Passwords – a pain to remember. Did you know that a scary number of people on the internet use the same password? In the UK a terrifying 3.7% use the password “123”. That doesn’t sound very secure. However when you’re faced with already needing to remember your various bank card pin numbers, your house alarm code, your computer password and so on, maybe it’s appealing to just use “123”. There are some more horrifying examples over at Modern Life is Rubbish.
Whether you’re a heavy or light internet user, you’ve no doubt been faced with the need to create accounts on various websites all around the web. From shopping on-line, to email, to forums and so many other on-line situations, you often need to identify yourself with a username and a password. In fact, if you’re reading this, the chances are you have at least a few on-line accounts!
As the number of your accounts grow, so does the complexity of having passwords for each of these accounts. You’re faced with either writing down your passwords somewhere, or using the same password for all these websites. Both of these options are pretty open to disaster, but it often feels far too confusing to start creating different passwords for every website.
Personally, I used to have a tiered system, whereby I’d have one long and complicated password for all the crucial accounts that involved credit cards and money, another slightly less complicated password for important identity accounts, such as webmail and blogs, and then a basic password for all the random forums and sites that I only need to log in to once or twice. This too is a bad habit to form, and with all to much ease you could find yourself the victim of identity theft. Of course, while my personal password management was a bit questionable, we have always been very careful to ensure that any passwords for our clients are unique and hard to guess.
There are some solutions though, but none have solved the issue with more grace and ease of use than Passpack, an excellent on-line password management system.
Passpack is the brain-child of Tara Kelly and Francesco Sullo and the company they have formed is based in Rome, Italy. Currently the website is in “beta” mode and is free for anyone to create an account. Don’t let the beta tag throw you though, the website is fully functioning and has the highest level of attention paid to the importance of security.
Passpack allows you to store all of your passwords and gives some very handy tools for simplifying your login process and securing those really important website accounts.
So just how secure is it? Why should I trust someone else with my important passwords?
A lot of people are rightly concerned about trusting their important information with a third party, but in the case of Passpack I think the team have managed to get it right. The Passpack website has a detailed page dedicated to explaining their security technology, which I’ll summarise here. Not only are we looking at the best encryption, but also a unique three step login and decryption process that keeps your data safe and only viewable by you.
Even Passpack can’t read your data!
When you log in to your account, all your data is sent to your web browser in a highly encrypted format. When you “unpack” that data, it’s all done locally on your computer. No one else ever has a chance to see your data.
US Government approved Encryption
Your data gets the same treatment that highly classified information gets, using the tightest security currently available. This is the same encryption that the US Government uses on “Top Secret” documentation.
Passpack lets you generate a custom welcome message which would not appear if you log into a fraudulent phishing scam – letting you know that something’s wrong.
All dealings with the Passpack site are over an encrypted connection.
Password Strength Measures
Make sure your passwords are strong using their built in strength meters. Passpack also lets you use any combination of characters, numbers, symbols, spaces, you name it.
Non-Permanent Account Info
This means that you can change not just your log-in password and packing key, but also your actual User ID, making it even harder for people to work out how to log into your account.
You can also use Passpack in an offline mode. If you don’t need to access your passwords from any computer and you don’t trust storing your passwords on Passpack’s server, you can just use the offline version.
I think that’s 7 pretty strong reasons to feel very comfortable about Passpack’s dedication to the security of your passwords. Passpack sum it up nicely:
With AES encryption (the same as used by the US Government) and an SSL Secure Connection, your data travels safely over the internet. But let’s suppose a hypothetical “bad-guy” gets into our servers, all he’d find would be a bunch of illegible data (not even Passpack can read your data). If he’s determined to crack this data, he’d have to crack the Packing Key of every single User, one-by-one, in order to reverse the packing process. To date, this type of brute force attack on AES is considered impossible. That makes Passpack an unattractive target.
Once your in, how does it work?
Currently Passpack is running on “Beta 5″, however they will be releasing Beta 6 very very soon and Tara Kelly was nice enough to give me access to a special once off account which was running Beta 6. As the new version is coming out very soon, I won’t spend too long comparing them, but I will say that I instantly noticed a much better layout and much increased speed. Beta 6 zips along so quickly that you can access your passwords in an instant.
