Updated on February 6, 2008.
Comparison table and features descriptions of two online password managers. Updated with the release of Passpack’s Beta5.
Like Passpack, Clipperz is an online password manager and personal vault. The crypto foundations, and general architecture of the two applications are fundamentally the same: A blend of industry standard algorithms, including AES-256, in a Host-Proof Hosting pattern. This combination ensures that the users data can’t be read on the server.
.
The primary difference in the two architectures is that Passpack uses a double access technique. Beyond just User ID and Pass, we’ve added an additional Packing Key. This structure allows us a great deal of flexibility in handling our algorithms, and without which our anti-phishing pattern would not be possible, nor our “remember me” feature, nor many more to come.
Anti-phishing
Clipperz has no anti-phishing measures in place.
Passpack has defined an Anti-phishing technique that combines a custom Welcome Message, IP recognition and hand-eye training.
“Remember me” (with anti-phishing)
Clipperz encrypts with your password, thus can’t “skip” that step.
Passpack encrypts with the Packing Key, so you can skip User & Pass if you’d like.
Account Rollbacks
This is an important distinguishing feature. Passpack maintains a backup copy of your most recently saved pack – encrypted of course! Should you change (and promptly forget) your Pass or Packing Key, then we can restore your most recent backup and let you access it with your previous Pass or Packing Key – you need to remember at least that. It’s a real life saver!
Clipperz doesn’t perform Rollbacks.
Passpack can perform Rollbacks under certain conditions, read more here.
Checksums
As mentioned, we’re a bit skeptical on how useful a checksum could be in an internet context. Here’s why: I must go to Clipperz’s home page to see the values that my checksum should be producing. However, if I am in a phished version of Clipperz, it’s a moot point because the phisherman can falsify those values as well so that they match his spoofed version.
In theory, the user could circumvent this problem by saving a copy of the checksums from the homepage, then comparing the application to this local copy every time he connects. This would only work, however, if the Clipperz application has not changed in the meantime.
I just don’t think anyone would really do that – always, every single time, many times a day.
Clipperz uses checksums.
Passpack debates the usefulness of checksums, nonetheless has implemented them for the offline version only.
On-screen Security Features
Caution needs to be taken to hide sensitive information from passer-bys particularly in an Internet Point or open space office. This may include simple measures like scrambling the password field and locking the application manually, or automatically when left unattended. Also a password generator is a useful tool to break the password reuse cycle, as well as a pass strength tester to check the quality of your passwords.
Clipperz has most of these features, except auto-locking (manual locking only) and your password list is visible even when it’s “locked”.
Passpack has all of these features, all data is completly removed from the screen and memory when locked (either manually, or automatically).
Disposable Login (also known as OTP)
A Disposable Login is a set of Pass and Packing Key that can only be used once, then never work again. This is useful when you must connect to your Account from a public computer. Even if the Disposable Login is recorded and saved by malware, it will be useless and your real Pass and Packing Key will remain completely secret.
Clipperz has recently added Disposable Logins.
Passpack supports Disposable Logins.
Data Portability
Another differentiating point is data portability. Clipperz’s previous lack of an export feature potentially lead to a vendor lock-in, they’ve now added import and export. (Good job guys!)
Clipperz supports import, export and Printing.
Passpack allows you to freely Import, Export, Print, Backup and Restore your data.
Working Offline
Passpack can be used in Offline Mode as well as with an Offline Version. For example of what offline mode is: suppose I connect to Passpack on my laptop. Once I’ve logged in, I can disconnect from the internet, put the laptop in standby and leave for the day. As long as I keep Passpack open in a browser tab (or window) I can continue to use Passpack – no internet connection needed. When I get back online, I can press the Save All button and all my changes will be saved.
Clipperz must have an active internet connection in order to work. However, they offer a fully functioning downloadable version for offline use – this is in read only and you can’t make any changes.
Passpack has also released an Offline Version. It runs on Google Gears, is fully functioning (ie. not read only) and is a Google Code Featured Project. Synchronization with online accounts is planned.
Clipperz has a downloadable Offline Version, you can’t make changes.
Passpack has a downloadable Offline Version, changes are fine, and will also work in Offline Mode.
