up and running quickly with no server-side hardware or software.

End-user options can be configured only at installation time; no central management tool.

Passlogix Inc., New York; (866) 727-7564;