How “Safe” is PasswordSafe?

Here at PassPack, we sign up for all sorts of password managers. We test them out, see how they work and confront the service with our own. Well, we also signed up for a PasswordSafe account. And here’s the result:PasswordSafe Email

1. Email is not protected by default. Anyone (even the clumsiest of hackers) can read email while in transit. No site should EVER send your password over email – but certainly not a site that holds the key to my entire online identity!

“E-mail sent over the Internet is more like paper mail on a postcard than mail in a sealed envelope. […] Hackers can read and/or forge e-mail. Government agencies eavesdrop on private communications.”From Introduction to PGP

2. They can clearly look up my Username and Password – but there is no Packing Key … and they can obviously look up my password in clear text. They can read my stored passwords as well.

Did you know one of the primary causes of data theft occurs form inside the company? What happens if someone at PasswordSafe decides to steal some data? It could happen.

“The Ponemon survey quizzed over 450 U.S. information technology professionals as to the causes of data breaches at their companies. 78 percent reported an insider-related data breach had occurred on the job…”ConsumerAffairs.com

At PassPack, not even we can read your passwords. We don’t know your Password, and certainly not your Packing Key.

Folks – yes, I want you to use PassPack because we built it, and I believe in it. But regardless of which service you chooseI BEG you: Be careful, ask questions, and test it out.

Digg!

Technorati Tags: , , , , , , ,

Advertisements

4 responses to “How “Safe” is PasswordSafe?

  1. Hi I appreciate your effort to carry out an analysis of PassPack with another password manager. But it would be great if you can do a comparison with Clipperz too. PasswordSafe is hopeless in terms of security and is not a fair comparison to PassPack.

    Thanks

  2. @osafw
    No, this isn’t an comparative analysis with PasswordSafe – just a warning.

    On Clipperz – done. Here you go:
    https://passpack.wordpress.com/2007/04/10/passpack-and-clipperz-the-difference/

  3. i DON’T SEE A SECURE LOCK ON THIS SITE…LEAVES ME TO WONDER IF THIS IS REALLY SECURE

  4. Hello M,
    This is just the Blog. PassPack’s site is secure (it has the lock). Here it is:
    https://www.passpack.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s