Last week I had a catastrophic outage of my ADSL connection at home. If you think the word catastrophic is too strong then you don’t have teenage geeks in your house. If you don’t understand what I’m talking about, send me your address, and I’ll forward the kids. C.O.D. Tonight.
In any case, after waiting for a reasonable period, and knowing that the fault wasn’t going to correct itself, I needed to speak with the helpdesk. They were hoping that I could pass on some important information such as my login, account number, date of birth, that sort of thing. I managed the birthday part, but the rest of it was beyond me. I had two copies of the necessary information. One set was in Clipperz, and the other set was in an encrypted container, the password for which was in… You guessed it… Clipperz.
So, Clipperz – The Password Manager
I did some earlier research and decided that Clipperz was the online password manager that works the most like I want it to, and it has some interesting ways to deal with web links. The site is free, but does badger you from time to time to donate some of your hard earned cash to the project.
Online Password Managers – also called OPMs, use a variety of techniques to keep your security information safe. The primary requirement of course is that you trust them in two respects.
Firstly that they are what they say they are, and will actually treat your passwords in the way they promise to.
The second requirement is that their solution is actually as secure as they say it is, to ensure that your secrets are not divulged to anyone else.
Don’t confuse what’s happening here with saving passwords in your browser. That’s a whole different subject.
There’s no requirement to supply an email address, so you can be as anonymous as you like. Logins are based on a user name and a passphrase. That’s just like a password, but you are encouraged you to use something significantly longer. Choosing the phrase is out of the scope of this post, but the longer the better, in general. Clipperz indicates the strength of your phrase as you add it. (All of the info used for these screenshots is false. Relax.)
Once you’ve logged on, you’re presented with a card view. It’s empty the first time you hit the page, but each card relates to a particular set of information. For instance, your Yahoo address, login, password, etc. You can add and change the fields to suit your purposes.
Click Add new card to start. The first thing Clipperz wants to know is what type of card you want to create. A Web Password is the most common, so let’s start with that. Click the button next to the type of card you want. Click the Create button.
Each different card type defaults a different set of fields. You can use those supplied, or add some of your own. The confusing box at the top is for the title of the card, though it doesn’t say so anywhere. So change Web password to what you actually want the title to be. Webmail perhaps.
Fill in the other fields just the way you might think. Notice that the password field shows up as a row of stars unless you click the unscramble link below the field. If you don’t yet have a password, you can click on the button with the key to have one created for you. There are some options in the password creator to select required length, type of characters and so on.
Click the Save button to return to the list of cards. Every time you save something in Clipperz your data is locally re-encrypted, and saved back to the site.
To make use of the cards you’ve added, just click on the card in the list, and if necessary unscramble the password. Normal physical security rules apply here. No one should be standing behind you, for instance.
Direct One-click Logins
One of the unusual features in Clipperz is the ability to create a clickable link for a web page that will log you in without you having to type anything else. The site uses bookmarklets to capture the necessary code from the pages to login on your behalf. It’s a lot safer than it sounds, but I won’t go into that this time. You should take a look though. You can use complex (and therefore safer) passwords with ease using this feature.
Keeping Your Passwords Offline
This is the part of Clipperz that I like the most. With a single click you can create a fully encrypted local copy of your data that’s just as secure as the online one. An HTML page containing encrypted code that replicates the copy at the site.
There is one restriction on the use of the offline copy. It’s read-only.
I lied about the single click, too. It actually takes two. Click Data from the main menu, and then click the Download link further down the page.
Choose to save the HTML page that is created. Browse to the page and open it. Voila!
So how secure is Clipperz?
Is it safe? It’s a lot safer than storing your passwords in the normal fashion with websites, and plenty of people do that.
If you’re a security nerd, look up the specifications yourself. You can review the source code as well.
Clipperz has 20,000 subscribers and over 250,000 stored passwords.
As always, do your research, and decide for yourself.
Other Pasword Mangers
So I’m interested. What’s your strategy? How well does it work? Have you ever been stuck without the passwords you need? Like the ones to lock the kids out of the Net?