AMUST 1-Login 1.0

How many Web-based passwords do you need to remember? Ten? Twenty? Far more?

More to the point, how do you remember them? Do you resort to using one password for all sites? That has an obvious downside: any malware that steals your password can access all your Web sites. Do you scribble your passwords on sticky notes or a piece of paper? (Downside: any person who finds the documents can access any of your Web sites.) Do you use password-storage software? (Downside: malware that can grab your password files can decipher its passwords with relative ease these days.) Or are you one of a rare breed who has a mental algorithm that lets you figure out your passwords on the fly? (Downside: you’re as compulsively odd as I have been over the years.)

Despite some version 1.0 rough edges that make initial setup a wee challenging, AMUST 1-Login offers a conceptually exciting alternative. You provide a single, master password and 1-Login generates a unique password based on that master password and the URL for any site you visit -- such as your bank and favorite online retailers.

You’ll need a recent version of Microsoft Windows as well as Internet Explorer to exploit 1-Login. (A Firefox version is in the works, the company says.) 1-Login works for me under Windows XP Pro with SP2 installed; it bombed under Windows 98 SE.

You can use 1-Login in various ways, but the beauties are that the passwords you generate aren’t stored on your computer, and simply by remembering your master password you can log into your password-protected Web sites from any computer. So malware can’t capture typed entries because you don’t type them, or steal stored password files because they aren’t there.

How does 1-Login perform its magic? It applies an algorithm based on your master password and a Web site’s URL. For the technically inclined, the algorithm uses a one-way hash with HMAC-MD5 encryption on the fly. The result also is stronger passwords than most of us are willing to manually create and memorize. The product can use passwords currently installed on your computer, but you’ll want to delete your current stored passwords if you rely on 1-Login.

A free version of the product is limited to 10 login passwords. If it works as well for you as it has for me, you can pay a pittance for unlimited login passwords.

My biggest gripe is that 1-Login fails to install unless you consent to loading it every time you start Windows. (Please, let me decide for myself given all the potentially contentious startup processes competing for the heart and mind of my computer.) But that and a few other discomforts aside, my advice is to test drive the product and see how it works for you. Lately, AMUST Software has been at the leading edge of desktop security products.

J.W. Olsen has been a full-time IT author, columnist, editor, and freelance book project manager with more than 1000 editorial credits since 1990, and has provided computer, Web site, and editorial services to other clients since 1985. He welcomes feedback via the response form at www.jwolsen.com.