PassPack and Clipperz: The Difference?

Digg! Updated on February 6, 2008.

Comparison table and features descriptions of two online password managers. Updated with the release of PassPack’s Beta5.

Like PassPack, Clipperz is an online password manager and personal vault. The crypto foundations, and general architecture of the two applications are fundamentally the same: A blend of industry standard algorithms, including AES-256, in a Host-Proof Hosting pattern. This combination ensures that the users data can’t be read on the server.
.
The primary difference in the two architectures is that PassPack uses a double access technique.
Beyond just User ID and Pass, we’ve added an additional Packing Key. This structure allows us a great deal of flexibility in handling our algorithms, and without which our anti-phishing pattern would not be possible, nor our “remember me” feature, nor many more to come.

PassPack vs. Clipperz: Comparison Table (October 2007)

Anti-phishing

Clipperz has no anti-phishing measures in place.

PassPack has defined an Anti-phishing technique that combines a custom Welcome Message, IP recognition and hand-eye training.

“Remember me” (with anti-phishing)

Clipperz encrypts with your password, thus can’t “skip” that step.

PassPack encrypts with the Packing Key, so you can skip User & Pass if you’d like.

Account Rollbacks

This is an important distinguishing feature. PassPack maintains a backup copy of your most recently saved pack – encrypted of course! Should you change (and promptly forget) your Pass or Packing Key, then we can restore your most recent backup and let you access it with your previous Pass or Packing Key – you need to remember at least that. It’s a real life saver!

Clipperz doesn’t perform Rollbacks.

PassPack can perform Rollbacks under certain conditions, read more here.

Checksums

As mentioned, we’re a bit skeptical on how useful a checksum could be in an internet context. Here’s why: I must go to Clipperz’s home page to see the values that my checksum should be producing. However, if I am in a phished version of Clipperz, it’s a moot point because the phisherman can falsify those values as well so that they match his spoofed version.

In theory, the user could circumvent this problem by saving a copy of the checksums from the homepage, then comparing the application to this local copy every time he connects. This would only work, however, if the Clipperz application has not changed in the meantime.

I just don’t think anyone would really do that – always, every single time, many times a day.

Clipperz uses checksums.

PassPack debates the usefulness of checksums, nonetheless has implemented them for the offline version only.

On-screen Security Features

Caution needs to be taken to hide sensitive information from passer-bys particularly in an Internet Point or open space office. This may include simple measures like scrambling the password field and locking the application manually, or automatically when left unattended. Also a password generator is a useful tool to break the password reuse cycle, as well as a pass strength tester to check the quality of your passwords.

Clipperz has most of these features, except auto-locking (manual locking only) and your password list is visible even when it’s “locked”.

PassPack has all of these features, all data is completly removed from the screen and memory when locked (either manually, or automatically).

Disposable Login (also known as OTP)

A Disposable Login is a set of Pass and Packing Key that can only be used once, then never work again. This is useful when you must connect to your Account from a public computer. Even if the Disposable Login is recorded and saved by malware, it will be useless and your real Pass and Packing Key will remain completely secret.

Clipperz has recently added Disposable Logins.

PassPack supports Disposable Logins.

Data Portability

Another differentiating point is data portability. Clipperz’s previous lack of an export feature potentially lead to a vendor lock-in, they’ve now added import and export. (Good job guys!)

Clipperz supports import, export and Printing.

PassPack allows you to freely Import, Export, Print, Backup and Restore your data.

Working Offline

PassPack can be used in Offline Mode as well as with an Offline Version. For example of what offline mode is: suppose I connect to PassPack on my laptop. Once I’ve logged in, I can disconnect from the internet, put the laptop in standby and leave for the day. As long as I keep PassPack open in a browser tab (or window) I can continue to use PassPack – no internet connection needed. When I get back online, I can press the Save my Pack button and all my changes will be saved.

Clipperz must have an active internet connection in order to work. However, they offer a fully functioning downloadable version for offline use – this is in read only and you can’t make any changes.

PassPack has also released an Offline Version. It runs on Google Gears, is fully functioning (ie. not read only) and is a Google Code Featured Project. Synchronization with online accounts is planned.

