Clipperz secure password storage–online
How many passwords do you have? Lots. Yeah, me too. Probably not as many as I should have but, we’re not going there. Of course the big challenge for all of us is remembering and tracking them. There are solutions like RoboForm (which I liked) and this one I saw on Lifehacker, Clipperz:
I know, it sounds like a security disaster waiting to happen, but the site promises uncompromised safety and confidentiality:
Clipperz exploits the capabilities of modern browsers to efficiently execute Javascript code. All your private information are locally encrypted before storing them on Clipperz servers. So you don’t need to trust Clipperz because you are just giving Clipperz a bunch of scrambled and twisted bits.The site relies on custom, database-like “cards” that contain whatever information you want to store: site passwords, credit card numbers, alarm codes, etc. To cut down on manual data entry, there’s a bookmarklet that creates a new card from a site’s login page. Clipperz also lets you download a read-only version of the database to your hard drive for offline viewing.
Okay, this is one I’m not going to try. Yeah I’m a skeptic on in this regard. No, I don’t have a good solution, but really I don’t want to trust something that could go away or be hacked with my passwords. Yes, I use and rely on online backup. I see this as different. See I can always, and do, maintain a redundant backup of the files. Password, sure I could do the same, but then what’s the point of having one online?
Getting to your passwords anywhere? Well if it’s that important that you need to know it when you don’t have your machine, you should memorize it. I’ve done this for my banking and core e-mail passwords.
Yes, I’ve even done the piece of paper with passwords on it, but I was sneaky about it. See I didn’t write the whole password. I wrote down what I needed to remember it. I used a system to generate passwords so I only needed part for me to know.
No matter what, until we all have cool biometrics on our machines, we’re just going to need to remember passwords. Somehow.
Related Stories
POSTED IN: Cool tools
6 opinions for Clipperz secure password storage–online
Giulio Cesare Solaroli
Apr 7, 2007 at 6:01 pm
Hi Tris,
I am very sorry you have decided not to try our service.
I can really understand that there are many security concern about having some stranger manage your sensible data, but this is a fear we believe we can answer.
But before going on all the technicalities required to prove how secure is our service, why don’t you simply take some of your less valuable account (some forum, one of those countless free email service I am sure you have activated and that are now just collecting spam) and try how convenient our direct login feature could be? How handy is to get an offline copy of your (encrypted) data, bundled with the application to access them, that you can carry around on any USB device?
We have worked really hard in order to make the Clipperz features addictive; we really want our users to enjoy every aspects of our service: the user experience, the convenience and, last but not least, the security.
We have tried to hide all the boring detail of security away from the user.
For example, when you log in our service you are provided with an ultra-standard username/password (we call it passphrase, but it is just the same) form. But if you care to look into the details (the full code of our application is available for inspection on our site) you will see that we really care about security without any compromise; what looks easy and simple on the surface is really chock-full of security feature.
I hope you will take a second look at our service, and try by yourself if its features are really convenient or not.
And if you happen to agree with us that the feature set is interesting, we would be very pleased if you will join our discussion group [1] to find out all the details of the security features we have implemented to take care of your data.
Thank you anyway for your interest in Clipperz
Giulio Cesare Solaroli
Clipperz co-Founder and CTO
[1] http://groups.google.com/group/clipperz
Tris Hussey
Apr 7, 2007 at 6:14 pm
Giulio, Well there’s nothing like a personal invite to change my mind! Okay, I’ll give it a shot.
Giulio Cesare Solaroli
Apr 8, 2007 at 1:06 pm
Tris,
thank you very much for this second chance.
If you have any question or doubt, feel free to ask; any feedback is very welcome.
Tara Kelly
Apr 9, 2007 at 5:02 pm
Tris - you’ve got another personal invite.
This time from PassPack, also an online password manager. Why not try the same experiment on both systems, and … let the games begin. :)
https://www.passpack.com
We use also use encrypted data that is totally unreadable on our server - same basic security structure. So far Clipperz has one-uped us on the autologin - ours is (very) soon to be released, but they beat us to the mark. You can see the screencast via this post on the blog: http://passpack.wordpress.com/2007/03/22/passpack-auto-login-no-plugin-needed/
It may be late in the coming, but it should be very flexible and fast.
Enjoy!
Tara
Tris Hussey
Apr 11, 2007 at 11:44 am
Well now a challenge! I like it. The problem I’ve run into with Clipperz is that it doesn’t support IE (I use Maxthon, but still). What about passpack?
Tara Kelly
Apr 12, 2007 at 11:09 pm
Hi Tris,
Yup. PassPack runs on Explorer (6 and 7), Firefox (1.5+) and Opera (8+). Be they on Windows or Unix.
And just so you know what to look out for, here’s a features comparison between PassPack and Clipperz:
http://passpack.wordpress.com/2007/04/10/passpack-and-clipperz-the-difference/
Happy testing!
Tara
Have an opinion? Leave a comment: