- David's Church Information Technology - https://infotech.davidszpunar.com -

PassPack Your Passwords: Get Them Anywhere, Securely and Freely

On Saturday (OK, it was after midnight, so technically it was Sunday — but I tend to count time before I sleep as one day, time after I wake up in the morning as the next day — since I stay up past midnight often enough this just makes it easier) I discovered [1] a service called PassPack [2]. The basic premise is this: Create an account, store all your passwords in it, log back in as-needed to retrieve them. But wait! you might say, that’s stupid, why trust a random website to secure your passwords, just run one of the countless free Windows apps to store your info, and a lot of them will even automatically log you in via your web browser to websites.” Normally, I’d agree with you. But PassPack is doing things a bit differently.

PassPack gives you a free account (did I mention it was free?). You create a user ID, a passphrase, and a Packing Key, all distinct. PassPack creates an encrypted container using your Packing Key, which is encrypted on your web browser using JavaScript and standards-based encryption. Only this encrypted “bundle,” without your Packing Key, is then stored on the PassPack servers. Want a password? Log in, enter your Packing Key if it’s timed out (5 minutes by default, up to 15 minutes), find the relevant account alphabetically, by tag, or search (all very Web 2.0 and AJAXy-smooth), and click it to…reveal your login name and a scrambled-looking (unreadable) password field. Click in this field and use the Ctrl+C keyboard shortcut to copy the password, and paste in to the site in question (URL also saved as an option to make it easy). This means the password never appears on the screen, it’s just stored directly in your clipboard, and you don’t have to retype it.

So you can copy and paste the password, so what? Well, they also have an auto-login bookmarklet you can save in your browser. Save the ZoHo [3] group of sites, including the Church IT Podcast Wiki [4], were the malfunctioning sites, which have been reported to PassPack); these can still have their login information memorized like any other account, on- or off-line, they just won’t auto-login with the bookmarklet.

The folks at PassPack have implemented a few other nice features besides the slick and speedy interface and somewhat novel readable-only-by-you encryption scheme:

You may be wondering where this Packing Key thingy comes from. (I can hear you now, “David, this thing is awesome, sign me up, but what the heck is a Packing Key anyway?!”) PassPack has some of the best help I’ve ever read [5], which is even available contextually when you click Help within the site. They handily have an answer about Packing Keys [6] and why they’re so handy. They do a much better job of explaining that and just about everything else about the service than I could, given that they wrote it and I’ve just used it for a day. But I’ve found it to be exciting, apparently secure, well-designed, and actually fun.

It should go without saying that besides the great interface, being able to access your passwords from any web browser very easily, along with the off-site storage, is probably the single biggest benefit to using PassPack over a Windows utility. Even the auto-login bookmarklet it cross-platform, cross-browser code and is a simple JavaScript bookmark — no need to install a Firefox Extension, IE Add-In, or any other code running on your machine outside of JavaScript.

I do see one potential downside: their Terms of Service [7] contain several limitations (yes I read it! Well, the parts they highlighted at least…):

  1. You are not allowed to store information about financial accounts (banks, etc.), although this may be legal CYA considering I don’t know how they could possibly enforce this given they don’t have access to your data.
  2. If you don’t login at least once every six months, your account is “inactive” and they delete everything.
  3. You only get 32k of storage per account (they estimate 75-100 entries worth of entries), with no upgrades available yet. Accounts active before August 1st (missed it by less than two weeks, darn!) got 128k of storage (150-200 estimated entries).

I’m sure PassPack [2] intends on offering upgraded service with more storage at some point, but those three conditions may limit my use of their service, and possibly yours. I know I have 23 entries already saved, and I’ve barely scratched the surface with the quantity of online accounts I maintain. It’s at least worth a shot in my opinion. If you like the concept and want an alternative, Clipperz [8] is worth a look, it’s also free and PassPack even has a comparison of their two services [9]. It doesn’t do the anti-phishing stuff like PassPack but it does have many other similar features, which I have not tested extensively. They also do not prohibit the storage of financial details and actually provide a template to hold credit card and bank account information. They also keep the data from leaving your browser unless it’s encrypted so they have no access when it’s on their servers.

4 Comments (Open | Close)

4 Comments To "PassPack Your Passwords: Get Them Anywhere, Securely and Freely"

#1 Comment By Tara (PassPack) On August 13, 2007 @ 8:01 am

Thank you!
This is a very well written description of PassPack – I really enjoyed it. Let me address a few things you brought up…

Term & Conditions
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
I’m glad you read them – that’s exactly why we highlighted those points. I’m not a fan of sites that try and slip important info past you in the small print.

That said, we will, someday remove the “no critical information”. This will most likely happen with the release of the first commercial version. That’s not all that far off. Also, the cancellation of inactive accounts will only be applicable to free accounts.

Space Allotment
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Yup, the paid upgrade will add more space, we’re calculating up to about 400 entries (give or take).

Help System
¯¯¯¯¯¯¯¯¯¯¯¯
We also answer all support emails personally, so if anyone has questions – just ask. You’ll get answers.

I’ve also written a Getting Started Guide here:
[10]

Cheers!
Tara
PassPack Founding Partner

#2 Comment By Matt Singley On August 13, 2007 @ 9:43 am

Great write-up…I’ll check it out today. Thanks!

#3 Comment By David Szpunar On August 13, 2007 @ 1:42 pm

Thanks Tara for your comments and clarifications! I will also mention that Tara has been very helpful via email with the two sites I was having issues with; one was fixed by the time I got up this morning and the other had been attempted but the fix failed and they’re still working on it. And this is just for the convenience feature of auto-login! She also mentioned that when they release commercial accounts with larger limits, the pricing will be “a [very] view dollars a month” but it hasn’t been set more concretely than that. Sounds reasonable for a power user, considering if the free account remains at approx. 75 entries there are a LOT of people for which that will be just fine.

Glad you liked the review Matt, always nice to hear information has been useful. Anything to avoid starting to write about the complexity of web hosting and website transitions that I keep mentioning :-D

#4 Pingback By It’s my birthday, and I’ll work if I want to… On August 14, 2007 @ 11:54 pm

[…] it all makes me tired. Oh wait, I actually was already tired. Maybe I should stop saying up to find cool stuff on the internet (or registering for classes that start in a week, or writing the blog entries about web hosting and […]