Clipperz has a downloadable Offline Version, you can’t make changes.

PassPack has a downloadable Offline Version, changes are fine, and will also work in Offline Mode.

Custom Fields

PassPack opts for speed, Clipperz for advanced templates. Clipperz allows you to create your own “card templates” which may include any number of custom fields. Once open, you can fiddle with many different fields, options and buttons. PassPack uses a simplified approach with no extra clicks – just open, fill it out, and save. There have been a lot of requests forcustom fileds for PassPack — it’s being considered, but no final decision is in yet.

Clipperz requires two clicks and some choices before entering any data, higher customization.

PassPack uses a one-click Entry window, for speed and a lower learning curve, lower customization.

Navigation

What happens when you have 50+ entries and need to find something quickly? Personally, I have over 200 entries in my PassPack account, so I find that the feature I use most is the Quick Search. I just type in a few letters and the list filters my entries in real time. I don’t think I could manage without it.

Clipperz lists all entries on a long, scrolling page.

PassPack has three powerful navigation tools: Alphabetical Paging, Quick Search and Tagging. You can also set the number of rows in your list.

Auto-login

Both systems offer auto-login. Clipperz’s “Direct Login” posts forms to websites. They use a bookmarklet to help you capture the information needed to configure a new Direct Login. The configuration process requires some copy and pasting and must be done singularly for each and every “card” in your account. A description can be found here.

PassPack offers a single tool (a bookmarklet) for both auto-login and configuration. The tool can be used in either standard or 1 Click mode. Teaching PassPack a new auto-login is a very simple process: just point-and-click. A common library of “learned” sites is populated by the users themselves, and is available to all – saving users lots of time. PassPack’s technique supports a wide variety of login forms, which Clipperz’s approach simply can’t cover.

Clipperz’s auto-login is one click from the sidebar, one at a time configuration required.

PassPack’s auto-login is 1 Click while you surf, configuration is fast and often not even necesary.

Summing up

Really, the choice is yours. The two systems offer much of the same base level security. We can say that both services offer these same benefits:

  • Free with Open Source Libraries.
  • Access anytime from any computer.
  • No software to download and nothing to install.
  • Avoid keeping secrets on your PC or on paper.

In addition, and I personally feel this is important, PassPack offers Anti-phishing.

The primary difference lies in ease-of-use and target audience. PassPack employs a click-and-go philosophy and can be used by the average person, while Clipperz targets the more advanced user, requiring a larger learning curve to get up and running: no import function, building cards with custom fields and manually pasting in the auto-logins. However, I’ve heard of some people that prefer Clipperz’s approach – so who am I to really judge?

My suggestion would be to try both for a while and see which feels better to you. Afterall, accounts are free and easily deleted.

In the end, the only truly important thing is that you choose – and use – a password manager.

Of course, I’m thrilled if you choose PassPack, but even if you don’t, Clipperz is a well built application and a valid alternative.

A Note
I did my best to be objective and accurate in this post. As always, corrections and suggestions are welcome. You can write me directly or post a comment below.

Digg!

Technorati Tags: , , , , ,

53 responses to “PassPack and Clipperz: The Difference?

  1. Cool. That’s what I partially did. ;) Do you know other competitors like you and PasswordSafe ? I would like to do a benchmark. Thx.

  2. Hello Loopoin,
    Yes, thanks for your article. It was great. :)

    Right now, the only two services that I know which are active are PassPack and Clipperz. Then there is Passlet, which actually beat us to market by a week or so, but unfortunately they haven’t evolved since then. Other services are Agatra (a pioneer service) and KeepYouSafe (personal vault). I suggest you run a search on google and see what you come up with.

    Let me know if you find anything interesting.
    Cheers,
    Tara

  3. Hi Tara,

    A very nice comparision between two similar services. As you have put it, the moot point that will differentiate PassPack from others is how much the user is able to relate to it and find its usefulness for their needs.

    The most important feature for me would be to be able to sync my online and offline data. Can work around it using the export and import functionality, but a much more transparent and seamless way to achive this would be a killer. Maybe a plugin in KeePass for PassPack? ;)

    Thanks for making it easy for many like me. Great work and all the best.