Once you’ve logged into your account and unpacked it, you are presented with an overview of your account. Clicking on the “Passwords” tab brings up a list of all your passwords. This password view is customisable so that you can choose how many password rows to load, and what information will be shown for each row.
With a quick glance you can see what information you have input to each password record, and as each password can have tags applied to it, you will find that it is very easy to organise your passwords.
One of the fastest ways I have found for locating passwords (seeing as our account already has over 70 passwords), is through the search function. Tap in the first few letters of any part of a password’s detail, whether it be the email address, tag, username, and the list is instantly pruned to show only the relevant passwords. It also highlights the relevant detail that matches your search term.
As mentioned above, you can assign as many tags to each password entry as you like. With clever usage you can make it incredibly simple to find the right password. Your tags are shown in the handy right column (this placement is new to Beta 6), and you can switch between either cloud or list view.
Cloud view will show tags in various font-sizes depending on how many times they’ve been assigned to a password entry. List view displays a simple alphabetical list including a password count beside each one.
You might have email, shopping, social, blogs, banking as your tags. Clicking on a tag has the same near instantaneous effect as searching does, showing only the relevant results with selected tag highlighted for your convenience.
When you click on a password title, an inline window pops up showing you the details of this password. As you can see in the screen shot, each password can have:
- Title – for description purposes
- User ID – your username to log into a website
- Email address – for your records, or for websites that ask you to log in with your email address)
- Password – the password field is obscured by default preventing the risk of someone looking over your shoulder! A nice touch is that you can click this field and copy your password without ever actually revealing the password itself.
- Link – this field allows you to associate this password with the website in question.
- Tags – the aformentioned tags, with a “suggest-as-you-type” feature.
- Notes – anything else you feel is relevant.
Adding a password
Now that I’m using Passpack on a regular basis, I’ve found that I have peace of mind about my on-line security, I haven’t just felt better about my own personal password management, but thanks to the Passpack generator, I feel even more secure from the point of view of our clients security.
When you add a new entry, you have to add each required field manually, but in the case of the password field, you have the option to generate a password using their password generator.
I have now found myself in the habit of creating 16 and up character passwords with all manner of numbers, letters, characters and so on. I definitely feel this is a better option than that aforementioned 3.7%’s usage of “123”!
1 Click Login
As a final feature, I can’t but mention Passpack’s excellent 1 Click Login system, which allows you to securely login to all those websites without having to jump back and forth between passpack and the sites you want to access.
As you can see from the screenshot, logging into a site with Passpack truly is a one-click process. Obviously you need to have a record of the website in your Passpack account (and you need to be logged in as well!), but once these things are done, all you need to do when you visit a site is click a special bookmark button which is available in the “Auto-Login” section of your account.
Once this button is clicked Passpack fills in the details, and not just that, it also submits the form and logs you in. It couldn’t be easier.
They’ve also thought ahead and created two versions of this feature. One for use on a public computer, and one for use say on your home computer. If you’re using it on your home computer just be careful to make sure you manually lock passpack by clicking the “Lock it up” when you’re going to be away from your computer. It’s a good security precaution to get into.
How much is it?
Well, this is the best part… it’s free! How can that be, well, although it’s not on offer yet, Passpack will be offering paid accounts for users with over 100 passwords stored on their system. For the average internet user, 100 passwords will almost certainly cover everything, but in our case we’re definitely going to be investing in the paid version when it becomes available.
Pricing for the paid versions is yet to be confirmed, but the fee will be low – along the lines of â‚¬12 per year – which sounds entirely reasonable.
Is it worth it?
I really think this is definitely worth a look. Whilst it will be a little more work than using the same ‘password123′ for all your accounts, it is definitely a much better idea! Not only this, but it gives you an opportunity to never forget your passwords again, and if you’re talking about on-line banking accounts, paypal, shopping sites – well security should be paramount in your head.
So if you’re guilty of using the same password on every website you login to, I highly recommend checking out Passpack.