Managing Passwords Online

Funny you should post this the same day I just noticed Sony has a new line of monitors with extra space for sticking post-its… and we all know that post-its stuck to the monitor are the ultimate password system: http://www.anotherblogger.com/2006/06/13/frustrated-by-lack-of-monitor-space-for-storing-passwords/

I’m not so sure I could ever get comfortable storing my passwords online. You see all of these stories online about companies losing data. I have no idea who these password safe people are. It’s free so how strong can their security measures be? Who handles their backups? How many other entities have access to their databases?

Their privacy statement even tells you not to store passwords for confidential information.

Scary, very very scary.

>I don’t want a single binary, because I’m trying to share account information
>with Ponzi - which can’t be done effectively through anything other than a
>Web-based solution

wrong .. one of the upcoming feature of the next version of bosspro (formerly BOSS Professional) - which one of your reviewer gave high marks to - will include a revamped LockBox module (www.winextra.com/dl/bosspro2/lockbox.jpg).

It will let you store password info both Global (all users) and Personal (logged in user) and not a web interface in sight :)

I have been playing with RoboForm with their Firefox Plug-in for a few days and it is pretty cool. The thing I like about it is it uses some fairly smart AI to log you into wenbsites, fill out order forms, etc. The software easily manages multiple identities and profiles as well. In additon to forms it uses “safenotes” for all other secure info like PINS, etc.

Unfortunately (for you) this is not an online application. The publisher suggests that you use their free sync software to share passwords across computers. They also sell a pocketPC and palm application. On top of that, theyalso offer software for a USB key so you can take it to other PC’s without leaving any data behind.

http://www.roboform.com

I wish they had on online syncing component too. I noticed that google jsut released a bookmarks, password, browser sync plugin for firefox. This may be good for some people: http://tools.google.com/firefox/browsersync/

pete

Chris Pirillo

I’ve been using Agatra.com for a few months now. Its simple, and has an ‘automatic login’ feature which means that you can login to a site simply by clicking its name. Tagline of Agatra goes ‘Forget your Passwords’, and there are many sites for which automatic login is supported.

Ofcourse, I would never trust my bank account login info with any site - unless its some top-gun, like google or yahoo.

Hello All.
I’m a co-founder at PassPack, an online password manager, so I’ve done a lot of research on this subject. I can’t help but chime into this conversation, it’s right up my alley, so here goes…

- PasswordSafe.com -
Not that safe at all. They can see your data as it is stored on the server. Yes, their FAQ says that they don’t “look” - and I honestly believe that they don’t - but if they can retrieve your data, then a hacker can too. They, themselves, have realized this and clearly state on the account home page (you need to log in). Here’s a warning we recently published: http://passpack.wordpress.com/2007/04/06/how-safe-is-passwordsafe/

- Roboform -
Very popular, but not very portable. You need tote around a USB keychain (extra costs involved). However many internet points will no longer let you use your USB drive in their machines - too many people were installing keyloggers this way. So you could find yourself with USB in hand, and no way to actually get at your passwords. Other than that, and the fact that you can not export your data (vendor lock-in), it’s not a bad service.

- Agatra -
Yes, they’ve been around for a while, and are no doubt safer than PasswordSafe (they use modern browser encryption), and more portable than Roboform (24/7 web access). A better choice than the other two, though they lack in some features like anti-phishing technology and One Time Passwords (for those previously mentioned keyloggers on public machines).

- PassPack -
Anything that is stored at PassPack, can’t even be read by us - no less hackers. All accounts are anonymous, no email needed, and we’re accessible 24/7 via internet. We’ve added anti-phishing technology, protection against keyloggers in public spaces and much more. Our automatic login feature is “coming soon” (make that *very* soon). The full features sheet is here: http://passpack.wordpress.com/passpack-infosheet/

If you’d like to try PassPack (it’s free):
1. Sign up at https://www.passpack.com
2. Read Getting Started at http://passpack.wordpress.com/2007/04/16/passpack-instructions-getting-started/

Thanks for hearing me out. PassPack is an up and coming product, and I love getting feedback on how to improve it. So please contact me if you have any questions or suggestions.

Cheers,
Tara Kelly
PassPack Founding Partner
tara@passpack.com

I tend to use online password managers. I find that they are easier to use and portable. This allows me to access my passwords from anywhere I want. The one I use is http://www.mashedlife.com. This site is a free service and it just allows me to store my passwords for any site I wish. Then, it lets me one click log in from my browser. Its simple and easy. It also has a Facebook application, iPhone support, and Yubikey support. For those of you who don’t know Yubikey its a USB device for passwords. Just see it http://yubico.com/o.php?refid=40&rno=847894895 there. Anyway, I thought you may want to talk about it in another blog of yours.

Here’s MashedLife: http://mashedlife.com//dream1.php

Thanks again for the great blog.