Part 2. use, Chapter 3. password replacement, Biometric password managers – APC BIOM34-EC User Manual

WARNING: Depending upon how the SmartCard was

initially configured, a limited number of failed PIN

attempts may be enforced. If this is the case, and you

exceed the maximum failed PIN attempts, the card may

become locked and permanently unusable. To find out

more, contact whoever configured your SmartCard for

you, or the SmartCard manufacturer

If you are using a fresh SmartCard you will be greeted

with a screen prompting you to establish your PIN.

Please take note of this PIN, if you forget it you risk

being locked out of your SmartCard. Enter your PIN in

both fields and click

Next. SmartCard Enrollment then

directs you back to the next step of the OmniPass

Enrollment Wizard, 2.2.4 Select Enrollment Device.

2.4.3 If your SmartCard already contains data when you select

it as a storage device (from 2.4.1 of SmartCard

Enrollment), you will be warned that the current data on

the SmartCard will be overwritten. This may also happen

if you try to use a SmartCard as a storage device that is

already being used as such by another OmniPass user.

There is a limitation of one OmniPass user per SmartCard.

To proceed, check the box next to

I want to overwrite the

SmartCard and click Next. SmartCard Enrollment then

directs you back to the next step of the OmniPass

Enrollment Wizard, 2.2.4 Select Enrollment Device.

Biometric Password Managers

Part 2. Use

You are now ready to begin using OmniPass. Used regularly,

OmniPass will streamline your authentication procedures. For

the credentials registered with it, OmniPass is a secure

repository. In the event you forget any of those passwords,

you can find them in OmniPass.

Part 2. Use covers basic OmniPass functionality. Review this

section to quickly get familiar with the OmniPass functions

you will most use. If your system is shared among several

users (often the case in a home PC or SOHO environment)

then you may find some additional useful features in Part 3.

Configure.

Chapter 3. Password Replacement

You will often use the password replacement function of

OmniPass. When you go to a restricted access website (e.g.

your bank, your web-based email, online auction or payment

sites), you are always prompted to enter your login credentials.

OmniPass can detect these prompts and you can "teach"

OmniPass your login credentials. The next time you go to that

website, you can authenticate with OmniPass to gain access.

OmniPass prompts you for your "master password", and that

single password gains you access to any site you have "taught"

OmniPass. Or you could login with any hardware

authentication device you have enrolled into OmniPass. This

functionality is not limited to restricted access websites.

OmniPass can learn any set of credentials that you are prompted

to provide (e.g. your Intranet email, your ftp login, any of your

client logins, any restricted access network resource).

3.1 The OmniPass Authentication Toolbar

After installing OmniPass and restarting, you may have noticed

a dialog you had not seen before at Windows Logon. This is

the OmniPass Authentication Toolbar, and it is displayed

whenever the OmniPass authentication system is invoked. The

OmniPass authentication system may be invoked frequently:

during Windows Logon, during OmniPass Logon, when

unlocking your workstation, when resuming from standby or

hibernate, when unlocking a password-enabled screensaver,

during password replacement for remembered site or application

logins, and more. You see the OmniPass Authentication Toolbar

upon Windows Logon because the OmniPass authentication

system is seamlessly integrated with Windows. When you see

this toolbar, OmniPass is prompting you to authenticate.

The bold-faced text "

File Encryption/Decryption Authentication",

next to the lock and keys icon, shows what OmniPass-restricted

function you are attempting. The non-bold-faced text beneath

may give you additional instructions regarding authentication.

The icons in the lower left (fingerprint and key in this example)

show what authentication methods are available to you.

Selected authentication methods are highlighted while

unselected methods are not. When you click the icon for an

unselected authentication method, the authentication prompt

associated with that method is displayed.

When prompted to authenticate, you must supply the

appropriate credentials: an enrolled finger for the fingerprint

capture window, a PIN for the SmartCard PIN prompt, your

master password for the master password prompt (the key

icon). Depending on your Authentication Rules (see 6.2 User

Settings), you may have to satisfy several different

authentication prompts to gain access (e.g. fingerprint AND

SmartCard PIN).

3.2 Remembering a Password and …

Most examples of password replacement used in this document

show the remembering of websites, but OmniPass can

remember any set of credentials used to access any restricted

resource. Any application you use, any GUI client, any password

protected resource that manifests a password prompt,

OmniPass can remember.

Using the following procedure, you can store a set of credentials

into OmniPass. These credentials will then be linked to your

"master password" or any enrolled authentication devices.

Go to a site that requires a login (username and password), but

DO NOT LOGIN YET. At the site login prompt, enter your

username and password in the prompted fields, but DO NOT

ENTER THE SITE (do not hit

Enter or click Submit or OK or Login).

Right-click the OmniPass system tray icon and select

Remember

Password from the submenu. The Windows arrow cursor will

change to a golden key OmniPass cursor. Click this OmniPass

cursor in the login prompt area, but DO NOT CLICK the "Login"

or "Submit" button.

3.2.1

Associating a Friendly Name -- After clicking the OmniPass

key cursor near the login prompt OmniPass will prompt

you to enter a "friendly name" for this remembered site.

You should enter something that reminds you of the

website, the company, or the service you are logging

into. In its secure database, OmniPass associates this

"friendly name" with this website.

You can remember multiple different logins to the same

password protected resource. To do this you must

specify different friendly names for each set of

credentials. If you use the same friendly name then

OmniPass will overwrite the previous set of credentials

associated with the application or website. If you have

several credentials remembered for the same site,

OmniPass will prompt you to select among the available

friendly names.

3.2.2

Additional Settings for Remembering a Site -- When OmniPass

prompts you to enter a "friendly name" you also have

the opportunity to set how OmniPass authenticates

you to this site. There are three effective settings for

how OmniPass handles a remembered site. The default

setting is

Automatically click the "OK" or "Submit" button for

this password protected site once the user is authenticated. With

this setting, each time you navigate to this site OmniPass

will prompt you for your "master password" (or

authentication device). Once you have authenticated

with OmniPass, you will automatically be logged into

the site. Less secure is the option to

Automatically enter

this password protected site when it is activated. Do not prompt
for authentication. Check the upper box to get this setting,
and each time you navigate to this site OmniPass will log

you into the site without prompting you to authenticate.

M.15