Custom Fields
Passpack opts for speed, Clipperz for advanced templates. Clipperz allows you to create your own “card templates” which may include any number of custom fields. Once open, you can fiddle with many different fields, options and buttons. Passpack uses a simplified approach with no extra clicks – just open, fill it out, and save. There have been a lot of requests forcustom fileds for Passpack — it’s being considered, but no final decision is in yet.
Clipperz requires two clicks and some choices before entering any data, higher customization.
Passpack uses a one-click Entry window, for speed and a lower learning curve, lower customization.
Navigation
What happens when you have 50+ entries and need to find something quickly? Personally, I have over 200 entries in my Passpack account, so I find that the feature I use most is the Quick Search. I just type in a few letters and the list filters my entries in real time. I don’t think I could manage without it.
Clipperz lists all entries on a long, scrolling page.
Passpack has three powerful navigation tools: Alphabetical Paging, Quick Search and Tagging. You can also set the number of rows in your list.
Auto-login
Both systems offer auto-login. Clipperz’s “Direct Login” posts forms to websites. They use a bookmarklet to help you capture the information needed to configure a new Direct Login. The configuration process requires some copy and pasting and must be done singularly for each and every “card” in your account. A description can be found here.
Passpack offers a single tool (a bookmarklet) for both auto-login and configuration. The tool can be used in either standard or 1 Click mode. Teaching Passpack a new auto-login is a very simple process: just point-and-click. A common library of “learned” sites is populated by the users themselves, and is available to all – saving users lots of time. Passpack’s technique supports a wide variety of login forms, which Clipperz’s approach simply can’t cover.
Clipperz’s auto-login is one click from the sidebar, one at a time configuration required.
Passpack’s auto-login is 1 Click while you surf, configuration is fast and often not even necesary.
Summing up
Really, the choice is yours. The two systems offer much of the same base level security. We can say that both services offer these same benefits:
- Free with Open Source Libraries.
- Access anytime from any computer.
- No software to download and nothing to install.
- Avoid keeping secrets on your PC or on paper.
In addition, and I personally feel this is important, Passpack offers Anti-phishing.
The primary difference lies in ease-of-use and target audience. Passpack employs a click-and-go philosophy and can be used by the average person, while Clipperz targets the more advanced user, requiring a larger learning curve to get up and running: no import function, building cards with custom fields and manually pasting in the auto-logins. However, I’ve heard of some people that prefer Clipperz’s approach – so who am I to really judge?
My suggestion would be to try both for a while and see which feels better to you. Afterall, accounts are free and easily deleted.
In the end, the only truly important thing is that you choose – and use – a password manager.
Of course, I’m thrilled if you choose Passpack, but even if you don’t, Clipperz is a well built application and a valid alternative.
A Note
I did my best to be objective and accurate in this post. As always, corrections and suggestions are welcome. You can write me directly or post a comment below.
Technorati Tags: Passpack, password manager, passwords, security, lifehack, clipperz
41 Comments
Cool. That’s what I partially did. ;) Do you know other competitors like you and PasswordSafe ? I would like to do a benchmark. Thx.
Hello Loopoin,
Yes, thanks for your article. It was great. :)
Right now, the only two services that I know which are active are Passpack and Clipperz. Then there is Passlet, which actually beat us to market by a week or so, but unfortunately they haven’t evolved since then. Other services are Agatra (a pioneer service) and KeepYouSafe (personal vault). I suggest you run a search on google and see what you come up with.
Let me know if you find anything interesting.
Cheers,
Tara
Hi Tara,
A very nice comparision between two similar services. As you have put it, the moot point that will differentiate Passpack from others is how much the user is able to relate to it and find its usefulness for their needs.
The most important feature for me would be to be able to sync my online and offline data. Can work around it using the export and import functionality, but a much more transparent and seamless way to achive this would be a killer. Maybe a plugin in KeePass for Passpack? ;)
Thanks for making it easy for many like me. Great work and all the best.
Thanks,
osafw
@osafw
Thanks. We’re looking into an offline solution – in the meantime, I’m glad to see your creativity and coming up with your personal solution using export and import.
