simpixelated.com

illustration of Jordan Kohl

Passpack: Protecing Your Passwords Online

— 2 min read

Over the years, my password schema has evolved to be more and more complex. With huge, professional services like Sony PlayStation Online and Steam being compromised by hackers, it seems your passwords are not safe anywhere online. This means using the same password for everything you do just isn't smart. I have essentially three levels of passwords.

Level 1

Totally insecure but easy to remember. This is for all the services that I sign up for on a whim and don't contain any sensitive information beyond my email. You could argue that I shouldn't ever use an insecure password, but I'm not too worried about someone hacking my LazyMeter account (task list), for example.

Level 2

Slightly cryptic, but used often enough that I can remember it. This one has a more than 5 characters, a combination of letters, numbers and capitalization. I've since added the first two letters of the domain to the beginning, so that the password is unique to each service. This is great for sites that I visit regularly and on multiple devices: home computer, work computer, my phone, etc.

Level 3

Totally random, the more characters the better. I use this tool to get a long, random string for any service that requires my credit card or social security number. You could argue that I should use this level of complexity for all my passwords and so I am heading that direction.

Obviously my brain could never remember a 14 letter random string of letters, numbers and punctuation. Saving this information in a text file on my computer kind of defeats the purpose. Between browsers saving form information and sites leaving cookies, I usually don't have to type them in. But, what if I login from a different computer, or clear my cache? Or give my login to my wife?

For that, I've used Passpack without issue for at least 2 years. Although there is always the risk that someone could compromise Passpack and suddenly have access to all my passwords, I'm actually less worried about that. They use multiple levels of government level security to keep your information safe. I'm much more worried about companies like eBay or Sony who are not only larger targets, but also less worried about your security. With Passpack, that's pretty much all they do.

I've since started using it at work and it has been a boon for productivity. Before we were storing passwords in a database and looking them up with phpMyAdmin. Now that everything is in Passpack, it is easier to search, available remotely, and easily allows us to share individual passwords without giving access to the entire set. This is perfect for remote developers or plain new staff that we don't quite trust yet to have every password for every client we've ever had.

The best part: Passpack is a freemium service. That means the basic account is free and you only pay for access to more storage and other features. For most individual users, the free account is all you need.