Domain: passpack.com
Stories and comments across the archive that link to passpack.com.
Comments · 11
-
Re: Scripts that interact with passwords fields aw
Keepass is also (correct me if I'm wrong: I'd love to hear there is another) the only password manager I know of which is fully cross platform.
I like keepass, especially since there are so many ports of it to so many platforms. However, if someone is looking for something more akin to lastpass, here's a few open source ones:
https://clipperz.is/ - clipperz seems most similar IMO. It's open source and all in the browser via javascript, thought signup and site desire are a little wonky.
http://www.fpx.de/fp/Software/... - Password Gorilla (also on github: https://github.com/zdia/gorill...). It's also open source, but it's a TCL/TK application. I'm not sure what their andriod status is (there is some info on their site regarding use of HECL to port the TCL parts to android, but I don't know the status).
https://www.passpack.com/ - Passpack works on chrome, firefox, ie, and safari. It's similar to lastpass in many ways. It's not fully open source, but they did open source a bunch of the libraries they use/made (aes/rindael, xxtea, json2, sha-256 in js, etc: https://code.google.com/p/pass... ).
https://www.passlet.com/ - passlet. The SSL cert for that site expired in 2010, so I don't think I'd use this, but it is cross platform and built according to the host-proof-hosting concepts. They open sourced their PBKDF2 methods: http://anandam.name/pbkdf2/
http://aaronboodman.com/halfno... - halfnote is just a notepad, but it's encrypted in browser, and it's open source (https://code.google.com/p/halfnote/)
All that said, I'd probably stick with keepass and/or lastpass.
-
Re:LastPass, 1Password, KeePass, PassPack + YubiKe
Yes! Use a password manager. But then also add 'a third password' to it, in the form of a finger print scan via a USB Yubi-Key for two-factor identification. Similarly you can also 'authorize' your specific mobile devices, (which can't accept a YubiKey). It's a hassle, but it is also an investment in security; which is how these things always work.
http://help.passpack.com/knowl...
Erm... I'm looking at their site, but as far as I can see the "yubikey" product doesn't scan fingerprints. It's an authentication token, similar to an RSA SecurId card, only a little more automatic because it interfaces directly via USB to type the current password itself when you need it. It's also not what I'd describe as "minimal cost" for a school.
-
LastPass, 1Password, KeePass, PassPack + YubiKey!
Yes! Use a password manager. But then also add 'a third password' to it, in the form of a finger print scan via a USB Yubi-Key for two-factor identification. Similarly you can also 'authorize' your specific mobile devices, (which can't accept a YubiKey). It's a hassle, but it is also an investment in security; which is how these things always work.
-
Re:Password reset may not be a great idea
This is why I try to get my colleagues, many of which are 'normal users' in a volunteer charity website for example, to use Passpack. I try to teach them to use strong unique passwords for each site they register with; while actually only having to remember about two passwords (and using copy/paste). But also a feature of Passpack (like other similar services, I imagine) is being able to share passwords among a workgroup, in case the server admin gets hit by a bus for example. This solution is the best I've found so far for this common problem.
-
Re:KeePass
IMHO, it's better to never write them down and just generate them algorithmically based on the site's domain or a memorable keyword. Several years ago I just kept a tabula recta in my wallet. Nowadays, you can use something like SuperGenPass.
Personally, I wrote my own equivalent of SuperGenPass that addresses some of the security concerns. That said, I use PassPack with a tediously strong password to keep a backup in case I inadvertantly break compatibility, and a copy of the generator on my website. -
Keepass
I also use KeePass. If you're feeling adventurous check out http://passpack.com./ passpack is good for passwords you might need when you just don't have access to a keepass program but do have access to a browser and internet connection.
-
you could try some online password managers...
-
The web2.0 way
Passpack.com. Actually, the site seems uncharacteristically sluggish at the moment... better be sure to download the offline client and use it to keep a local backup of the DB.
Good enough for personal passwords. For really sensitive enterprise stuff, it may be ideal to use an Enterprise password management product, such as a Passpack appliance (whenever they get to making that), or Citrix Password Manager.
Generally the requirements for businesses include strong encryption, multi-user access, and role-based access controls.. Most simple DB methods lack detailed access controls.
Some Enterprise password managers also provide options to allow a user to utilize the password to login to something, from the application, it will launch a browser or ssh/telnet directly with login details filled..
In some cases, allows user login without their workstation allowing them to know what the password actually is that is being submitted. Or requires a separate action be taken to 'see' the password, which generates a special audit record.
That way, if someone's terminated, or stripped of certain roles (and therefore access to certain passwords), it may not be quite as urgent to change them all immediately, or the passwords they actually chose to view can be changed first.
Policy might be for a password to always be changed to a new random password within 3 days of someone clicking on the "show me this password" link. To ensure use of the PWM is for one-time access, and protect against improper practices such as _writing down_ passwords or recording them outside the official DB.
-
Re:News at 11
I have to change my password every 4 months to a moderately strong password.
http://passpack.com/ has been my tool of choice for managing all my accounts, in addition to client accounts I must manage per my role. I especially like the method they offer, of 'securely mailing & sharing passwords'. The first 100 passwords are held free, and once I'm full I'll pay, but I haven't quite saturated my free limit; and I'm a happy guy; thanks to this web application/tool. (not paid to shill, just a happy customer sharing what makes me happy with the
./ folks) -
Re:I don't type
I recommend trying http://passpack.com./ They offer single use passwords. It does require you to store your userid/pwd info on their site but I trust them more than entering this data into a publicly accessible computer. They do store your information in encrypted form and if you lose your passwords, you're screwed -- they cannot recover the data for you.
In any event their site is setup such that after you enter a single use password, you click the link to have it enter the data in for you on the login form. This means it's also OS neutral. -
Re:Call Me Paranoid
... I would not be surprised if the service automatically encrypts the data during transit on the desktop
...That technique is already used on a site called www.passpack.com. You log in using your account and the site downloads a password protected zip file to your browser. You then type in a second password to unzip the file you can then edit the data/files. when you are finished the file is zipped (password protected) and re-uploaded to the server.
This means the file on the server is protected (128 bit I think) and even if someone hacked the server and found your account on the database they would find it extremely difficult, if not impossible, to access your file. Even an insider to the site would have the same problem.