CATEGORIES
- NYC COVERAGE
- WEB STARTUPS
- WEB NEWS
- CONFERENCES
- WEB TECH JOBS
- VENTURE CAPITAL
- MICROSOFT
- INTERVIEWS
- ADVERTISING
- VIDEO
- ALL TOPICS
- ALL COMPANIES
CONTRIBUTORS
- ADRIAN CHAN
- ALICIA NAVARRO
- ALLEN STERN
- CORSIN CAMICHEL
- DRAMA 2.0
- DARREN HERMAN
- HANK WILLIAMS
- MARK DAVIS
- RICK TUROCZY
- SANFORD DICKERT
- SHANNON CLARK
- Comment on YouTube Down by DVS01
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by Satoshi Nakajima
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by OMG Stop the Web! Twitter is gonna run ads ? and Scoble says you?ll love it
- Comment on What?s Up With Yahoo Mail Delivery? by MJ
Review of Clipperz.com – password storage app
As we sign on to more and more social networking services, maintaining all of the passwords can be a hassle. And some services have multiple logins (wink wink) and some require different types of passwords. It can be a pain. Clipperz hopes to bring peace and tranquility to this area.
Let me begin by saying I would never use a service like this for anything that includes personally identifyable information including banks, credit cards, mobile providers, etc. While Clipperz has, what appears to be, very intense security, I still have visions of the old days when services like this would be hacked and there went your information. Clipperz says they get around that by storing things locally. So what happens at a public terminal? I am not sure on that question.
With all of that said, Clipperz might be a perfect app for all of your social networking sites. Digg, Del.icio.us, Reddit, StumbleUpon, Facebook, etc. The service only works in Firefox and they offer a bookmarklet for easy Clipperz'ing.
So what do you think? Would you trust a service like this with your sensitive site logins/passwords? Side note… I found out about Clipperz on a new blog called KillerStartups.
I usually just use the built-in password manager of firefox in combination of multiple passwords for different importance levels. Works pretty well for me so far.
Both Firefox and Explorer have security holes in their password storage. Here’s a link (it’s old, but just run a search on google for more news).
Try using a Password Manager – it’s just better. There’s Clipperz. There’s also PassPack (that’s mine). Or if you prefer something not internet based, there’s a plethora of sowftware to choose from.
The important thing is that you choose – and use – a password manager.
While I think its a good idea I think its a couple years to late.
openID solves this problem and I also tend to use things like backpack from 37 signals for this stuff also.
As Plinan says also Firefox does this fine and also so do the other major browsers out there.
OpenID is often cited as a replacement for the need for a password manager. Actually OpenID and Password Managers solve two different problems:
OpenID = authentication (no security implied)
Password Manager = secure storage (no authentication implied)
Granted, password manager often *also* do an auto-login that pushes them into the realm of authentication as well, but that’s not the primary function.
Plus, not all passwords are for websites, and not all websites support OpenID. So there’s still plenty of need for a password manager.
OpenID is often cited as a replacement for the need for a password manager. Actually OpenID and Password Managers solve two different problems:
OpenID = authentication (no security implied)
Password Manager = secure storage (no authentication implied)
Granted, password manager often *also* do an auto-login that pushes them into the realm of authentication as well, but that’s not the primary function.
Plus, not all passwords are for websites, and not all websites support OpenID. So there’s still plenty of need for a password manager.
@ Allen
Hacking our servers will be quite useless since Clipperz let you submit confidential information into your browser, but your secrets are locally encrypted by the browser itself before being uploaded to Clipperz. You are not providing Clipperz any data, just a bunch of scrambled bits.
I just wanted to add that you don’t really need to trust us, since _all_ Clipperz source code is available from our website along with checksums to verify its integrity. Further information about performing a security code review of Clipperz are available here:
http://www.clipperz.com/learn_more/reviewing_the_code
Furthermore we released under a BSD license the core crypto functions, the Clipperz Crypto Library is available here: http://code.google.com/p/clipperz.
So, don’t trust us, but check for yourself! :-)
@Darren and Plinan
Browsers could really be a useful tool to store you password, but:
- just your passwords and the many other confidential data of our everyday lives
- if you need to access your web services from more than one terminal an ubiquitous online service works much better
Thanks for discussing Clipperz,
best regards,
Marco
@Marco
What about the comment of what happens when you are at a public terminal?
I may be at the library or a public work machine and need a password/login. Obviously a keylogger could be used in that case, but that is nearly unavoidable. What about someone coming after the fact or someone hacking into that public machine and getting some kind of locally cached version of your unencrypted info?
Here at PassPack we support disposable logins, also known as One Time Passwords or OTP. I know Clipperz is working on this because they’ve mentioned it in other posts, but they haven’t rolled it out yet.
By combining disposable logins, with an auto-login feature, you can sucessfully circumvent keyloggers.
PassPack’s autologin tool (coming very soon) uses an anonymous bookmarklet.
The procedure would be: sign into your account using the Disposable Login, add the bookmarklet to the browser’s favorites and use it. You can remove it form the favorites before leaving the terminal, but even if you forget, it won’t work for anyone else. It contains no passwords or account information, and is entirely useless unless there is a PassPack account open in that browser.
All the data in PassPack (and Clipperz – they’re our competitor, and we know their code probably better than they do [wink]) is totally volitile. When the browser window is closed, or you sign out, it’s gone. Completely gone.