Online password management

With all the various web services and email accounts we use on a daily basis, it’s easy to lose track of all your passwords, unless you use the same few for everything, which is not safe. Password management is a common problem with several different options:

  • Offline password database. Until recently, I used an encrypted password file to store all my logins and passwords. This works pretty well as long as you can access the file from anywhere, either on a USB thumb drive or stored somewhere you can get to it. The downside I have discovered is that if I am switching back and forth among different computers (even across Macs and PC’s) I have to reload the application. This method also involves several different steps, which can be annoying.
  • OpenID. Many web services now support OpenID, an open standard, which enables you to log in to multiple OpenID-enabled sites using one login. This works well, but OpenID is not widely supported, nor can it be used to manage any other passwords. A good thing about OpenID is that if you can change your OpenID password once for all your OpenID-enabled sites.
  • Web password hashing. PwdHash is a great Firefox extension that creates a site specific password by hashing your common password: “PwdHash automatically replaces the contents of these password fields with a one-way hash of the pair (password, domain-name). As a result, the site only sees a domain-specific hash of the password, as opposed to the password itself. A break-in at a low security site exposes password hashes rather than an actual password. ” So basically, if you someone hacks a site you use and exposes your frequently-used passwords, by using PwdHash only the hashed result will be exposed.
  • Lately, I’ve been experimenting with and have been impressed. From the Clipperz site: “Clipperz is a free and anonymous online password manager. Local encryption within the browser guarantees that no one except you can read your data.” With Clipperz, you log in using your passphrase where your password information is then decrypted locally in the browser by what is essentially a Javascript encryption / decryption engine that then allows you to access your data. Clipperz is perfect if you operate from several different computers and has a ton of other security features. While Clipperz is a web service, they also provide an offline file that contains the encrypted data and a copy of the Javascript app. The way I’ve been using Clipperz mainly involves one-click login links. Once you have created a direct login, you can open Clipperz in your sidebar and the direct login link will open a link to a specific web service then will actually submit the login information for you. Another cool Clipperz feature is the creation of one-time passphrases you can set up and use if you need to access your passwords from a public or shared computer.

One comment

  1. I found a new password management tool – – currently in public beta that offers local encryption – using one way salted hashes to provide control – only the user “knows” the password and also the convenience of logging on across multiple machines. As someone who travels a lot I like the virtual keyboard which lets be avoid the problem of keystroke loggers on public pcs plush I can share password protected sites with colleagues easily. It seems pretty cool though still in beta –