Do-it-yourself password recovery

If your agency's information technology staff is overworked—and whose isn't?—one way to provide some relief is to reduce the number of help requests from desktop users.

If you think that's easier said than done, take a look at PC Guardian's new Encryption Plus Secure Password Recovery. As the name suggests, the software enables users to recover forgotten passwords without calling the help desk. Because forgotten passwords make up a significant portion of help-desk calls, the program can save time and money by freeing up IT staff to attend to other tasks.

To prepare the program, users create up to three question-and-answer pairs. The questions should ask about personal information known only to the user, such as a grandmother's maiden name or a favorite novel. Later, if a user makes three unsuccessful log-in attempts, the program automatically prompts for the answers to these questions. Upon successful completion, the user is presented with his or her password and logged in.

At first glance this doesn't seem secure, but PC Guardian incorporates a high level of encryption into the program to protect the passwords. The software uses 233-bit elliptical curve cryptography (ECC), a public/ private key technology. In addition, it uses Rijndael—selected last year by the National Institute of Standards and Technology as the U.S. government's Advanced Encryption Standard—with a 256-bit key to protect the ECC private key. If a password is changed, the new password is automatically encrypted and the program's files are updated.

Although the software can be installed on and run from a client PC, most organizations will want to install it on a server and use a combination of network scripting and third-party deployment software to accomplish remote installs.

The program's wizards make it easy to set up Encryption Plus Secure Password Recovery. First, you install the administrator program, which takes just a few steps. Then the administrator configures the user program.

We were impressed with the program's many options. First, the administrator chooses the number of questions (up to three) a user must answer before the password is presented. For each question, there are three configuration options from which the administrator can choose.

The first option allows the user to select a question from a predefined list that the administrator has set up. The second option allows the user to create a question to answer, and the last option requires the user to answer a question chosen by the administrator.

Once the administrator has selected an option for each question, the program is deployed to the user's PC. The user must run through a quick setup process on the client PC before the program is ready to work.

When the user next logs in, the setup program automatically begins. Administrators can choose any of the three options for any of the questions. For example, all three setup questions could prompt the user to choose a question from the predefined list. The primary limitation is that the user cannot use the same question-and-answer pair more than once.

Once the user completes the user program setup, the unique question-and- answer pairs for that person are encrypted and saved. It's important to note that for the program to work, administrators must configure the user's account to lock that user out after a certain number of unsuccessful attempts to log in. Upon lockout, the program automatically runs.

All aspects of setup and use of Encryption Plus Secure Password Recovery are wizard-driven, and instructions are presented clearly.

If your agency's help-desk staff spends too much time helping users recover forgotten passwords, this product should be next on your shopping list.


Encryption Plus Secure Password Recovery

Score: A

PC Guardian
(800) 288-8126

Encryption Plus Secure Password Recovery costs $20 per seat, but quantity discounts are available.

This is an affordable, easy-to-use product that can help IT staff save time and resources.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.