The Keychain Killer
Improve Security by setting FileMaker Authentication to ignore account names and passwords stored in keychains and password utilities.
These techniques will keep FM files from even trying passwords stored by someone clicking a checkbox during login, making sure that each user must enter their account name and password to open the file.
As developers, it is our job to assure that systems we provide meet valid security requirements in spite of computer systems increasingly trading away good security for ease of use.
- OS and utility programmers keep making it easier to store passwords, giving the computer itself access to secured systems without verifying who is at the keyboard.
- Businesses, healthcare systems, and government agencies are demanding more security to ensure that only individuals with valid personal credentials access sensitive data, but prohibitions on storing passwords is often ignored by employees.
- Many of the worst security breaches have been traced back to lost or stolen computers being used to access data which was supposedly secured.
- Compounding the problem are shared workstations and laptops—the latter being more prone to loss and theft. If the CEO loses a laptop, it's a little late to lecture the boss on security, and who wants that job anyway!
Our example file shows how to stop FileMaker Authentication from using passwords stored from a keychain. This method takes only a few minutes to setup, requiring setting the File Options to use a default account login with only permission to perform a relogin process.
Implementing this technique can significantly reduce the risk of unauthorized access to FileMaker served data via computers in the wrong hands — even if implemented after a laptop is lost — but, the earlier, the better. Why wait?
The example file uses these credentials for valid login:
Account Name: Admin
The zipped directory contains a FileMaker example file and a PDF explaining the script and file setup to implement this technique in under 10 minutes.
This technique alone does not assure full compliance with security requirements, as it addresses only the issue of stored passwords.
Setting the File Options to Auto-Login with an invalid account has been found to fail to bypass stored credentials with some combinations of FMP clients and OS versions, so that is no longer considered a safe technique.
The technique in our example file can be implemented on served files which use FileMaker Authentication even after a computer with stored credentials has been lost or stolen, but it is too late to implement this for local files stored on a computer in the wrong hands.
Credentials for all systems which might have been stored on a lost computer should be changed immediately across all systems, including email accounts, as a precaution against the next user of that computer extracting credentials from its keychain utility and entering them manually to breach a hosted system.