Meet Jesse & Share Your Thoughts

Hello everybody!  I’m Jesse Middleton (also known as Srcasm on the world wide web) and as you may or may not know, I’m also the newest addition to the Passpack team.  I have been following Passpack since it was a baby password manager (and it still had two capitol letters in it’s name).  I’ve been excited to see features like 3rd party logins, secured messaging and offline support grow out of the product and I’m even more excited to help Passpack and the great team behind the product continue to provide an excellent tool for your web toolkit.

I started my career in the network security field and since then I’ve slowly moved my focus to provide community and technology evangelism with a security twist.  My job is to help you learn how you can use Passpack to better your business and personal life through a security-minded suite of tools.  I want to share with you my simple rule that enables me to help you:

I read, listen and respond to every email, IM and comment you leave for me.  I will also ask you questions to help me understand what you’re looking for from Passpack.

Sounds simple, right?  It is.  And with that, I have my first set of questions for you.  You can answer these securely and privately in the web survey we’ve setup, e-mail me at or simply leave your comments below.

  1. We released the ability to send secure messages last week between Passpack users.  This feature not only allows you to send secret notes to your one true love or other important information to your boss or clients but it’s also the start to building password sharing.  A couple other things that we rolled out with this feature was the “Ring of Trust” and your “community name”.  Your community name is the name by which people who want to add you to their Ring of Trust use to reach you.  We understand that this may be a bit confusing with all of the terms such as the login name, password, packing key and now community name so we’re looking to you for suggestions.  Do you feel that the term “community name” is a good term for this piece of Passpack or would you change it?  What might you change it to and why?
  2. In addition to secured messaging between Passpack users, we will soon be rolling out another great feature — secured messaging to non-Passpack users.  This means that if you need to send your social security number or bank account to your mother that isn’t on Passpack, you can (although we do hope she decides to sign up as well).  In addition to this it means that we may be changing one of our rules.  The welcome email from Passpack currently says:
    “To combat phishing, Passpack does not send emails containing links.”
    Since we’re going to allow you to send secure messages to non-Passpack users, we will be sending those people an email that informs them that they have received a message.  We’d like to know whether or not you’d like this email to contain a direct link to the message or directions that let the person know that they need to go to and enter a verification code from the email.  Do you think we should include the link or no?  What other ways could you see the recipient getting your secure message?
  3. Finally, we’d like to know other thoughts you have on Passpack and our security suite.  Do you like the features that we’ve rolled out with so far?  Would you like to see more or less of something?  This is where you’re ideas, comments and suggestions can help us to build a better product for you.

There you have it.  You can reach the anonymous survey here or you can send me an email and I’ll be sure to get back to you as soon as I possibly can.  Thanks a lot for your continued support in the Passpack community.


12 responses to “Meet Jesse & Share Your Thoughts

  1. My thoughts:

    1.) Why can’t the log-in name be the ‘community name’?

    2.) Links in the email are always good for me. But not including links will drive more traffic to your site, because then people are forced to go there. So if traffic is important (ad clicks, etc.) then that’s something to think about.

    3.) Seems like a cool idea. I need more time to check it out.

  2. @Walt,
    The reason the “community name” was not the same as the login was because we wanted it to be something that could be completely secret. Most people know what I use for my login but I can choose something entirely different for my “community name”.

    As far as links in the email, both would take the user to our site. It’s more a matter of trusting a link in an email. I too like links but I always make sure I know who sent it and where it’s taking me to.

    Thanks for the comments and I would love to hear what you think of the service as you try it out.

  3. GrrYumYum

    There is a similar service online that allows you to send a secure message to an email address, but their site is quite unreliable and they are most definitely not in my personal “ring of trust” :).

    The only difference is that they require a pass phrase to read the message after you clicked on the link in the email. How you get the pass phrase to the other person is limited by your imagination. Maybe try smoke signals :)

  4. @GrrYumYum,
    Thanks for the comment and keep an eyes peeled in the next few days for the ability to send Passpack messages to non-Passpack people as well.

    As far as the “pass phrase” to read the message, that’s not a bad idea but you hit the nail on the head — How do you get that “pass phrase” to the other person? I’ve seen in a couple of commercial products that the recipient simply has to enter the e-mail of the sender to open the message. This way it proves two things — 1) The message came from who you thought it did and 2) You are who you say you are since you know their email.

  5. @Walt
    1. In addition to what Jesse mentioned, there’s also the fact that you can change your User ID in Passpack whenever you wish (useful if you fear you may have been keylogged or shoulder surfed). However it’s necessary that your community name never change. So we keep them separate.

    Also, the User ID can be something like )ßjàé*, whereas the community name is limited to alphanumerics, dash, dot and underscore so as to be easily recognizable to the people on the receiving end.

    2. We don’t have ads :) My biggest concern is with training folks to click links or not. Sure, they are much more convenient, but also usually a no-no.

    3. Great! If you need a hand with anything, contact Dani or Luca at

    @GrrYumYum, @Jesse
    We’ve not decided yet, but there’s a good chance we’ll require a pass phrase as well. So get your smoke signals ready ;)

  6. GrrYumYum

    Shopping List:
    1) Firewood
    2) Fire blanket
    3) Smoke signalling for dummies book
    4) Fire extinguisher (for safety)

    All jokes aside, I think a “pass phrase” or the like is not a bad idea. For instance, even my granny can use SMS, and if it’s an online friend, you can IM them the pass phrase. Simply use a communication medium other than email.

  7. DoctorNick

    1. Community name is ok, as it’s certainly good and clear. But nickname is a commonplace alternative and probably conveys many of the right qualities.

    2. If your emails are cloned for phishing, you will likely suffer some loss of trust, particularly as you’d be less well known among recipients (so far!) than more common phishing targets like paypal, banks etc. For that reason, I’d suggest either not using links in email, or making a very honest statement of alternative; something like: ‘We don’t blame you for not clicking links in emails you didn’t personally request. Be safe. Type the following address in your web browser, and hit the /blah/ button to collect your message securely.’

  8. @GrrYumYum :)

    @DoctorNick That’s a nice idea, thanks. I love being wordy [self-jab]. I think you hit a key point with “emails you didn’t personally request.” We often reply to help requests with a link somewhere in the message – but folks expect that.

    What about this…
    Passpack generates a link for the sender, that can be copied and pasted into email or IM or whatever else? For example:

    So the email comes from the person you know, not Passpack. Thoughts?

  9. I think that’s a great idea Tara, instead of having an automated message sent, leave it up to the user to get the link to them. Then you’re not asking them to trust this person who says they’re Passpack, the person is trusting a personal email from someone they already know.

    I also agree that nickname seems more logical than community name. I definitely prefer it.

  10. DoctorNick

    @Tara, yes, that makes a lot of sense. I’m sometimes not entirely comfortable with the invite model, where you ‘enter your personal message’ and the site sends the email. I know it won’t look like it’s really come from me! I guess you can always use the mailto:…&body=… to make it simpler for compliant email clients to incorporate the generated link with a click.

  11. Meatballsub

    I understand what sense one can bring….but what about Cision??

  12. It really didn’t occur to me that “Community name” really means “Nickname”. I understood it as a name of a community you share passwords with. Because of that, my community name is actually my company’s name and I’m unable to change it now.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s