Review: Passpack Online Password Manager
Recently, there was a widely-covered incident where four-hundred iTunes accounts were stolen and used to purchase content from the iTunes online store. At first, people quickly jumped to the conclusion that it was a “hack” and a “vulnerability” on Apple’s side, which caused a huge PR fiasco. However the truth soon came out to be that the real reason behind the compromise was the fact that four-hundred people were exploited because they did not have strong passwords. All in all, the entire event could have been prevented by people’s implementation of stronger passwords.
Now, it’s not like we haven’t covered password strength before. In the past, I wrote an article on how to create strong passwords. This article covered the creation of passwords using random generators, as well as the “maintenance” involved with having passwords; using unique passwords for different services, changing passwords on a regular basis, etc. And more recently, Jeff wrote an article on how to evaluate the strength of your current passwords. After the release of these two articles, I’ve come to the conclusion that there’s one reason, and one reason alone, why people do not implement unique and strong passwords; they are simply not simple enough to remember.
The answer to this problem has always been password managers; applications or web-services that allow a user to securely store their credentials for various sites and services.
While there are many password managers available online, I had yet to find one that met my expectations. As a Windows user, I had always been envious of 1Password being exclusive to the Mac OS X platform. And it was just my luck that I migrated myself over to Linux as 1Password became available for Windows. Because of the lack for Linux password managers that met my expectations, I simply found myself using a text file to store my passwords. This made logging into sites a tedious task, as I was forced to open the text file, find the login for that site, and copy and paste my password into the field. This is not to mention the fact that it was extremely insecure, as anyone who had access to my computer could simply copy my entire password list without my knowing it.
However, I recently found Passpack, a service that offers secure online password management. After signing up for a free account (they offer paid accounts, however I have found that the limit of one-hundred passwords with a free account is more than enough for me), I began playing around with the service. After looking into the service and ensuring that they were trustworthy enough to handle all of my sensitive password information, I began actually using the service.
After all of my passwords were entered, I was able to use the online portal to view a list of all of my accounts, and could simply click a button to have my password for a particular service copied to my clipboard and ready to paste into the site. However, Passpack also has a JavaScript bookmarklet that allows you to simply click a button in the “bookmark bar” in your web browser to have it log in for you. This is truly a convenient feature, as it allows me to surf the web without constantly having to tab into the Passpack portal. This is also something that I have yet to see in any other free password manager.
Now, one thing I will say about the JavaScript bookmarklet is that it doesn’t know how to login to every site. However, if you try to log into a site that Passpack doesn’t know how to login to, it asks you to start a simple “training” process. This process, which takes less than ten seconds, asks you to click on the username field, password field, and login button on the website. After doing that, Passpack remembers the login instructions for said site and is able to log into that site from that point forward.
If you travel a lot and use different computers, you will like that they offer one-time-use logins that allow you to log in without worrying about your password being picked up by key-loggers, etc. While this is a great feature, people who need more than three temporary logins per month will need to upgrade to a paid account (starting at $1.50 per month). Also, Passpack allows a user to backup their passwords to a CSV file or a tabled HTML file. This allows the user peace-of-mind by ensuring that they always have a backup of their passwords, and that they can access them even if they cannot access Passpack while traveling.
All in all, Passpack is a truly amazing service, and I would recommend it to anyone looking for a strong, yet simple to use password manager. Being a web-based service, it allows the end-user to switch between computers with ease (the “cloud” concept that allows it to work on any OS that has a JavaScript enable web-browser), and also helps to alleviate the need to worry about backing up ones passwords. And, as I went over, the JavaScript bookmarklet makes using Passpack easier than entering even the most easy-to-remember and insecure password.