Securely Manage Your Passwords Online With Mitto

Ads by Google

mitto.logo.shadedI’ve been a long-time nay sayer to any sort of online password manager, citing mainly reasons of security, and I took upon myself to maintain a Google Docs spreadsheet with all my >=12 character passwords. Believe me, remembering random strings of ASCII is not an option. I’ve now discovered Mitto and consequently changed my tune on the issue. Let’s see what Mitto can do to improve your online experience.

So what changed my mind? I wanted to start the new year with a clean cyberspace, so I went through online accounts, emails, folders, Twitter and even my WordPress installation. Then I realised that my spreadsheet was in disarray: old passwords, usernames missing, multiple entries for the same service. The sheer number of passwords made managing that spreadsheet too much work, and after all, I didn’t have missile launch codes to protect. I could live with a little bit of uncertainty – after all, it’s the giant cheesecake fallacy. Even if they could access my passwords, why would they?

manage your passwords

Mitto is a web based service to help you manage your passwords by enabling you to use high-strength passwords for your online accounts without having to remember the actual string. Once inputted to its database, you can log into any of your websites with one click. Think of it like AutoComplete for your passwords, but with strong encryption, good security policy, and organisation tools. Don’t worry, the adding process is straightforward and it won’t take you more than 30 seconds for each service. They even provide a bookmarklet that let’s you add services directly from the login page – with one click.

Ads by Google

Now that you don’t have to remember complex passwords, you can use something like the GRC password generator and update all your passwords with stronger ones. Another feature is the tagging capability – especially for those with a very large number of logins. Two email accounts from the same provider? Simply tag one with “work” and never get them mixed up again. But most importantly, there’s nothing to install on your computer to manage your passwords – you can visit and use Mitto from any browser on any platform you’d like.

how to manage your passwords

For starters, Mitto uses 128-bit SSL certificates to encrypt the connection between you and their server. They also claim to employ physical security by protecting servers in the datacenter, which has been audited (SAS 70 Type II). Servers are stored in locked and and inventoried racks,  and access to the facility can only be made through secure gates. At the application level, passwords are encrypted with 1024-bit RSA or 256-bit AES, which is good by today’s standards. They are certified by TRUSTe and McAfee as secure for known XSS (Cross-site Scripting), XSRF (Cross-site Request Forgery), SQL Injection, Session Fixation & Hijacking. More details about the security measures is available on the Mitto website.

manage your passwords online

The sign-up form gets good points for asking a security phrase, which all genuine messages from Mitto will contain as a security precaution. Unfortunately, the questions for resetting the password are the standard set, and information like your first car or job can be easily found. If an attacker correctly guesses the answers, the only thing stopping him is access to your email account, so make sure that is protected.

Mitto is very flexible, easy to use, and most important, it’s completely free. You can sign up by visiting To end this article on a rather classy note, here’s a quote I remembered: “On the day when we can fully trust each other, there will be peace on Earth.” Do you guys know who said it?

Ads by Google

18 Comments - Write a Comment


Stephen Li

seemes like mostly the same features as lastpass

i still find lastpass more convenient



^Yeah, what he said. Lastpass integrates into your browser. Can this do that?


It doesn’t integrate with the browser, you have to visit the site each time. I really don’t care for that feature because it only takes a couple of seconds to switch the tab to Mitto and login. Plus the majority of sites keep you logged in for a long time, like Yahoo Mail at 2 weeks.


You don’t need to visit the site each time, because with their bookmarklet, you can go to the site you need to log into and use that to have it log you in. Check out the video tutorial:



are you sure it secure??


Like everything on this earth, it’s a gamble. You could choke on your toast one morning and die but that doesn’t mean you won’t eat bread. I assume by the data they provided that it is reasonably safe. The same way a Facebook account is safe or an online banking service. There isn’t something 100% safe and unbreakable.



Has anybody tested if Mitto works with Opera Mini on e.g. a Palm Treo device ? Would make mobile surfing a lot more comfortable, so I really would like to know.


Ps3 Modern Warfare 2

I haven’t used yet such technique to manage my password so securely but as it seems so great, i would like to give it try.


So how would you compare LastPass to Mitto? I have been thinking about switching from RoboForm to LastPass.

Stefan Neagu

Because I don’t want to use any browser plugins or standalone apps, Mitto is the best solution for me.



There are a couple of things that I like about Mitto:

1. It’s fully functional online. I don’t need to install a plugin or software….it just works the same way from every browser and operating system.

2. I can add extra security with my cell phone. This way if I log in from an unrecognized computer, it sends me a unique text message to my phone which I need to enter to continue. Bank of America does this too, and I really like the additional layer of protection.

3. You can intelligently share passwords with other Mitto users (i.e. my husband and I can both access our common online utilities accounts, and if one of us updates a password, it gets updated automatically for the other person).

4. It’s free, with no limits on the number of passwords you can have. They do mention the fact that a paid version and a business version will be available at some point, but they also say they plan to offer the basic service for free.



Oh, and I forgot, the bookmarklet is awesome! If you want, you don’t need to go to Mitto each time to log in, you can use the bookmarklet from the site you are on to log in. They just wrote a blog about it:



Well, I keep my login names and passwords in a small book. Naturally I am the only who knows where this book is. That’s safe password-management.



I prefer the excel sheet to maintain my passwords. I dont want to leave my passwords lying in some server how protected it may be. I know maintaining a excel sheet is a pain and requires a lot of copy paste while logging. I dont have the whole password in my excel sheet. If a site name begins with vowel i prefix some text to the pwd in the sheet. If it does not begin with a vowel I suffix it with some other text (the prefix and suffix are same for all the websites).So even If someone opens my excel sheet he will not be able to make use of my passwords.This is my own encryption.



I’m using Mitto, and I can say it’s PERFECT! I had only one problem with it; sometimes I forgot to login to Mitto, and the bookmarklet said I must first login to Mitto. From today, I’ll use the Mitto sign-in page as my homepage, because if I click on the bookmarklet, I want the login to be fast.
And I didn’t even say that their support is also great.

I can recommend it to anyone! I used LastPass, but it was too hard to use. I also tried PassPack, but Mitto is better.

Your comment