Friday, January 12, 2007

Online Password Managers - why you should use them...

If you use different passwords for different authentication systems, and you come back from a fairly long vacation, I am sure you would have felt the need for password manager to manage all your passwords :)

Traditionally, you would use Password Manager on your existing system, use a Master Password to access control to your list of passwords - its not secure at all - your system might be prone to attacks from viruses, worms that might destroy your system. Even your passwords list file might be accessible to someone who is smart enough to actually work on it show up your passwords. All said, we can say, its not the safest way to manage your passwords

Recently, there is a trend which has emerged which lets you store your passwords safely by using some very interesting technologies. These password managers allow you to access your passphrase from any browser and access your password lists.

It is important to know how exactly these password managers work and the following illustration gives a fair idea of it



From the above illustration which shows only the decryption part, your data is NEVER stored on the server in a plain format which can be even manipulated or read by even the System Administrators of the server. All the server does is send in encrypted data to a ENVIRONMENT in your browser where data is either encrypted or decrypted based on whether you are saving a new password or reading an existing password.

These password managers usually use one of the strongest encryption methods - AES (Advanced Encrpytion Standard) and is very safe from man-in-the-middle attacks.

Two online password managers which use the above techniques and which you can use would be

Passlet - www.passlet.com

and

Passpack - www.passpack.com

I had tried Passlet couple of months back, and got to know about Passpack recently. First glance, Passpack definitely seems to have better user interface.

Go ahead and create your online password manager account today - both of them are Free!

8 comments:

Anonymous said...

Hi,
Clipperz.com will be offering soon a similar service. Please take a look at the cryptographic foundations it is based on.

The launch of the public beta is just a few weeks away.

Feel free to contact me for any further information.

Marco

Anonymous said...

I have breifly read through the two sites mentioned in your above article, and also Clipperz.

Clipperz site, information, superior knowledge, open source code, etc has me more convinced to use them over anyone else.

I would advise only using these online password services for non-consequential accounts, until they have been professionally verified, proven, etc. Do your homework good and hard before putting credit card info, etc into one of these services.

I also want to look into automating my own backups with these services. For free, you can never expect too much.

Nick Y said...

I want to tag my info and webpage to the above comment...

-Nick Yeates-
http://www.nickyeates.com

Anonymous said...

@Nick,
Thanks for posting your concerns. Using PassPack for an array on non-important passwords is fine. It can also be used for non-passwords as well: registration codes, software keys, frequent flyer miles, notes or even just private links. Think of it as a mini personal vault.

We've recently published a features benchmark with Clipprez. I hope you'll have a look:
http://passpack.wordpress.com/2007/04/10/passpack-and-clipperz-the-difference/

PassPack offers import/export and backup/restore functions you mentioned. Clipperz doesn't.

I hope you'll at least try it. You can make an account for free, import some passwords, play around and delete the account without ever having to save anything to the PassPack server.

Cheers,
Tara

Anonymous said...

Sorry, here's that link again:

PassPack and Clipperz Features Comparison

Anonymous said...

There are other good password companies out there. One such instance is www.mashedlife.com.

This website also offers online password management, but it has a host of other features.

One such feature is the ability to share certain passwords with other users. So if families or companies wish to share passwords for certain websites, that can easily be arranged. It also displays password usage by the multiple users.

Another feature that most sites do not have is its integration with the Yubikey device. This device lets large companies give access to passworded sites without compromising security.

Like all the other sites, this one offers encrypted security, one-click login, auto-login when available, its free, very easy to use, does not require any extra downloads. It also works on many different browsers for Windows, Mac, and iPhone. This also has a unique Facebook application that allows users to access MashedLife through Facebook.

So I invite you to check out this site and give it a try.

MashedLife
Yubikey

Matthew Buechler said...

Midwest PROTECH, LLC is coming out with a new product called PassPROTECH (www.pass-protech.com) which uses the same secure AES_256 encryption with a secure log-on process. The site is still in beta so it's free for now. It's using 100% server side ASP for platform independence - you can even access your password list via your cell phone. Initial beta testers get a free year on the subscription when the service goes live.

Safe and Secure Online Password Manager said...

Mitto (http://mitto.com) is another safe and easy to use alternative for those looking for an online password manager. They are certified by McAfee (security) and TRUSTe (Privacy).