Category Archives: Did You Know?

Shared Host-Proof Hosting

In order to understand how shared host-proof hosting works, we need a quick overview of host-proof hosting – what it is and why it has gained such standing in online privacy matters.

The Need For Privacy Online

Whenever you send anything over the internet, your data is exposed. The sites you visit, emails you send, videos you watch all become part of the vast web. Your info travels across many networks until it finally reaches its destination but how safe is it really when via transit and when it reaches its recipient?

Rule of thumb – information that you send in a standard email is just like writing info on a postcard. It can be seen by anyone with the right tools and the wrong intentions.

The Need For Host-Proof Hosting

Some things can be written on a postcard:

  • appointment reminders
  • birthday wishes/friendly letters
  • casual documents

Some things can’t be written on a postcard:

  • confidential information
  • PIN numbers
  • passwords

This is where host-proof hosting comes in. Host-proof hosting is a security pattern which allows you to encrpyt your data before it even leaves your browser. Client-side encryption ensures 100% data privacy so sensitive info like your passwords, can have a safe trip across the web and remain just as safe on the server.

For more info on host-proof hosting, take a quick look at this post.

Sharing Privacy

It wouldn’t make much sense to have a web based on host-proof hosting or encryption, especially in a social web. Online identities are created by what we post to the net. There are certain things we want to share. There are certain things we want to keep private. And there are certain things that we want to share AND keep private.

Here’s where privacy and sharing become important

  • you and your colleague(s) need to access the same merchant accounts
  • you and your spouse both access online accounts for the ‘household’
  • you manage several different clients and you need to share certain web accounts

What do all of these scenarios have in common? Each one of them sees the need to share sensitive info in a secure way. How do you do that on the web without just sending a password or access code via email or skype?

Ideally you would find a way to send delicate info to one other person so that only you two can read it and no one else. How would that work?

Shared Host-Proof Hosting

Shared Host-Proof Hosting is the basis for Passpack Secure Messaging and Passpack Sending Password Entries where you can send passwords, password entries, notes and more in complete confidentiality. This means that only sender and recipient can read what is sent.

Shared Host-Proof Hosting is a security pattern based on Host-proof Hosting which uses both 1024 bit RSA public and private keys as well as AES 192bit encryption and it works more or less like this:

Jane wants to send Jack a message. First she needs to generate her set of RSA public and private keys and so does Jack. This may sound difficult but not to worry, it is all done automatically
just by pressing a button. Ah, the wonders of modern technology! She and he do this one time only and these keys are how sharing is made possible.

Then Jane needs to invite Jack to her Ring of Trust, a series of trusted contacts that Jane has chosen. Jane sends Jack the AES 192bit key they will use to exchange messages from that point on. She does this by using Jack’s RSA public key.

Once Jack receives this, he decrypts it using his RSA private key. Then both Jane and Jack have the same AES key to forever exchange messages. This means that all encryption is done on the client-side, as well as all decryption.

All of this generating, encrypting and decrypting happens ‘behind the scenes’ so don’t worry, neither Jane, Jack or you need a degree in cryptology in order to feel safe online : )

Say That Again?

In simple terms, if Jane wants to send something to Jack and doesn’t want anyone to read it in transit, or when it is on the server she sends the info encrypted.

Jack needs to decrypt the info Jane sends and vice versa in a way that only he can read it and no one else. So when they first decide to “be friends” and enter into each other’s Ring of Trust, they have personalized “keys” created which they will later use to decipher what the coded/encrypted/private message is they are receiving.

And from then on they are able to easily exchange sensitive info at liberty without worrying about who else can see it.

Now keep your friends close and your passwords closer. And start sharing the right info with the right people.

Advertisements

Pass Phrase & Packing Key Requirements

Many of you have told us that the Pass and Packing Key requirement is too rigid. Ok, you speak and we listen.
We’ve now changed the minimum quality rating requirement to a minimum character requirement instead. The Pass now has a minimum requirement of 6 characters. And the Packing Key now has a minimum requirement of 8 characters.

This does NOT mean that now you should slack in security or creativity. It just means that, if you like, you can now use the Pass or Packing Key:

‘cho-co-late instead of ‘chocolate ice cream is always better than vanilla’

This does not mean that we do not strongly recommend meeting the quality rating requirement for both your Pass and Packing Key. But if a high quality rating may be preventing you from using Passpack regularly and keeping your passwords safe, we prefer you secure your passwords.

If you want to change your Pass or Packing Key go to:

Settings > Account > Change Pass
Settings > Account > Change Packing Key

But remember – Long is Strong!

Security is always our top priority but we’ d like usability to be just as important.

It’s Identity Theft Awareness Day with guest blogger, Bart Mroz

We at Passpack are all about making sure that your identities and information are protected in any way we can. We provide you a secure password manager that is protected with host-proof host protection, secure messaging that encrypts your messages from sender to recipient and a Ring of Trust that allows you to send passwords that are in your account securely to your closest friends and acquaintances. That’s what we were also huge fans of Identity Theft Awareness Day 2008! To celebrate and educate you on how to protect your identity online, we’ve asked a friend of the community, Bart Mroz, who is a serial entrepreneur and IT consultant to write a guest post on protecting your small businesses with tools and lessons that are readily available to you.

Small businesses, more than ever, should be aware of security issues that they face. They do not usually have IT departments, let alone security experts, to go over what should be done or not done by the users to keep everything safe. I think that now is an important day to go over security issues that might affect your company. Here are few tips:

File Storage – Smaller companies are starting to issue laptops to users as their main machines so that employees can work anywhere. Storing company files on the laptop opens up smaller companies to a lot of security breaches. Laptops should be password protected, data should be encrypted, and backed up. Companies should also keep most of their files on a file server at the office with a VPN connection to the server. There are many ways of accomplishing this and a quick Google search can lead you on your way. The other way to store files is to have them stored in a secure hosting facility that will backup all the files for you just in case something happens to the data center or the original documents.

