Here at PassPack, we sign up for all sorts of password managers. We test them out, see how they work and confront the service with our own. Well, we also signed up for a PasswordSafe account. And here’s the result:
1. Email is not protected by default. Anyone (even the clumsiest of hackers) can read email while in transit. No site should EVER send your password over email – but certainly not a site that holds the key to my entire online identity!
“E-mail sent over the Internet is more like paper mail on a postcard than mail in a sealed envelope. […] Hackers can read and/or forge e-mail. Government agencies eavesdrop on private communications.” – From Introduction to PGP
2. They can clearly look up my Username and Password – but there is no Packing Key … and they can obviously look up my password in clear text. They can read my stored passwords as well.
Did you know one of the primary causes of data theft occurs form inside the company? What happens if someone at PasswordSafe decides to steal some data? It could happen.
“The Ponemon survey quizzed over 450 U.S. information technology professionals as to the causes of data breaches at their companies. 78 percent reported an insider-related data breach had occurred on the job…” – ConsumerAffairs.com
At PassPack, not even we can read your passwords. We don’t know your Password, and certainly not your Packing Key.