A plugin for KeePas… hmm… ;)
Cheers,
Tara
I don’t know that I’ve ever seen such an unbiased article from a “competitor”. I very impressed with your objectivity (and depth) in comparing your product to Clipprz.
I signed up to Clipprz two weeks ago, but I will definitely take your product for a spin.
Thanks!
Jase of New Orleans
@Jase of New Orleans,
Thank you! Please let me know what you think about Passpack,and if you have any suggestions for making it better.
Cheers to you,
Tara
Tara, thanks for the input on my blog. I am giving Passpack a trial run and will post my findings on my blog. So far I like what I see!
@Ryan,
Fabulous! I can’t wait to read your findings. Let me know if you need any additional info from me.
Cheers,
Tara
I’ve been using http://www.just1key.com with no problems for over 2 years now.
However today the service appears to be down….
…so I started looking for an alternative. This is a real pain as all my password etc are stored on Just1Key. I’ve looked at both Clipperz and Passpack and I’ve gone with Passpack. It seems really good and quick. Though I would like the clipboard to auto delete after pasting passwords etc… Can this be done?
Regards
Simon
@Simon
Thanks! I’m glad you chose us. Right now, Passpack doesn’t do any work on the clipboard, but we have had some requests in this direction, so it is on our radar and we’re looking for a cross platform, cross browser solution.
One thing which will minimize (to some extent) the use of the clipboard will be the upcoming auto login feature:
http://blog.passpack.com/2007/03/22/passpack-auto-login-no-plugin-needed/
Since the auto login doesn’t use the clipboard, there will be no need to empty it. This clearly only applies to those times when the auto-login is applicable. But it’s a good start.
Cheers,
Tara
Would it be possible to introduce an onscreen keyboard for entering username, password and code etc?
@Simon
It’s a possibility. I’ll put it on our requested featured list. Thanks,
Tara
Hello,
I found your side yesterday and enjoy it very much.
I use KeePass for some time and think the idea of a KeePass PlugIn is very interresting and hope you go on this way.
The only thing I miss is the possibility to upload License Key files like it is used by Totalcommander or Directory Opus etc.
Cheers
Thorsten
Hi Thorsten,
I’ll “add 1″ to the Keepass plugin in our requested features list. File upload is also an interesting idea. :)
Cheers,
Tara
i use clipperz because of the multi field direct login feature (i.e. where a site needs DOB or Mothers Maiden name)
I believe you dont support this but correct me if I am wrong..
Hi Damon,
Nope, you’re not wrong. Techincally it’s possible, but we’ve opted not to use custom fields for now. :)
Cheers,
Tara
I still vote for custom fields in Passpack ;-)
Hi Dennis,
Great! I love to see folks vote. It helps us prioritize.
+1 for custom fields in the feature requests lists.
Cheers,
Tara
Tara, just wanted to let you know I am loving the 1-click login feature. An enhancement I would like to see:
- Option to set the number of entries in a page (default at 10). Quick search is very helpful but when I am looking up by tags, this can help with page navigation when I use the same tag for a large number and I can’t remember the name.
Thanks for such a great product!
K-IntheHouse,
Great, I’m glad you’re pleased!
Here’s how to set the number of rows.
Let me know if that’s not the info you were looking for. Cheers.
Thanks Tara. That works awesome.. any chance it could be set higher than 20?
I am writing a Passpack review as we speak and I was wondering if I could use the above comparison table with your permission? Cheers.
K-IntheHouse,
We set the limit at 20 to avoid stressing the browser. Rendering that table can be rough with more entries.
You can download/copy/screenshot and use whatever you’d like from the site or blog.
Cheers,
Tara
+1 more vote for custom fields please :)
Otherwise loving Passpack! I am in a move to transfer all my ‘applicable’ native applications to Web based versions, since I use multiple operating systems. The last real challenge is the saving of Product Keys. I have been using keyfiler.com, but their site is often down of late. Custom fields (kinda like Clipperz’) will be perfect for this.
…and I forgot to add a +1 for file uploads to items too :)
Hi Brian,
Ok, you’re votes have been recorded. :) Thanks.
On the Keys, you can use the notes field for now. But yes, I understand that that’s not ideal for you.
