RSS Feeds
organise
PassPack Enables Offline Password Management with Gears
Posted by Kevin Purdy at 10:00 PM on July 8, 2008
Windows/Mac/Linux (Firefox or IE7): PassPack, an online manager for both your computer and web site passwords we've previously mentioned, has created an offline version using Google's Gears add-on. That alone makes PassPack a more useful tool, but you can also download PassPack onto multiple computers, online or off, and sync your password management between them all (assuming the offline computers can make a one-time connection). As Adam noted, the site goes a long way to explain its encryption and privacy measures; if that sounds kosher to you, its offline version makes PassPack much more helpful. Fans of Adobe Air apps should check out PassPack's "Desktop" AIR app. PassPack's offline version requires Google Gears, which runs on Firefox and Internet Explorer; hit the link below for installation instructions.
Tags: google gears | offline | organise | passpack | passwords | security
Comments (AU Comments · US Comments)
There are currently no AU comments for this post.
upnishad
Posted 10:29 PM 8/7/08
somehow Google gears or online solutions for safekeeping of my credentials don't make sense to me. [[the-geek.in]]
upnishad
Tara-PassPack
Posted 11:33 PM 8/7/08
@upnishad: Have a look at the Adobe AIR version as well.
You can use it completely offline, or in online>offline sync mode. It's your choice.
Cheers!
Tara
Tara-PassPack
mickbw
Posted 12:00 AM 9/7/08
is there a way to import your existing Firefox Passwords?
mickbw
pandecoco
Posted 12:24 AM 9/7/08
@mickbw: Answer:YES. With the help of this extension: Password Exporter...does a good job it does what it says plus it has an option to encrypt your usernames and passwords...It can also import/export disabled host(sites where you choose not to remember your passwords)...
A firefox add-on that comes in handy with this is the Secure login works like magic wand in opera, even have a shortcut key (alt+N) and it can handle multiple usernames and passwords... hope you enjoyed
pandecoco
thecodingeye
Posted 12:44 AM 9/7/08
It may be just me, but I wouldn't trust an online password management service. All I do to store my passwords is remember them. However, if I was to store them on my computer, I would just make a password list in notepad then slap on AES 256 encryption.
thecodingeye
monkeyboy
Posted 1:03 AM 9/7/08
-
monkeyboy
monkeyboy
Posted 1:03 AM 9/7/08
@thecodingeye,
Its not just you. Any logical person would realize that using an online service to store passwords is crazy. Its like writing all of your passwords down and locking it in a box with a padlock on it, then handing it to Joe Blow on the street. Sure its encrypted, but how do you know that there arent any security flaws or sneaky employees working for PassPack?
monkeyboy
zac.ice9
Posted 1:43 AM 9/7/08
@all - Agreed. I would need to be convinced that the online storage system was verifiably more secure than any pseudo-convenient method I could implement myself before I would even consider an online password management system.
If I could trust the service, and that is a BIG IF, I think an online password management system could be of great help, especially considering the fact that I could then exponentially increase the complexity of my passwords, if and only if that online security system could somehow automatically fill in the password for me.
What scares me the most about this solution, ironically, is that my passwords would also be stored on my computer. The simple explanation for that being: If I trust this service enough to use it, then that would necessarily mean that I would trust their online storage more than my offline storage. That being the case, I wouldn't want an offline copy that would only be a personal security liability.
Simply put, ideally there should be an online password management system, with auto-fill capabilities, that can also demonstrate to me that it is more secure than any method I could use myself (other than writing my passwords on a piece of paper and locking them in my safe, lol).
If someone could offer that for free, I would be on board. Otherwise, I agree with everyone here... solutions like this just scare me.
zac.ice9
fuderyuu
Posted 3:33 AM 9/7/08
Is there any kind of a solution that integrates with Firefox's built in password management but who's key feature is syncing up with a thumb drive?
I would love to sync my passwords between work and home but am weary of the online services.
fuderyuu
Al Iguana
Posted 3:57 AM 9/7/08
Keepass on a Truecrypt thumbdrive? Works for me :)
Al Iguana
Cyphon
Posted 3:56 AM 9/7/08
I just use the PasswordMaker addon in Firefox for all of my machines. You can export your settings to another machine and use the same hash password and viola. No need to store them or sync them anywhere. [passwordmaker.org]
Cyphon
fuderyuu
Posted 3:42 AM 9/7/08
Just to be clear, I know about Robo Form and hate it =(.
I hope there are other (possibly open source) solutions out there.
fuderyuu
saintseminole
Posted 11:25 AM 9/7/08
@thecodingeye: Exactly.
TruCrypt works fine, as do a few other programs. Or, if you're really worried about someone stealing your passwords, don't save them on your hard drive at all. Either a flash drive or (surprise!) your camera's memory card.
saintseminole
upnishad
Posted 5:02 PM 9/7/08
TruCrypt it is.
upnishad
brudo
Posted 12:53 AM 9/7/08
so, which one is better? air or gears version?
brudo
brudo
Posted 12:48 AM 9/7/08
so, which version is better? gears or air version?
brudo
Tara-PassPack
Posted 6:46 PM 10/7/08
@monkeyboy: If you want to have a look at the Passpack code, you can. It all runs in the browser's Javascript DOM.
We use the Host-Proof Hosting pattern because that is what protects the data on the server from rogue employees. All the data is encrypted in the browser, then sent to the server without the keys.
We've also just released an open source library for creating Host-Proof Hosting application. If you want to learn more about the architecture, that's a good place to start.
Hope that helps.
Cheers
Tara
Tara-PassPack
Tara-PassPack
Posted 6:39 PM 10/7/08
@brudo: The Gears and AIR versions are practically identical. AIR is easier to install, but won't work on Linux. If you're running Linux, you're better off with Gears.
Tara-PassPack
lfhckrreader
Posted 7:48 AM 10/7/08
Keepass and TrueCrypt work fine for me. For syncing the keepass file is on an usb-stick. So I can use it at every computer.
lfhckrreader
kfox
Posted 3:56 AM 10/7/08
@fuderyuu I work for Vidoop and we have a password manager service at [myVidoop.com]
We allow you to save your passwords online or offline in an encrypted file. This file could be placed anywhere you would like. We also support OpenID and have lots of security options.
kfox