Passpack: Protecing Your Passwords Online

Over the years, my password schema has evolved to be more and more complex. With huge, professional services like Sony PlayStation Online and Steam being compromised by hackers, it seems your passwords are not safe anywhere online. This means using the same password for everything you do just isn’t smart. I have essentially three levels of passwords.

Level 1

Totally insecure but easy to remember. This is for all the services that I sign up for on a whim and don’t contain any sensitive information beyond my email. You could argue that I shouldn’t ever use an insecure password, but I’m not too worried about someone hacking my LazyMeter account (task list), for example.

Level 2

Slightly cryptic, but used often enough that I can remember it. This one has a more than 5 characters, a combination of letters, numbers and capitalization. I’ve since added the first two letters of the domain to the beginning, so that the password is unique to each service. This is great for sites that I visit regularly and on multiple devices: home computer, work computer, my phone, etc.

Level 3

Totally random, the more characters the better. I use this tool to get a long, random string for any service that requires my credit card or social security number. You could argue that I should use this level of complexity for all my passwords and so I am heading that direction.

Obviously my brain could never remember a 14 letter random string of letters, numbers and punctuation. Saving this information in a text file on my computer kind of defeats the purpose. Between browsers saving form information and sites leaving cookies, I usually don’t have to type them in. But, what if I login from a different computer, or clear my cache? Or give my login to my wife?

For that, I’ve used Passpack without issue for at least 2 years. Although there is always the risk that someone could compromise Passpack and suddenly have access to all my passwords, I’m actually less worried about that. They use multiple levels of government level security to keep your information safe. I’m much more worried about companies like eBay or Sony who are not only larger targets, but also less worried about your security. With Passpack, that’s pretty much all they do.

I’ve since started using it at work and it has been a boon for productivity. Before we were storing passwords in a database and looking them up with phpMyAdmin. Now that everything is in Passpack, it is easier to search, available remotely, and easily allows us to share individual passwords without giving access to the entire set. This is perfect for remote developers or plain new staff that we don’t quite trust yet to have every password for every client we’ve ever had.

The best part: Passpack is a freemium service. That means the basic account is free and you only pay for access to more storage and other features. For most individual users, the free account is all you need.

  • Pingback: Our Favorite Project Tools « SiteGoals Blog()

  • Thomas Digby

    I’ve read quite a few articles about choosing passwords recently and how easy they are to hack etc. With regards to your level 1 and level 2 passwords both are fairly easy to hack. Hackers can use a whole array of tools to work out your password such as dictionary attacks or simply writing a system that will iterate through a list of possible combinations.

    Your level 3 password is totally random but still susceptible to the same attacks although it would take longer to crack (it could always be the first combination they try though, you never know). However with your level 3 password you have lost usability hence the need for Passpack. I’m not having a go at you for this but wanted to point out to any other readers who stumble across this is that the common web users won’t want to store there username / passwords anywhere, they probably won’t even know about online services that will do this.

    So how do you create a secure password that can be remembered? I’ve read in a few places that a jumbled up sentence can often be the best solution. The secure side comes from the length and combination of words in the sentence. The fact its a sentence or slightly jumbled sentence means the user should be able to recall it.

    Of course some sites have limitations of what you can have in your password… ridiculous really… it’s giving the hacker clues.

    • Thanks for the thoughtful comment! I’ve seen the argument for sentence based passwords before (http://xkcd.com/936/), but I have yet to start using it. Definitely something to consider.