    Thanks,
    osafw

  4. @osafw

    Thanks. We’re looking into an offline solution – in the meantime, I’m glad to see your creativity and coming up with your personal solution using export and import.

    A plugin for KeePas… hmm… ;)

    Cheers,
    Tara

  5. I don’t know that I’ve ever seen such an unbiased article from a “competitor”. I very impressed with your objectivity (and depth) in comparing your product to Clipprz.

    I signed up to Clipprz two weeks ago, but I will definitely take your product for a spin.

    Thanks!
    Jase of New Orleans

  6. @Jase of New Orleans,
    Thank you! Please let me know what you think about PassPack,and if you have any suggestions for making it better.

    Cheers to you,
    Tara

  7. Tara, thanks for the input on my blog. I am giving PassPack a trial run and will post my findings on my blog. So far I like what I see!

  8. @Ryan,
    Fabulous! I can’t wait to read your findings. Let me know if you need any additional info from me.
    Cheers,
    Tara

  9. Pingback: Triviality » Blog Archive » PassPack - Another online password manager?

  10. I’ve been using http://www.just1key.com with no problems for over 2 years now.

    However today the service appears to be down….

    …so I started looking for an alternative. This is a real pain as all my password etc are stored on Just1Key. I’ve looked at both Clipperz and Passpack and I’ve gone with Passpack. It seems really good and quick. Though I would like the clipboard to auto delete after pasting passwords etc… Can this be done?

    Regards

    Simon

  11. @Simon
    Thanks! I’m glad you chose us. Right now, PassPack doesn’t do any work on the clipboard, but we have had some requests in this direction, so it is on our radar and we’re looking for a cross platform, cross browser solution.

    One thing which will minimize (to some extent) the use of the clipboard will be the upcoming auto login feature:
    https://passpack.wordpress.com/2007/03/22/passpack-auto-login-no-plugin-needed/

    Since the auto login doesn’t use the clipboard, there will be no need to empty it. This clearly only applies to those times when the auto-login is applicable. But it’s a good start.

    Cheers,
    Tara

  12. Would it be possible to introduce an onscreen keyboard for entering username, password and code etc?

  13. @Simon
    It’s a possibility. I’ll put it on our requested featured list. Thanks,
    Tara

  14. Pingback: My password manager | The Danesh Project

  15. Pingback: dev » Blog Archive » My password manager

  16. Hello,
    I found your side yesterday and enjoy it very much.
    I use KeePass for some time and think the idea of a KeePass PlugIn is very interresting and hope you go on this way.

    The only thing I miss is the possibility to upload License Key files like it is used by Totalcommander or Directory Opus etc.

    Cheers
    Thorsten

  17. Hi Thorsten,
    I’ll “add 1″ to the Keepass plugin in our requested features list. File upload is also an interesting idea. :)

    Cheers,
    Tara

  18. damon hill

    i use clipperz because of the multi field direct login feature (i.e. where a site needs DOB or Mothers Maiden name)

    I believe you dont support this but correct me if I am wrong..

  19. Hi Damon,
    Nope, you’re not wrong. Techincally it’s possible, but we’ve opted not to use custom fields for now. :)

    Cheers,
    Tara

  20. I still vote for custom fields in PassPack ;-)

  21. Hi Dennis,
    Great! I love to see folks vote. It helps us prioritize.

    +1 for custom fields in the feature requests lists.

    Cheers,
    Tara

  22. Tara, just wanted to let you know I am loving the 1-click login feature. An enhancement I would like to see:

    – Option to set the number of entries in a page (default at 10). Quick search is very helpful but when I am looking up by tags, this can help with page navigation when I use the same tag for a large number and I can’t remember the name.

    Thanks for such a great product!

  23. K-IntheHouse,
    Great, I’m glad you’re pleased!

    Here’s how to set the number of rows.

    Let me know if that’s not the info you were looking for. Cheers.

  24. Thanks Tara. That works awesome.. any chance it could be set higher than 20?

    I am writing a PassPack review as we speak and I was wondering if I could use the above comparison table with your permission? Cheers.

  25. K-IntheHouse,

    We set the limit at 20 to avoid stressing the browser. Rendering that table can be rough with more entries.

