For years, I’ve stored all of my passwords in a TXT file. TXT files are inherently secure because you have to double click it in order to view it. Most people don’t know that (until now). To further complicate things, I have obfuscated the file name by calling it “passwords.txt”. Its a boring name that will not pique interest. As a computer professional, I’m sure you’ll agree that I have taken all reasonable steps towards securing my personal information.
But, the notepad file is inconvenient. I keep it on an external drive that’s plugged into my home computer. I hardly use my home computer. So, when I need to lookup a password, its a pain. (I have most of them memorized, but Bank of America, for example, is just a bunch of numbers.)
Last night, I started looking for an online notepad service where I can type in all of my information and save it on someone else’s server preferably using the honor system. Surprisingly, such sites are not abundant, but I stumbled across the concept of “online password storage”. There are several sites out there, obviously managed by paranoid maniacs, that think simply storing passwords in clear text is not the way to go. So, they do things like “encrypt” and require you to “login”. Its pretty bizarre. These guys are taking security way too seriously. Honestly, what is someone really going to do if they get a list of all of my credit card numbers and pins and social security number?
I looked at a few options, but ended up trying http://passpack.com. You can store 100 passwords for free. Each password record gives you plenty of fields, including a free form note field, to put in anything you need. This is good for the banks since I usually track more info than just the site’s id and password. (Ie: cc number, expiration date, ccv, etc.). It gives you quick links to copy information from the record into the clipboard.
You login to the site using your Id and password. But, before you can get to your needlessly encrypted highly personal data, you have to type in your UNPACK password. It seems that they’re using this to hash the data. If you lose the UNPACK password, you’re done. They can’t provide you a new once (hence my speculation that it must be hashed.)
The site is clean and makes good use of ajax. Pretty much every time you click a link, though, you get a fancy shmancy progress bar. I don’t like that. The next page shouldn’t take so long to load that it needs a progress bar.
So far, I really like it. I have entered 4 passwords, which means I have less than 100 free passwords remaining because I already used four of them as I already stated at the beginning of this major run-on sentence. I’m not going to go nuts and figure out, exactly, how many more that leave me, but I have at least 20 more to go of the 100, which is enough for me.
It offers many advanced features, such as sharing and messaging, but I haven’t played with those. I’m really only interested in using it for personal uses.
Check it out: http://passpack.com