Friday, 29 December 2006

"Super safe" passwords with PassPack

PassPack is a free, secure online password manager developed (it is presently in Beta) by an Italian company. PassPack means anytime/anywhere storage for the hundreds of passwords life assigns you... PassPack runs an Ajax interface and uses a Secure SSL Connection.
Just think of how many forums, chats, emails and personal pages you visit. Remembering the login and passwords for all of them is not easy at all; besides keeping copies on your computer may not be as safe as you suppose as they could be targeted by viruses and spyware; plus always using the same password might be even worse idea since if anyone gets one, well he will get them all... Consider instead if you had a safe place to store them all, that you could access from anywhere in the world, anytime you want, well this is the solution proposed by PassPack.

There are actually a few other good companies that already give some sort of service. For instance Agatra, nonetheless this does not use client-side encryption, which is a capital element in securing data before it gets sent over the Internet.
PassPack uses a double access technique. The "Pack" in PassPack comes from that bundle of locked up passwords inside your Account.
Obviously security is the main issue. People at PassPack have taken various measures to ensure the integrity and secrecy of their users' Passwords. PassPack uses: AES, approved by the US government for classified information. With AES encryption the very same used by the US Government, and an SSL Secure Connection, your data travels safely over the Internet. However in case somebody breaks into PassPack servers all he could find would be numerous illegible data that he should have to guess the Password and Packing Key in order to reverse the packing process and as of today this type of brute force attack on AES is considered impossible. This makes PassPack a true unattractive target.
However your Password, Packing Key and even your User ID can all be updated anytime you want, and as many times you want, and in fact PassPack recommends to do this from time to time; just always remember to make note of the new account information and store it in a safe place. Should you need any assistance you can rely on PassPack Emergency Support.
In addition every PassPack entry has space for notes and links as well as the usual User ID and Password. Thus this means that you can use PassPack also to store private notes to yourself, or a series of links that you wish like to keep safe from prying eyes.
Sign up is completely free: your account is yours to keep and it will remain free. So you can sign up and browse around and test the service which is very intuitive and easy. Naturally you must remember to write down all the codes and keys that you are given as if you forget them, you will not be able to get back into your account! No personal information, not even an email, is required at sign up. This implies that even if someone were to break into a PassPack server he would not be able to read the encrypted data stored there, plus he would not even be able to trace the account back to you. Additionally, you will never receive an email from PassPack because they have not your email. This will help users to identify phishing attempts or other types of email fraud.
I strongly recommend you to check the development of this application on their blog, and for now, being still in Beta, to avoid storing critical or financial passwords for now...


Tara (PassPack) said...

Thanks! It's always a pleasure to hear good things being said about us - especially on a nice, informative blog like this one.

Guy Mc Paul said...

Thank you. And please do inform me when you move out from Beta and are ready to issue the Final release, I will post a new article.