    You can download/copy/screenshot and use whatever you’d like from the site or blog.

    Cheers,
    Tara

  26. +1 more vote for custom fields please :)

    Otherwise loving PassPack! I am in a move to transfer all my ‘applicable’ native applications to Web based versions, since I use multiple operating systems. The last real challenge is the saving of Product Keys. I have been using keyfiler.com, but their site is often down of late. Custom fields (kinda like Clipperz’) will be perfect for this.

  27. …and I forgot to add a +1 for file uploads to items too :)

  28. Hi Brian,
    Ok, you’re votes have been recorded. :) Thanks.

    On the Keys, you can use the notes field for now. But yes, I understand that that’s not ideal for you.

    Looks like Keyfiler has a CVS export option, so you might also want to read this post:

    CSV Import Help for PassPack

    Cheers,
    Tara

  29. I’m considering the options of using either Clipperz or Passpack, and must say that it is a tough choice. I must say that the offline version of Clipperz does seem to have some sort of an edge over Passpack’s offline mode, since this stored version can be readable even if you close the browser session, even if you store it on a USB and transport it to another computer with no internet access. True, it does not have write capabilities, but it can be accessed completely offline (although you would have to remember to save this offline copy frequently).

    I do like better the overall interface and organization capabilities of Passpack.

  30. Oh, and the KeePass plugin suggested by osafw would make it an even better solution for seamless online/offline access. Strangely enough, in these days there are still times when one simply can’t get online at all.

  31. Hi Irian,
    Thanks for the feedback. I like osafw’s idea as well. He’s also got a good system it seems to work around the issue in the meantime.

    But yes, it’s high on our to-do list (which is good, because that’s a looooong list).

  32. I have tested both PassPack and Clipperz and have chosen PassPack. The 2 layers of security and the speed were big factors for me. I do like the ability to create your own fields in Clipperz but don’t like how the varied templates look and the slower response. I would like to suggest instead of the ability to create your own fields maybe just add a few more consistent fields.
    Licensed To:
    Key:
    Account Number:
    Route Number:
    PIN Number:

  33. Pingback: Blog83.net » Blog Archive » PassPack gestore di password blindato

  34. Pingback: How do you keep track of your passwords? | Srcasm

  35. I would strongly recommend to introduce an onscreen keyboard for entering username, password and code etc, coz i have to used the net on many unsecured systems, So this will solve the problem of key-loggers.

    Tara, There are always some bad people and naughty net cafe’s, who installs key-loggers to steal the keyboard entries and steal the accounts of other persons. So add +++ on the online keyboard feature. :)
    Thank you for this great product.

  36. @sajidalimudassar

    I addressed keyloggers here for you

    I agree, it’s an important problem.
    Tara

  37. I also think the onscreen keyboard is a very valuable feature. If possible, please promote it higher up on your list! ;)

  38. @Basheer
    Unfortunately, the on-screen keyboard isn’t all that effective for thwarting keyloggers. Many can easily grab your password even with this work-around.

    Have you tried Passpack’s Disposable Logins?

  39. Pingback: The Blog That Goes Ping » Blog Archive » Clipperz review

  40. When Clipperz and Passpack were both making headlines last year, in review sites and forums, Passpack was actively monitoring Clipperz’s claims on their offerings and commenting on them. I remember a post commenting on Clipperz that I read in a forum, I think it was Tara or one of the other ladies at Passpack that said something about Clipperz’s offerings (can’t remember if it was negative or just an opinion), it’s architecture, and that as a rival in the same business-type, Passpack knew all about Clipperz’s technology, probably knew it even better than Clipperz did themselves etc etc.

    It’s all very well that you’re actively monitoring the marketplace for your rivals etc, and having a comparison page such as this, but Clipperz seems to be solely maintained by 2 people as an AGPL offering, looking for investors etc etc, whereas Passpack has gone far beyond that. I have reviewed both services, and like any thing in the world, both has its cons and pros. I do like Passpack’s layout,design and offering in general, but Clipperz in this case appeals to me more in the sense that the people behind the project are humble, they aren’t going all out against their rivals, and hence gives a warmer and friendlier impression to a cautious user, not the MS/Google take on the world approach.

