Password managers (both software and online) are tools that enables you to remember just one very strong password to protect your many other very complex passwords that you don’t have to remember.

The alternatives are well known: use the same password for all your accounts, or use easy-to-remember (and to guess) passwords.

The choice is up to you.
Marco

> Couldn’t the unauthorized person use the service in the way it is intended for authorized users?

Definitely not. There is nothing he can do to exploit the service without the knowledge of the user passphrase.

I guess that’s what I’m curious of. What if someone learns of your user passphrase? Doesn’t that open them to all of one’s services no matter how many passwords one has. Not that they would see the other passwords, but they could login to the various places managed by Clipperz. My curiosity stems for wondering what good is it to have multiple passwords if they are ultimately controlled by one? Wow, that sounded a little like a line from Lord of the Rings. Hehe.

I’m quite interested in the “zero knowledge” concept for secure identification. I’ll check out some of those links.

> what happens if your Clipperz account is compromised?

The only way to compromise a Clipperz account is getting hold of the user passphrase. Even if someone steals our servers he will not be able to access any user data in clear.

> Couldn’t the unauthorized person use the service in the way it is intended for authorized users?

Definitely not. There is nothing he can do to exploit the service without the knowledge of the user passphrase.

> I’m also curious what other types of data you secure through the Clipperz service.

Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the “zero-knowledge” web apps.

Applications where the provider is simply in charge of delivering the Ajax code to the user’s browser and then storing user’s data in an encrypted form on its servers.
Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.

Detailed information about the crypto foundations are available here:
http://www.clipperz.com/learn_more/crypto_foundations

The “zero-knowledge” paradigm could be used for a wide range of applications: a personal finance manager, a confidential to-do list, patient records for physicians, …

Clipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP, …).

Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.

More info about performing a security code review is available here:
http://www.clipperz.com/learn_more/reviewing_the_code

You can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license.
Download it here: http:/code.google.com/p/clipperz

Feel free to contact me for any further information,
best regards,
Marco

Using a password manager is not merely convenient, it’s an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.

Software products are certainly an option, but you could also consider a web based solution.

Clipperz is an online password manager that can do much more than simply storing your passwords.
- ubiquitous access
- direct login to online services
- offline version
- bookmarklet for quick data entry
- nothing to install or backup
- …

It’s free and completely anonymous.

Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.

The key for the encryption process is a passphrase known only to you.
Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.

For any further information refer to our website:
http://www.clipperz.com.

Marco
Clipperz co-founder

Jibran, I wouldn’t say paranoid as much as I would say digital life management tips. If identity theft weren’t a common reality, then perhaps it would be paranoia. As far as a tiered password system, that’s just about convenience.

William, I’ve seen more and more people using password wallets, such as PasswordSafe. I haven’t looked in that specific one, but I will know. Thanks for the tip!

Mike, first, congrats on selling BusinessLogs. I’ve had at least 3 main email addresses in the last 5 years and it is confusing to people. How are your merging them? Are you just forwarding them to a single box?

One thing I’ve been doing recently is merging all my email into just my @9rules.com address since I sold Business Logs. Keeping track of multiple email addresses is tough, especially for my non tech-savvy parents who are confused by the different options :)

I use this fantastic little program: Password Safe. I’ve got it programmed to a ‘hot-key’ on my keyboard for quick access and it allows me to have (and generate) unique passwords for sites. It also stores login, URL, and anything else you want to remember. I like the idea of a notebook, however, my handwriting is horrible to begin with and I’m likely to lose it… The only real drawback is when I forget to update the database on my USB key/stick/whatever with the current one from my main notebook. Other than that, it’s the only way I’ve found to SAFELY keep track of all the login info… I think I’m approaching 250 entries so far….