Looks like Keyfiler has a CVS export option, so you might also want to read this post:
CSV Import Help for Passpack
Cheers,
Tara
I’m considering the options of using either Clipperz or Passpack, and must say that it is a tough choice. I must say that the offline version of Clipperz does seem to have some sort of an edge over Passpack’s offline mode, since this stored version can be readable even if you close the browser session, even if you store it on a USB and transport it to another computer with no internet access. True, it does not have write capabilities, but it can be accessed completely offline (although you would have to remember to save this offline copy frequently).
I do like better the overall interface and organization capabilities of Passpack.
Oh, and the KeePass plugin suggested by osafw would make it an even better solution for seamless online/offline access. Strangely enough, in these days there are still times when one simply can’t get online at all.
Hi Irian,
Thanks for the feedback. I like osafw’s idea as well. He’s also got a good system it seems to work around the issue in the meantime.
But yes, it’s high on our to-do list (which is good, because that’s a looooong list).
I have tested both Passpack and Clipperz and have chosen Passpack. The 2 layers of security and the speed were big factors for me. I do like the ability to create your own fields in Clipperz but don’t like how the varied templates look and the slower response. I would like to suggest instead of the ability to create your own fields maybe just add a few more consistent fields.
Licensed To:
Key:
Account Number:
Route Number:
PIN Number:
I would strongly recommend to introduce an onscreen keyboard for entering username, password and code etc, coz i have to used the net on many unsecured systems, So this will solve the problem of key-loggers.
Tara, There are always some bad people and naughty net cafe’s, who installs key-loggers to steal the keyboard entries and steal the accounts of other persons. So add +++ on the online keyboard feature. :)
Thank you for this great product.
@sajidalimudassar
I addressed keyloggers here for you
I agree, it’s an important problem.
Tara
I also think the onscreen keyboard is a very valuable feature. If possible, please promote it higher up on your list! ;)
@Basheer
Unfortunately, the on-screen keyboard isn’t all that effective for thwarting keyloggers. Many can easily grab your password even with this work-around.
Have you tried Passpack’s Disposable Logins?
When Clipperz and Passpack were both making headlines last year, in review sites and forums, Passpack was actively monitoring Clipperz’s claims on their offerings and commenting on them. I remember a post commenting on Clipperz that I read in a forum, I think it was Tara or one of the other ladies at Passpack that said something about Clipperz’s offerings (can’t remember if it was negative or just an opinion), it’s architecture, and that as a rival in the same business-type, Passpack knew all about Clipperz’s technology, probably knew it even better than Clipperz did themselves etc etc.
It’s all very well that you’re actively monitoring the marketplace for your rivals etc, and having a comparison page such as this, but Clipperz seems to be solely maintained by 2 people as an AGPL offering, looking for investors etc etc, whereas Passpack has gone far beyond that. I have reviewed both services, and like any thing in the world, both has its cons and pros. I do like Passpack’s layout,design and offering in general, but Clipperz in this case appeals to me more in the sense that the people behind the project are humble, they aren’t going all out against their rivals, and hence gives a warmer and friendlier impression to a cautious user, not the MS/Google take on the world approach.
Don’t get me wrong, I’m not drawing comparisons of Passpack to the former, my point is, competition is healthy in any environment, and in this case, the user can only benefit from healthy competition between different offerings, instead of just one leading company in this field. Clipperz’s blogs are mentioning that the 2 leaders in the projects are losing resources to maintain the project in the same momentum, and I would hate to see them go down, while passpack maintains its growing positiong. Clipperz do not appear to have the same resources(marketing or otherwise) as passpack, so my final point is, cut them some slack.
@Ryan gun
Thanks for the feedback. I’m not going to reply back on all points, simply sit back and take your thoughts into consideration.
I do just want to clarify that this post was written and last updated back when Passpack was also a two-person show (Francesco and I), so the comment you mentioned was likely mine.
When we published this post, we actually sent it to Marco at Clipperz for pre-approval to make sure we weren’t making any false claims. He gave us the go-ahead. Marco, Guilio Cesare, Francesco and I have met up on various occasions and think we all agree that the Clipperz/Passpack dichotomy was good for all around. I’d much prefer to be in a growing market, than one where companies are dropping out. It’s not a good sign … luckily some new competitors are popping up.