    Don’t get me wrong, I’m not drawing comparisons of Passpack to the former, my point is, competition is healthy in any environment, and in this case, the user can only benefit from healthy competition between different offerings, instead of just one leading company in this field. Clipperz’s blogs are mentioning that the 2 leaders in the projects are losing resources to maintain the project in the same momentum, and I would hate to see them go down, while passpack maintains its growing positiong. Clipperz do not appear to have the same resources(marketing or otherwise) as passpack, so my final point is, cut them some slack.

  41. @Ryan gun
    Thanks for the feedback. I’m not going to reply back on all points, simply sit back and take your thoughts into consideration.

    I do just want to clarify that this post was written and last updated back when Passpack was also a two-person show (Francesco and I), so the comment you mentioned was likely mine.

    When we published this post, we actually sent it to Marco at Clipperz for pre-approval to make sure we weren’t making any false claims. He gave us the go-ahead. Marco, Guilio Cesare, Francesco and I have met up on various occasions and think we all agree that the Clipperz/Passpack dichotomy was good for all around. I’d much prefer to be in a growing market, than one where companies are dropping out. It’s not a good sign … luckily some new competitors are popping up.

    Both Passpack and Clipperz are Italian companies – so the competition wasn’t just for users, but for (limited) Italian investment dollars as well. We’ve always teased each other that once one was funded, the other would have likely followed shortly thereafter.

    That didn’t happen though. No one knows exactly why, but it didn’t. Since then we’ve stopped competing directly with Clipperz (exception made for the theoretical debate around Zero-knowledge Web Applications…).

    Marco’s last post was simply painful to read. It hurts to see a friendly competitor drop out of the race. I hope they make a comeback. Clipperz is a much more worthy product than some of the newer ones that have recently come out.

    Sorry for rambling. It’s a rainy Sunday and your perception of a impersonal-take-over-the-world Passpack means one of my bigger fears is coming true: we’re not expressing ourselves correctly.

    I’ve got some thinking to do.

  42. Ryan Gunn

    Hi Tara,

    I didn’t mean for my post to be an attack of any sort, if it did come across as that. It’s probably a different tone from the rest, that’s why. I was writing with what limited knowledge I have behind the scenes – I wasn’t aware that passpack and clipperz were both Italian companies and the implications that followed.

    Firstly, I mean it when I say I wasn’t drawing comparisons to firms that do the impersonal-take-on approach when they grow far too big for their own good. Honest, I simply used that as a strong indication of the end of the scale. I think Passpack has a great offering, more importantly I think it’s fantastic that you do all you can to respond to all feedback from users (cue your last post which was quick!).

    It’s a shame that Clipperz hasn’t been able to maintain it’s momentum, and I am not implying in any way that it’s got anything to do with passpack’s position. In fact, way I see it, there’s only 2 main players in this particular area that have been able to make a statement about themselves – clipperz and passpack. This says two things – that both teams have been able to make it this far with their own following, which is great, and that perhaps this market could do with a bit more healthy competition from others. Fingers crossed , as you were saying new ones seem to be popping up =)

    You both have a great product going on, and the way I see it, both have different approaches to their offerings, which I think is great – more options for the user.

    Once again, please don’t take my last post the wrong way.

    Thanks for the effort you guys put in to Passpack and for taking in our feedback !!

  43. @Ryan Gunn
    Thanks for the quick reply, and I appreciate your remarks. No worries, I didn’t feel attacked – your tone was fine.

    My concern about Passpack’s image is more generalized, your comment just triggered a concern I already have. We’re growing. And as that happens, we’ll have to keep battling the impression that we’re becoming “one of them”.

    I really do appreciate that you came onto the blog to let me know about it too. As we grow, I get busier and busier. It’s hard to keep up with what’s going on outside of the blog, my twitter, etc. So thanks for bringing your concerns here. It helps.

    Cheers to you.

  44. Ryan Gunn

    I wouldn’t say it’s easy to stay in the loop with the user’s end when one is busy growing the business and I think we have nothing to worry about – unless Passpack starts churning out a full-fledged selfbranded web browser? haha..

