Pinterest Stumbleupon Whatsapp
Ads by Google

Last week I had a catastrophic outage of my ADSL connection at home. If you think the word catastrophic is too strong then you don’t have teenage geeks in your house. If you don’t understand what I’m talking about, send me your address, and I’ll forward the kids. C.O.D. Tonight.

In any case, after waiting for a reasonable period, and knowing that the fault wasn’t going to correct itself, I needed to speak with the helpdesk. They were hoping that I could pass on some important information such as my login, account number, date of birth, that sort of thing. I managed the birthday part, but the rest of it was beyond me. I had two copies of the necessary information. One set was in Clipperz, and the other set was in an encrypted container, the password for which was in… You guessed it… Clipperz.

So, Clipperz – The Password Manager

I did some earlier research and decided that Clipperz was the online password manager that works the most like I want it to, and it has some interesting ways to deal with web links. The site is free, but does badger you from time to time to donate some of your hard earned cash to the project.

Online Password Managers – also called OPMs, use a variety of techniques to keep your security information safe. The primary requirement of course is that you trust them in two respects.

    Firstly that they are what they say they are, and will actually treat your passwords in the way they promise to.

    The second requirement is that their solution is actually as secure as they say it is, to ensure that your secrets are not divulged to anyone else.

Don’t confuse what’s happening here with saving passwords in your browser. That’s a whole different subject.

Ads by Google

Joining up

There’s no requirement to supply an email address, so you can be as anonymous as you like. Logins are based on a user name and a passphrase. That’s just like a password, but you are encouraged you to use something significantly longer. Choosing the phrase is out of the scope of this post, but the longer the better, in general. Clipperz indicates the strength of your phrase as you add it. (All of the info used for these screenshots is false. Relax.)

Adding cards

Once you’ve logged on, you’re presented with a card view. It’s empty the first time you hit the page, but each card relates to a particular set of information. For instance, your Yahoo address, login, password, etc. You can add and change the fields to suit your purposes.

Click Add new card to start. The first thing Clipperz wants to know is what type of card you want to create. A Web Password is the most common, so let’s start with that. Click the button next to the type of card you want. Click the Create button.

Each different card type defaults a different set of fields. You can use those supplied, or add some of your own. The confusing box at the top is for the title of the card, though it doesn’t say so anywhere. So change Web password to what you actually want the title to be. Webmail perhaps.

Fill in the other fields just the way you might think. Notice that the password field shows up as a row of stars unless you click the unscramble link below the field. If you don’t yet have a password, you can click on the button with the key to have one created for you. There are some options in the password creator to select required length, type of characters and so on.

Click the Save button to return to the list of cards. Every time you save something in Clipperz your data is locally re-encrypted, and saved back to the site.

To make use of the cards you’ve added, just click on the card in the list, and if necessary unscramble the password. Normal physical security rules apply here. No one should be standing behind you, for instance.

Direct One-click Logins

One of the unusual features in Clipperz is the ability to create a clickable link for a web page that will log you in without you having to type anything else. The site uses bookmarklets to capture the necessary code from the pages to login on your behalf. It’s a lot safer than it sounds, but I won’t go into that this time. You should take a look though. You can use complex (and therefore safer) passwords with ease using this feature.

Keeping Your Passwords Offline

This is the part of Clipperz that I like the most. With a single click you can create a fully encrypted local copy of your data that’s just as secure as the online one. An HTML page containing encrypted code that replicates the copy at the site.

There is one restriction on the use of the offline copy. It’s read-only.

I lied about the single click, too. It actually takes two. Click Data from the main menu, and then click the Download link further down the page.

Choose to save the HTML page that is created. Browse to the page and open it. Voila!

So how secure is Clipperz?

The idea is that your information is encrypted using javascript code, on your browser, and then sent, encrypted, to the website. Clipperz doesn’t have your passphrase, and cannot decrypt your information. It’s called Zero-Knowledge. They don’t know, so they cannot tell.

Is it safe? It’s a lot safer than storing your passwords in the normal fashion with websites, and plenty of people do that.

