Today we're announcing a major upgrade to the Meldium password vault. In addition to securely storing and distributing your credentials, and automatically logging you in to apps, Meldium can change your insecure passwords for you, all from one central UI. This upgrade is available to Meldium customers on every price tier. We're rolling this feature out in beta today with support for 20 of our most popular apps, and we'll be adding many more soon.
Why automatic password changes?
Passwords are a lousy technology for authentication, and we're working hard to get rid of them completely. But we still have to deal with them on the thousands of web apps that people use to create and collaborate every day. Companies store their most critical data on the web, and often the only thing protecting that data is a password.
Unfortunately, sometimes those passwords need to be changed. Here are a few reasons to change a password:
The service has a weak or duplicate password - it might be an easy to guess dictionary word, or it might be shared across multiple apps, which increases the exposure if it is stolen.
An employee or contractor who had access to the password leaves the company.
The service reports that your password has been breached by an attacker, or worse yet that all of the passwords for that service have been stolen (as with the recent eBay security breach). Worse yet is a widespread security problem like Heartbleed, in which we were all advised to change all of our passwords. Everywhere.
Periodically rotating your passwords for no reason at all is also considered to be good hygiene by security professionals, and we'd all do it more often if it were easier to do.
This is all good advice, but the reality is that people just don't do it. We proactively notified Meldium customers that they should change their passwords for certain affected sites in the aftermath of Heartbleed, and we found that only 13% of all potentially vulnerable passwords since then.
It's not surprising that our password hygiene is so bad - cycling your passwords, especially on all of your apps, is annoying, time-consuming, and error prone. You have to track down the existing username and password, find the 'account settings' page for the app, come up with a new strong password that meets that application's Byzantine requirements, and then communicate the change back to anyone else you share the account with. Multiply this cost across dozens of apps and you can see why bad passwords persist.
Let Meldium do the annoying work for you
We looked at the Heartbleed aftermath and thought that there must be a better way. So we took all of these steps and built them in to our automatic password change tool. We pick a strong, unique password for you that will work for each app you use. We connect directly to that app, using your old password and the new, strong one to make the change. To be extra safe, we reconnect to the app and verify that the new password is working. We save that password back to Meldium where it is immediately available to your entire team. And the whole process takes just a few seconds per app.
We're working on making this feature even more useful by proactively identifying and alerting Meldium administrators when a password is at risk due to it's strength, age, or exposure. We'll have more news on these advanced security analytics soon - stay tuned.
How to get started
If you're already a Meldium customer, you can try out automatic password changes right now - click on the "Change Password" menu option on the Meldium Launchpad, or take a look at the Heartbleed report for passwords that are at risk and change them today!
If you're not yet a Meldium customer, sign up today! Not only is Meldium the world's most advanced password vault, but it also features comprehensive account provisioning and deprovisioning tools. Sign up is completely self-service and all of our plans come with a two week free trial.
Finally, subscribe to our blog (type in your email address just to the left on this page) for more updates on what we're doing to improve password security for all of our customers.
We are very excited to release this long awaited feature. Please share your thoughts and ideas right here or on Hacker News.