  45. A secret admirer

    Unfortunately clipperz is attracting the biggest slice of the growing interest population because of its set up once, use forever approach. Cool graphics can’t beat true single click sign in to anything, which is precisely what the password manager crowd (including myself) is looking for. Usability comes first, I’m considering developing the clipperz platform to my own cool looks and couple of extra features and using that as a “none of the above” option. Why write this.. you guys are putting in some genuine development effort and I wanted you to know it’s much appreciated.

  46. I’m just a regular user, comparison-shopping. I hope the two providers will both respond to my questions, so i’m posting it on both their sites.

    PassPack’s Comparison Table:
    https://passpack.wordpress.com/2007/04/10/passpack-and-clipperz-the-difference/

    Click-itis:
    personally, i’m less concerned about the number of clicks it takes to “create” a new auto-login, because that’s only done once. i’m more concerned about the number of clicks it takes to login on subsequent visits, and the strength of security. clipperz apparently wins this one.

    clipperz mentions passpack’s “100 seconds window” in which the user can login, as if that’s a bad thing. it’s not an overt criticism, but they sneak it into their critique, because it “sounds” like a limitation. the 100-second window is actually a good thing– if i walk away from my computer, the login will time-out, and the guy in the next cubicle won’t be able to log into my accounts. it improves passpack’s security. point against clipperz for being sneaky, point for passpack for yet another security layer.

    Zero Knowledge:
    “no data is transmitted to the Clipperz server when a user click on a “direct login” link” –i don’t really see how that’s possible. their servers hold my password info, so how can they log me in without knowing which password to transmit? when i click on a “direct login” link, that submits my click back to clipperz server, does it not? Hard to believe clipperz has zero knowledge. unless they cache my passwords on my local pc, but how could they, if it’s accessible from any computer? i think maybe they mean that passpack collects info about who adds auto-login sites, but clipperz does not. big deal.

    clipperz, and passpack, can both track the actual auto-logins i perform, which means clipperz can still track my personal login activities. not that i really care, i’m not doing anything illegal. so they know i logged into my gmail, so what?

    but are they keeping a log of my logins? if so, then they better be giving me access to that log, so i can see if a hacker, or my wife, logged into my gmail yesterday, when i was on the train to ohio (i’m not married, and i never go to ohio, but you know what i mean). do either of these services give me access to my login history? i would want that.

    clipperz says “if you are helping PassPack to grow the collection of websites that “auto login” can handle, consider that your username and email will be linked to every website you “teach” them!” Sounds like a legit complaint– what does passpack really mean by “for security purposes…we store information that may help us identify the account that registered.” what security purposes? hmm, i could see how someone could theoretically use their library of auto-login sites to mount some sort of brute-force password hacking scheme. is that what they mean? if so, then passpack could more easily track hackers, so this could be a point in passpack’s favor.

    Installation:
    i need to login from multiple computers, including shared or public computers, so the requirement of a bookmark may make passpack unusable for me. it means, if i’m at the library, i’ve got to go through the install procedure, and if the library computer prevents me from adding bookmarks to the web-browser, i’m out of luck. major points against passpack for that.

    Security:
    passpack’s “double key”, modify user id, anti-phishing, automatic application-locking are all security advantages over clipperz (even tho i may not have the time to study what exactly they all are). passpack has “two-factor authentication” in the pipeline (as of 10/07). passpack seems to beat out clipperz on security in a big way.

    Clipperz says “When a PassPack user clicks [autologin], It’s sensible to imagine that the “mini pack” [sent from my computer to passpack] contains the user credentials for the specific website.” first, i see this as a security issue, not a zero-knowledge issue. but I don’t understand why the minipack would contain my passwords– my user credentials are stored on the passpack server, not my local computer. both services send their data with encryption.

    clipperz has “Referrer obfuscation” and checksums –i don’t totally get that, but it sounds good, and passpack doesn’t have those.