Both Passpack and Clipperz are Italian companies – so the competition wasn’t just for users, but for (limited) Italian investment dollars as well. We’ve always teased each other that once one was funded, the other would have likely followed shortly thereafter.
That didn’t happen though. No one knows exactly why, but it didn’t. Since then we’ve stopped competing directly with Clipperz (exception made for the theoretical debate around Zero-knowledge Web Applications…).
Marco’s last post was simply painful to read. It hurts to see a friendly competitor drop out of the race. I hope they make a comeback. Clipperz is a much more worthy product than some of the newer ones that have recently come out.
Sorry for rambling. It’s a rainy Sunday and your perception of a impersonal-take-over-the-world Passpack means one of my bigger fears is coming true: we’re not expressing ourselves correctly.
I’ve got some thinking to do.
Hi Tara,
I didn’t mean for my post to be an attack of any sort, if it did come across as that. It’s probably a different tone from the rest, that’s why. I was writing with what limited knowledge I have behind the scenes – I wasn’t aware that passpack and clipperz were both Italian companies and the implications that followed.
Firstly, I mean it when I say I wasn’t drawing comparisons to firms that do the impersonal-take-on approach when they grow far too big for their own good. Honest, I simply used that as a strong indication of the end of the scale. I think Passpack has a great offering, more importantly I think it’s fantastic that you do all you can to respond to all feedback from users (cue your last post which was quick!).
It’s a shame that Clipperz hasn’t been able to maintain it’s momentum, and I am not implying in any way that it’s got anything to do with passpack’s position. In fact, way I see it, there’s only 2 main players in this particular area that have been able to make a statement about themselves – clipperz and passpack. This says two things – that both teams have been able to make it this far with their own following, which is great, and that perhaps this market could do with a bit more healthy competition from others. Fingers crossed , as you were saying new ones seem to be popping up =)
You both have a great product going on, and the way I see it, both have different approaches to their offerings, which I think is great – more options for the user.
Once again, please don’t take my last post the wrong way.
Thanks for the effort you guys put in to Passpack and for taking in our feedback !!
@Ryan Gunn
Thanks for the quick reply, and I appreciate your remarks. No worries, I didn’t feel attacked – your tone was fine.
My concern about Passpack’s image is more generalized, your comment just triggered a concern I already have. We’re growing. And as that happens, we’ll have to keep battling the impression that we’re becoming “one of them”.
I really do appreciate that you came onto the blog to let me know about it too. As we grow, I get busier and busier. It’s hard to keep up with what’s going on outside of the blog, my twitter, etc. So thanks for bringing your concerns here. It helps.
Cheers to you.
I wouldn’t say it’s easy to stay in the loop with the user’s end when one is busy growing the business and I think we have nothing to worry about – unless Passpack starts churning out a full-fledged selfbranded web browser? haha..
Unfortunately clipperz is attracting the biggest slice of the growing interest population because of its set up once, use forever approach. Cool graphics can’t beat true single click sign in to anything, which is precisely what the password manager crowd (including myself) is looking for. Usability comes first, I’m considering developing the clipperz platform to my own cool looks and couple of extra features and using that as a “none of the above” option. Why write this.. you guys are putting in some genuine development effort and I wanted you to know it’s much appreciated.
8PxqlE hi! nice site!
,[...] blog.passpack.com is one another must read source of tips on this topic,[...]
7 Trackbacks
« [...] after I wrote my post about Clipperz, I got a comment from Tara about Passpack. She has written a ... »
« [...] Passpack and Clipperz: The Difference? Date: Jul 1st, 2007 · Comments RSS · Tags: Software · Internet · ... »
« [...] Passpack and Clipperz: The Difference? Uncategorized Read More ... »
« [...] inizialmente avevo pensato di scrivere una comparazione tra Passpack e Clipperz poi incominciando a scrivere mi sono reso conto ... »
« [...] information. While you can check out Passpack’s “unbiased” comparison chart and blog entry to compare the two services, I’m ... »
« [...] any case, PassPack and Clipperz have each posted a list of the pros and cons with their respective services. ... »
« [...] Contenu partial, mais intéressant tout de même [...] »