Comments on: Password Security & Packing Keys

By: Tara

Tara — Fri, 21 Aug 2009 12:24:43 +0000

Hi Sriram,
Your Packing Key is not stored on your computer. It is used by the browser for as long as you are logged into your Passpack account, then it disappears.

But you do want to keep your Packing Key safe. Whoever has your Packing Key (ideally only you) has the key to unlock your data.

By: Sriram

Sriram — Fri, 21 Aug 2009 08:51:33 +0000

Hello

A small question:

Since browser has the packing key,if your browser or
computer is hacked and packing key found, can all
passwords be stolen??

By: Passpack Security Just As Strong With OpenID « Passpack Blog

Passpack Security Just As Strong With OpenID « Passpack Blog — Tue, 05 Aug 2008 15:05:14 +0000

[...] Even if your OpenID account is ever somehow compromised, your Passpack account will never be at risk because of that. How can we ensure this? – Your Packing Key. [...]

By: How Passpack and OpenID can complement each other? « Passpack Blog

How Passpack and OpenID can complement each other? « Passpack Blog — Fri, 01 Aug 2008 12:47:21 +0000

[...] Here’s the rundown – so we know that Passpack securely stores your username, links, tags and of course password. And in order to access your info you need a Passpack User ID, a Pass and the ever so famous – Packing Key … You did know that right? If not, read this. [...]

By: Tara

Tara — Thu, 17 Jul 2008 18:01:44 +0000

@anonymous I think I just answered you here.

By: anonymous

anonymous — Wed, 16 Jul 2008 13:27:39 +0000

I am a bit puzzled as to why you need to bother your users to choose and remember a password? Could that not be, too, derived from the “packing key passphrase” as in, e.g. pass=Hash(userID, passphrase)? (just an example; many alternatives are possible here).

(of course calculated by code on the client side, just to be consistent with your “HPH” approach)

Weird…..

By: Host-Proof Hosting « Passpack Blog

Host-Proof Hosting « Passpack Blog — Tue, 08 Jul 2008 10:34:02 +0000

[...] particular, PassPack uses a two-step process that separates authentication and decryption: 1. The user enters User ID and Pass to log into his [...]

By: Rajiv

Rajiv — Wed, 11 Jun 2008 10:11:41 +0000

I want to ask that how can i confirm that my packing key is not leaving my browser and everything is being implemented on client side. If everything (all encryption and decryption) is done on client side then how it is safe. Hackers can hack the client side code if any intruder is working on my pc.

By: Bud

Bud — Sun, 23 Mar 2008 08:05:41 +0000

Wow I stumbled across this service while looking for a way to save passwords at work. As bookkeeper I won’t be able to use this service for work but decided to give a shot at home. I’m feeling pretty dumb since I have spent the last couple hours reading help files and tutorial videos just to understand some basics. In the past, to access my 150+ passwords remotely, I would keep a password encryption program in Briefcase and download it where I needed it. That didn’t work at cybercafés and libraries. This service would work anywhere and seems safer and maybe after more reading I might actually be able to use it without bringing a manual along. One would think after working as tech support for 7 years I’d get it quickly but I didn’t. It looks like it has some nifty possibilities. It’s after 1 AM and had no luck with Passpack Offline Version so I will save that for another day.

By: pp

pp — Thu, 13 Dec 2007 15:00:20 +0000

Tara, You say “These cookies expire as soon as the browser window is closed” in your Jan. 10th exchange with @joe.

Now that tabbed browsers are normal, does the cookie expiration linger after a tab is closed even if no other tabs remain connected to the same domain with an ongoing need for the same cookie?

Thanks,
PP