    Recovery:
    if you forget your passpack login credentials, you’re out of luck. what!? bad, very bad. absolutely catastrophic. major black mark against passpack for that.

    clipperz does not appear to have an offline app, but i don’t want an offline app. web-based password-management is the whole point– i’m only using it for website passwords. on the other hand, what if i had local secured apps, and i was in a job that did not allow internet access? can’t use clipperz. so, ideally, i would prefer a dual online/offline password manager– a web-based app with a secure local cache (generally, i prefer web-based apps to installed apps– it’s the future, yo!)

    Performance:
    clipperz says: “Firefox may display the following warning message: “Unresponsive script.” That’s while using clipperz, not passpack. And it’s baaad. they should eliminate the error, somehow. either by remotely adjusting firefox’s max_script_run_time value, or by sending repeated “i’m still thinking” messages to firefox, to prevent it from timing out, or by pushing the computation to the server-side, or to the client-side, or by accelerating the computation, or whatever! this kind of error could easily lose them tons of customers, who will just give up and switch over to passpack. big point against clipperz.
    http://www.clipperz.com/support/general_faq#How to get rid of Firefox unresponsive script pop-up dialog boxes?

    Documentation:
    clipperz has a lovely, well-organized user-manual, with a table of contents. love it. i cannot find the same on passpack’s site. big point in clipperz favor.

    Export:
    passpack’s comparison table says clipperz does not offer offline backup, but clipperz site says “Users can dump their encrypted data from Clipperz servers to a local hard disk” in json or xml, and can import from json, xml, Roboform, Keepass and PasswordPlus, Excel, and CSV. point against passpack for incorrect info– and it makes me doubt the credibility of the other info in their table– i suspect that it’s simply outdated, not intentionally deceptive. clipperz needs to respond to passpack’s comparison table. both offer some kind of import, but clipperz appears mighty robust.

    Disposable Logins:
    brilliant. only passpack has ’em. yet another security layer. big points for passpack.

    Orange:
    juicy sweet modern Orange is nicer to look at than stale, pale, grammar-school green. clipperz wins on color. sexiness matters to me, baby.

    Self-Hosting:
    Clipperz has an open-source system you can download and run on your own server, for example to manage internal passwords for your organization. bravissimo! point for clipperz.

    Tone:
    i don’t see anything wrong with the tone of this article. when ambitious companies compete, consumers benefit. This article, and passpack’s comparison, make my comparison-shopping much easier! but for passpack to criticize clipperz on “tone” seems like a red-herring– a distraction from substance.

    Competition:
    In 9/08, Tara from passpack said “we’ve stopped competing directly with Clipperz (exception made for the theoretical debate around Zero-knowledge Web Applications…). Marco’s last post was simply painful to read. It hurts to see a friendly competitor drop out of the race. I hope they make a comeback.”
    https://passpack.wordpress.com/2007/04/10/passpack-and-clipperz-the-difference/#comment-9769

    So, clipperz is going out of business? Or, passpack got funding and clipperz didn’t? if you’re both still in business, then you’re competitors, like it or not. Tara, you should not take competition personally. i think tara just does not like the fact that clipperz is, apparently, upping the ante. go clipperz. make passpack better! passpack, make clipperz better! its all better for me!

    i’m sure there’s more to compare, but i’m out of steam. You both need to do an up-to-date comparison page.

  47. correction:
    Clipperz does not have password recovery (of your clipperz password, not the passwords of your external accounts). Neither does passpack, but at least passpack can roll you back to your last passpack password, if you changed it recently.

    i am guessing that’s done as a security precaution, but seriously, if my bank (and every other website in the universe) feels safe giving me a password recovery mechanism, then passpack and clipperz should. there are all sorts of security layers they could include in the password recovery system to protect it from hackers, like question-response (eg ‘your mother’s maiden name’), text-as-picture (come to think of it, are they doing text-as-picture for my stored passwords, or some other safe-display mechanism?), etc.

    lose your passpack or clipperz password, then you can no longer access ANY of your stored passwords. ie, you’re fugged.

    which means, i have to store my passpack or clipperz password on my local computer, to protect me from forgetting it. which means anyone who has access to my local computer can get my passpack/clipperz password, and thence ALL OF MY PASSWORDS!

    which destroys the whole reason for having a password management system. that’s simply unacceptable, as well as unbelievable.

    am i missing something here?

