Clipperz and PassPack : Online password storage is still a fear

Posted on April 4th, 2007.

Web 2.0 applications turn their faces to online password storage.

PassPack is one of the first one on this market. Useful and really easy to use.
Interesting features are, the easiness to import from KeePass all my passwords into this sympathetic web 2.0 app, the auto-lock feature to don’t expose all your passwords to everybody if you leave 2 mins your place. Another interesting feature, is the ability to generate a password when adding a new password.

I like PassPack because it’s really fast to log in, it’s totally anonymous (more if you link it with a proxy. See my previous post about it) and finally with a secure encryption.

Clipperz is more user-friendly but steel have many problems and security lackness. It doesn’t lock-down your account, I can clearly see my passwords when I add a new “card” (new password).

Some features are missing too in Clipperz, like the import tool but a interesting feature is given, the bookmarklet ! I say so because you can add really easily and rapidly a new password.

But just a question for all you readers. Would you trust those web 2.0 services ? Would you lend your passwords on those website even if you read the long terms of service. Even if you read the whole information about the security (AES encryption by US government) ? Even if you know that the code is at disposal on Google Code ? :)

Me ? Yes ! All my passwords are stored on PassPack.

Technorati Tags: , ,

Share/Save/Bookmark

Make a Comment


Make A Comment: ( 11 so far )

blockquote and a tags work here.

11 Responses to “Clipperz and PassPack : Online password storage is still a fear”

RSS Feed for Loopion - Emmanuel Pays Comments RSS Feed

Hi,
could you please be more specific on the “many problems and security issues”? We are really eager to investigate and solve all of them.

And as long as trust is concerned, I just wanted to add that _all_ Clipperz source code is available from our website along with checksums to verify its integrity. Further instructions about performing a security code review of Clipperz are available here:
http://www.clipperz.com/learn_more/reviewing_the_code

Furthermore we released under a BSD license the core crypto functions, the Clipperz Crypto Library is available here: http://code.google.com/p/clipperz.

So check for yourself! :-)
Transparency is the only way for us! We are paranoid about it.
Otherwise how can we expect people to trust us?

Thanks for the review,
best regards,
Marco

PS
Show me one single point where Clipperz security is weaker than Passpack and I’ll buy you a drink!
(Not to mention features: offline version, secure automated login, …)

;-)

Marco Barulli
April 4th, 2007

Thanks for this article. I’m glad that you choose PassPack. You said Clipperz seems more user friendly to you. I’d be happy to hear your suggestions on how to make PassPack easier to use - please email me.

We’re also creating a bookmarklet for auto-login from your PassPack account. You can see the demo here:
http://passpack.wordpress.com/2007/03/22/passpack-auto-login-no-plugin-needed/

Thanks again - and cheers!
Tara

Tara (PassPack)
April 4th, 2007

@Marco Barulli,

When I added a new card, and then tried to add a simple password. After adding my password just do a CTRL+A (select all) on the stars that hide the password and we can clearly see the password, this is a basic security issue. In PassPack the password is never shown. But you have an advantage on PassPack it’s in your philosophy (openning source code and distribute your crypto functions with a BSD Licence) and your GUI is cool (it’s more graphic :) stupid notice :) but important). Be careful for the understanding with “card”. And finally, isn’t it another source of dismay for the users to know that crypto functions are put at the disposal of all? Very delicate subject.

@Tara,

What Clipperz want to communicate is more the security. You both don’t play with the same cards (french quote :)). Clipperz try the security/psychological card and you try to convince advanced user (like me) who are more confident on what you did and addind new huge cool features. When I say Clipperz is more user friendly, it’s maybe by colors, less help on how to use those type of online password storage application (my sister know to log into GMail but with PassPack she’s lost and Clipperz she’s gonna read all help before understand how to use it) and maybe a design monotony.
Personally, I really don’t care. I prefer like, I said, more features and when it’s more user friendly, that’s why I choose your webapp, I left my Keepass software :p. It’s only my advice for novice users. That’s why I compare you both. :D
Furthermore, you need to prove that your webapp is secure. :)

It’s the beginning ! And I trust it will be recognized by others novices.

If you need a French translation… :D

Loopion
April 6th, 2007

[...] solutions look very similar …” . Additionally, a few articles have recently popped up comparing Clipperz as a new competitor for PassPack. So far, it’s been very exciting to see this discussion [...]

PassPack and Clipperz: The Difference? « PassPack - The Blog
April 10th, 2007

Hello Emmanuel,
Thank you - that’s great feedback. You are absolutely right about us needing help documents! We are writing the first ones now with the help of kind user. Once they are ready, maybe your sister can try PassPack too. :)

And we need to prove our web app is secure… ok, we’ll try and make that more clear. Where do you think this should be done? In the blog, or while using the application?

Thanks and cheers,
Tara

Tara (PassPack)
April 12th, 2007

[...] Loopion - Emmanuel Pays » Blog Archive » Clipperz and PassPack : Online password storage is still … [...]

PassPack's April 2008 Buzz Round up « PassPack - The Blog
May 1st, 2007

Hi, just a warning about proxies.
A lot of web proxies are born and die every day. They are a common way for malicious programmers to capture all the traffic of users in order to make bad use of it.
So never use a proxy to connect to critical sites.
Ciao,
Francesco

Francesco
May 5th, 2007

There is an
alternative:
Shibbo (www.shibbo.com)
Not only an online
service. It is also
a PortableApp version.

Jose
June 12th, 2007

[...] Clipperz and PassPack : Online password storage is still a fear  [...]

My password manager | The Danesh Project
June 30th, 2007

[...] Clipperz and PassPack : Online password storage is still a fear [...]

dev » Blog Archive » My password manager
July 8th, 2007

[...] Pour rappel, Clipperz se repose sur la notoriété de tous les cryptages reconnus et sur l’ouverture de leur code source afin de prouver la sécurisation de leurs systèmes. J’ai réalisé il y a un petit bout de temps, un comparatif des outils en ligne de stockage de mots de passes que vous pouvez trouver ici (en anglais) : Clipperz and PassPack : Online password storage is still a fear [...]

Traduction de Clipperz
September 24th, 2007

Where's The Comment Form?

About

What about Web 2.0 ? and the future ?

RSS

Subscribe Via RSS

  • Subscribe with Bloglines
  • Add your feed to Newsburst from CNET News.com
  • Subscribe in Google Reader
  • Add to My Yahoo!
  • Subscribe in NewsGator Online
  • The latest comments to all posts in RSS
  • Subscribe in Rojo

Meta

Liked it here?
Why not try sites on the blogroll...