If you’re a security nerd, look up the specifications yourself. You can review the source code as well.

Clipperz has 20,000 subscribers and over 250,000 stored passwords.

As always, do your research, and decide for yourself.

Details, details…

It’s cross-platform (works on Windows, Mac and Linux PC), though obviously you need a browser that supports JavaScript. You can import and export the data. Works best with Firefox. You can run the site in a sidebar. Granular sharing is reportedly due soon. Nothing to install, no maintenance.

Other Pasword Mangers

Using Keepass to Secure Your Online Accounts Using Keepass to Secure Your Online Accounts Using Keepass to Secure Your Online Accounts Read More
PasswordSafe
MashedLife – Securely Store Your Passwords Online

So I’m interested. What’s your strategy? How well does it work? Have you ever been stuck without the passwords you need? Like the ones to lock the kids out of the Net?

  1. John McFee
    December 8, 2008 at 3:11 am

    My favorite password manager is Logon Automator. ivertech.com/logonAutomator/default.aspx

    One feature that Logon Automator has that most password managers do not have is the ability to launch and login to multiple sites with just one mouse click. For most password managers, you have to manually open up a new instance of the browser (or a new browser tab) and tell the password manager to login for you.

    With Logon Automator, all you have to do is click on the "Launch Selected Sites" button and it will fire up multiple instances of IE and log in automatically for you.

    Check out their screen shots and see how easy it is to use this password manager.

  2. Tim Watson
    November 26, 2008 at 4:25 pm

    This looks great! Using it now. There's a bit of a learning curve but once I got the difference between "cards" and "direct logins" it was smooth from there.

  3. Time Saving Tips
    November 25, 2008 at 3:20 pm

    I recently started using Clipperz (leaving PassPack behind) because it is so simple and I like the option of having a one-click sign-in. The only time I have seen it get confused, or unable to create a one-click login is when there are multiple login blanks on a page (like Ping.fm).

  4. Asgaro
    November 25, 2008 at 12:29 pm

    One more happy LastPass user here :)

  5. jammies
    November 25, 2008 at 9:57 am

    I am also a lastpass user. I can't really say enough good things about it.

    They keep adding new features with every release and it sounds like they have some big plans for it.

  6. Matt Selbie
    November 25, 2008 at 12:59 pm

    Nice article that highlights the growing need for usable security products on the internet. Longer password strings are not the solution and don't seem to have evolved at the same rate other technologies have. Its ironic that the internet provides a huge efficiency opportunity yet relies on technology that increasingly confounds the beneficiary.
    We know from lots of research that people prefer pictures to words and from our own research at Vidoop, that by far the majority of US adults on-line are very frustrated with remembering and organizing passwords. So we developed a visual login that eliminates passwords and yet is effective against the prevalent forms of hacking. Its free, usable, secure and works on multiple computers. It remembers the passwords that the average user can't. Check out the frisbee catching tortoise video at vidoop.com.

  7. techandlife
    November 25, 2008 at 2:49 am

    I've been using LastPass for about 2 months now and am very happy with it. Seems to be very secure, and is very easy to set up. Stores passwords and fills online forms.

    https://lastpass.com/

  8. brian
    November 25, 2008 at 1:10 am

    https://lastpass.com/ - works offline, also has "secure notes" that you can sync online/offline - I store my friends wireless keys in here, and other basic info - all password protected. I feel it is very secure, and it has a FF extension.

    I am not sure if that is comparable to clipperz, maybe it is 2 separate things. I am really liking LastPass though, it is free and I might eventually replace it with my paid RoboForm program.

  9. g
    November 24, 2008 at 9:25 pm

    I've been using clipperz for the past 6 months or so. It works well. I'm still to paranoid to leave any financial info there but the bulk of my non financial p/w's are there.

    Highly recommend.

    I don't actually use clipperz for my offline p/w. I prefer Axcrypt.

    I have these and many more freeware/cloud links on my website.

Leave a Reply

Your email address will not be published. Required fields are marked *