  48. @A secret admirer
    Thanks for the heads up. I think :) We’re also working on a plugin for even faster login if that would interest you.

  49. @johny why

    Passpack can reset your password for you, but not the Packing Key.

    It’s actually OK to print out a copy of your credentials, as long as you keep them in a safe place (like a lock box). If you login often enough, you won’t forget them. And if some time passes and you’re unsure, go get the print otu form the lock box.

    We very rarely have requests for a forgotten Packing Key from users that login frequently.

    There is a technical reason why Passpack (and Clipperz) can not reset this for you. Both applications are based on what’s called Host-Proof Hosting:

    https://passpack.wordpress.com/2008/03/10/host-proof-hosting/

    That ensures that you have complete data privacy. It means that we don’t have your Packing Key, thus can’t reset it for you.

    Hope that helps.
    Tara

  50. @johny why

    Hello again. Sorry, your first comment was in moderation. i missed it and replied to the second one only. Here to make an amends…

    Yes, this post needs some updating. We’re about to move the blog to a new home, so likely this post will be left behind. I’ve started information gathering for a larger comparison, among various online password managers. But if/when I get it up, it’ll likely be a wiki of some sort. In the meantime, I hope your comments help others in their decisions.

    Also, we published a new Help Center yesterday. That’s here: http://help.passpack.com

    Cheers.

  51. Tara, I’m looking forward to your future comparison.

    PACKING KEY RECOVERY:
    I’m optimistic that, with some creativity, it would be possible to protect people from forgetting their packing key. you could:

    1) store it on my computer locally, in a directory that’s encrypted. that’s still better than printing.

    2) or, create a custom hint system, which will not contain my packing key, but which will tell me the hints i created, to help me remember the packing key.

    3) or, i’ve had jobs with investment companies, where they gave us an electronic keychain, which would display a new number every 5 minutes. we had to combine our permanent password with the temporary key code, to log into their system. couldn’t you do something like that, except the keychain would be a web-based display. your disposable login is something like that. i guess this does not protect people from forgetting their packing keys– it’s a redesign of your packing key system. just an idea.

    4) or, give me the option to have two or three packing keys, so it’s more likely i’ll remember at least one of them.

    a) i guess rollback is a way of doing that. in which case, let me set a “soft” expiration on my packing key (time-period of my choice), and send me an alert on the day of expiration, inviting me to optionally change my packing key, keep it the same, or turn off the “change packing key” alerts.

    b) you could also offer optional periodic “change user ID” alerts, to improve security.

    perhaps you could implement several or all of these features, plus maybe more, which i think could help protect people from forgetting their packing key. Currently, you offer NO such protection, which i think contradicts your whole reason for existing– to protect people against forgetting their passwords. you said, “If you login often enough, you won’t forget them”– if that were true, i would not need a password manager for my other passwords!

    what good is a printout, if i’m not at home? i find it a little unsettling for a password-management system to tell me i need a printed backup, in a lockbox. so now i have to go out and buy a vault, in order to use passpack? it just doesn’t seem right.

    i think my bank does not know my password, but their system can still reset it. are you saying your dual password/packing key system is more secure than my bank’s password-only system? if so, why doesn’t my bank use it?

    ROLLBACK:
    Question: does rollback also roll back the stored passwords? does it roll back the passpack password? does it roll back the username? i could not find these answers after searching your blog and knowledge base for 5 minutes. maybe i could find it in 10 minutes, but i get impatient with knowledge bases when i cannot find my answer in 5 minutes.

  52. by the way– i had a bad experience with pgp, where i lost the ability to a local encrypted pgp archive. i remembered my correct passphrase, but the archive lost the other half of the security key. it needed to get it from a local file, now gone forever. this pgp vault contained vital, valuable information, also now gone forever. so i’m terrified of having a similar problem with passpack, if i forget my packing key, or some other slip. your security system should have backup mechanisms, to protect me against myself.

  53. re KeyChain method: MyVidoop seems to do something like that, with image authentication. in their system, the password is different every time you log in. very interesting system. i believe they are another top-contender in password management services (they are the only other mature, user-friendly service i’ve seen yet, after passpack and clipperz.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s