Passwords – This happens to all companies both big and small, a user either has easy passwords, passwords that are easy to guess like the name of their dog, or they write it down and put it in easy view (think War Games). We already know that users hate when the IT guy walks around and makes them change their password every 2 weeks but users need to do it even if that means that they will hate the geek that patrols their cubicle.

Starbucks (the office away from the office) – We know it’s fun to work in a remote locations especially one like Starbucks or any local coffee shop but as a small business you need to protect yourself in these locations. Make sure you use VPN when working on an open wireless connection and use one of the laptop locks that fits in to that slot on your machine (that’s the one that most people have no clue what its for). Going to the bathroom and doing the strange dance of “Do I take the laptop with me?” will make you look stranger than using one of the locks.

So these are few basic ways for small businesses to help protect their property and identity. In a world where you can work from anywhere as long as there is an internet connection it’s better to be very safe and take some precautions. So use remote file storage, keep your passwords safe, encrypt everything, and have that second cup of coffee as long as the machine is locked to the chair.

Bart Mroz has a very well rounded technology and business background. Currently a partner at round3media, a creative agency. Bart has been providing strategic technology and business consulting services through Bartek Management for the past few years and he is also one of the founders of IndyHall in Philadelphia, PA, USA. You can find most of his internet life at electronicsandbox.com.

3 Creative Ways To Use Passpack Desktop

If you’ve downloaded Passpack Desktop and like it, we’re glad to hear that. If you haven’t, here are a few tips and tricks on how to make your Passpack Desktop more than just a password manager.

1. Back Up And Read

Passpack has always let you make backup of your passwords. Just go to Tools > Backup Your Account, continue the process and you have an encrypted backup of your Passpack.com.

But what do you do with backups?

Most people have them set aside (as backups) in case they ever need to restore their Passpack Account. But there is one other option…

What if you don’t necessarily want to restore your account but just take a peak into the past at one or two old passwords?

Since you can create as many Passpack Desktop accounts as you like, go ahead and set up separate one, choosing another User ID and Packing Key — et voilà — you have just created yourself a backup reader.

2. Its Freedom Is Limitless

Let’s say you have 108 passwords in your online account (as opposed to the 100 password limit) – Passpack Desktop has more than enough space for those extra 8 passwords! Now you could just create another online account, but who wants to remember two Packing Keys? In Passpack Desktop, space is limitless.

Of course we wouldn’t mind if you went Premium once we introduce paid upgrades, but if you have under 100 passwords and aren’t looking for fancy features, Passpack Desktop may be the right fit for you.

3. Share And Share Alike

As personal as passwords are, some of them (sometimes) are shared. You may find yourself working with others on a project which requires the joint use of accounts. Your spouse/children/family and yourself very likely have web accounts in common in which you share the same password. It can be unavoidable but it doesn’t have to be unmanageable.

We realize that sharing is important and it is something we are working on but for now, here’s a neat trick that can help:

First, set up an account at Passpack.com and share it amongst yourselves. Add ONLY the necessary shared passwords/info.

Then, each person downloads a copy of Passpack Desktop and can sync all the online passwords/info to the desktop application itself.

So how is this different from just sharing the online account?

When you need to add or make chages to the shared online account, each Desktop can sync from web to client with just a click. Since Passpack Desktop is well…on your desktop, whatever else you add to your account is yours and yours alone.

So make some space on your desktop, because there’s a new software in town and it’s just waiting to be installed. Feel free to let us know of any other Passpack Desktop tips or tricks of your own.

Travelers – Check Your Browsers!

Travelers often find themselves using public computers and with public computers come security risks. The focus of such risks usually lies on one major concern: keyloggers.

Passpack offers Disposable Logins (aka One Time Passwords) as protection against keyloggers, which you create before traveling. And there are numerous other tips available (here are a few from Nomad4ever) to ward off potential keyloggers.

Are security risks on public computers limited only to possible keyloggers on your Operating System and/or peripheral hardware?  Can there be a hidden risk on your browser itself?

Sometimes danger can be disguised as a friendly tool directly in the browser.

Another Disguised Threat…

Some add-ons/extensions and plug-ins have the ability to turn from helpful into harmful. Add-ons and plug-ins have revolutionized computing today but like anything else if misused, you may find yourself with something more than keyloggers to worry about.

For example a few of the most popular plug-ins that give great leeway and optimization to browsers are Greasemonkey and IE7Pro.  Both allow users to write client-side script so keep in mind…

When you write the script and you put it on your own computer, there is no need to worry. But who’s to verify that they are not misused or created with the wrong intent, placed on a public computer and made to capture personal data? It’s something to be aware of.

How Do You Look Out For Add-on/Plug-in Misuse?

When you are using any public computer, your best bet is to check which add-ons/extensions or plug-ins have been installed.

Most won’t have that many add-ons or plug-Ins, if any at all since people don’t generally spend so much time at one given computer. If you do notice anything that may pose a possible threat, disable it immediately if possible.

If you need administrative access to do so, which is very likely, ask! And if you see more add-ons than necessary, you’re probably better off just changing computers.

Sometimes you can’t avoid working from a computer that is not your own. Unnecessary risks that places like internet cafes and library computers are avoidable. Don’t fall victim to an unpopularized risk – check your browser!