Clipperz and PassPack : Online password storage is still a fear
Web 2.0 applications turn their faces to online password storage.
PassPack is one of the first one on this market. Useful and really easy to use.
Interesting features are, the easiness to import from KeePass all my passwords into this sympathetic web 2.0 app, the auto-lock feature to don’t expose all your passwords to everybody if you leave 2 mins your place. Another interesting feature, is the ability to generate a password when adding a new password.
I like PassPack because it’s really fast to log in, it’s totally anonymous (more if you link it with a proxy. See my previous post about it) and finally with a secure encryption.
Clipperz is more user-friendly but steel have many problems and security lackness. It doesn’t lock-down your account, I can clearly see my passwords when I add a new “card” (new password).
Some features are missing too in Clipperz, like the import tool but a interesting feature is given, the bookmarklet ! I say so because you can add really easily and rapidly a new password.
But just a question for all you readers. Would you trust those web 2.0 services ? Would you lend your passwords on those website even if you read the long terms of service. Even if you read the whole information about the security (AES encryption by US government) ? Even if you know that the code is at disposal on Google Code ?
Me ? Yes ! All my passwords are stored on PassPack.
Technorati Tags: Web 2.0, password, security
Make A Comment: ( 11 so far )
11 Responses to “Clipperz and PassPack : Online password storage is still a fear”
Marco Barulli
April 4th, 2007
Thanks for this article. I’m glad that you choose PassPack. You said Clipperz seems more user friendly to you. I’d be happy to hear your suggestions on how to make PassPack easier to use - please email me.
We’re also creating a bookmarklet for auto-login from your PassPack account. You can see the demo here:
http://passpack.wordpress.com/2007/03/22/passpack-auto-login-no-plugin-needed/
Thanks again - and cheers!
Tara
Tara (PassPack)
April 4th, 2007
[...] solutions look very similar …” . Additionally, a few articles have recently popped up comparing Clipperz as a new competitor for PassPack. So far, it’s been very exciting to see this discussion [...]
PassPack and Clipperz: The Difference? « PassPack - The Blog
April 10th, 2007
Hello Emmanuel,
Thank you - that’s great feedback. You are absolutely right about us needing help documents! We are writing the first ones now with the help of kind user. Once they are ready, maybe your sister can try PassPack too.
And we need to prove our web app is secure… ok, we’ll try and make that more clear. Where do you think this should be done? In the blog, or while using the application?
Thanks and cheers,
Tara
Tara (PassPack)
April 12th, 2007
[...] Loopion - Emmanuel Pays » Blog Archive » Clipperz and PassPack : Online password storage is still … [...]
Hi, just a warning about proxies.
A lot of web proxies are born and die every day. They are a common way for malicious programmers to capture all the traffic of users in order to make bad use of it.
So never use a proxy to connect to critical sites.
Ciao,
Francesco
Francesco
May 5th, 2007
There is an
alternative:
Shibbo (www.shibbo.com)
Not only an online
service. It is also
a PortableApp version.
Jose
June 12th, 2007
[...] Clipperz and PassPack : Online password storage is still a fear [...]
My password manager | The Danesh Project
June 30th, 2007
[...] Clipperz and PassPack : Online password storage is still a fear [...]
dev » Blog Archive » My password manager
July 8th, 2007
[...] Pour rappel, Clipperz se repose sur la notoriété de tous les cryptages reconnus et sur l’ouverture de leur code source afin de prouver la sécurisation de leurs systèmes. J’ai réalisé il y a un petit bout de temps, un comparatif des outils en ligne de stockage de mots de passes que vous pouvez trouver ici (en anglais) : Clipperz and PassPack : Online password storage is still a fear [...]
Traduction de Clipperz
September 24th, 2007





Hi,
could you please be more specific on the “many problems and security issues”? We are really eager to investigate and solve all of them.
And as long as trust is concerned, I just wanted to add that _all_ Clipperz source code is available from our website along with checksums to verify its integrity. Further instructions about performing a security code review of Clipperz are available here:
http://www.clipperz.com/learn_more/reviewing_the_code
Furthermore we released under a BSD license the core crypto functions, the Clipperz Crypto Library is available here: http://code.google.com/p/clipperz.
So check for yourself!
Transparency is the only way for us! We are paranoid about it.
Otherwise how can we expect people to trust us?
Thanks for the review,
best regards,
Marco
PS
Show me one single point where Clipperz security is weaker than Passpack and I’ll buy you a drink!
(Not to mention features: offline version, secure automated login, …)