Comments on: Good Morning: Time to Change Your Button http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/ Passpack keeps your logins safe, organized and available 24/7. You can share passwords with your team in 100% privacy. Fri, 10 May 2013 18:12:33 +0000 hourly 1 http://wordpress.org/?v=3.4 By: Tara http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-497 Tara Tue, 24 Jun 2008 13:42:23 +0000 http://passpack.wordpress.com/?p=491#comment-497 @tom Yes, I will attempt to make pre-notification in the future. :) @tom
Yes, I will attempt to make pre-notification in the future. :)

]]> By: tom http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-505 tom Fri, 20 Jun 2008 09:02:29 +0000 http://passpack.wordpress.com/?p=491#comment-505 RE: http://passpack.wordpress.com/2008/06/16/good-morning-time-to-change-your-button/#comment-9278 that is a pretty good description, and it sounds like a good update. some advance warning would have been helpful in case of compatibility problems, but if any security improvements can be made it is generally nice to have them implemented quick as possible so... =P RE: http://passpack.wordpress.com/2008/06/16/good-morning-time-to-change-your-button/#comment-9278
that is a pretty good description, and it sounds like a good update. some advance warning would have been helpful in case of compatibility problems, but if any security improvements can be made it is generally nice to have them implemented quick as possible so… =P

]]> By: Tara http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-504 Tara Wed, 18 Jun 2008 15:07:37 +0000 http://passpack.wordpress.com/?p=491#comment-504 @ibc I can understand that. Yes, it's standard legalese, but actually we will allow financial data with the paid packages once they are ready. @ibc
I can understand that. Yes, it’s standard legalese, but actually we will allow financial data with the paid packages once they are ready.

]]> By: ibc http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-503 ibc Wed, 18 Jun 2008 14:20:54 +0000 http://passpack.wordpress.com/?p=491#comment-503 This is the part of Passpack that frightens me (from the "Terms and Conditions" page): <i>Furthermore it is forbidden to store critical data such as, but not limited to, financial data or access data to financial institutions, or any data which, if lost, stolen or destroyed, could result in personal or public catastrophe.</i> I realize this is just legal boilerplate, but it's quite sobering anyway. Looking forward to the day that there's a solution that doesn't need the above caveat. This is the part of Passpack that frightens me (from the “Terms and Conditions” page):

Furthermore it is forbidden to store critical data such as, but not limited to, financial data or access data to financial institutions, or any data which, if lost, stolen or destroyed, could result in personal or public catastrophe.

I realize this is just legal boilerplate, but it’s quite sobering anyway. Looking forward to the day that there’s a solution that doesn’t need the above caveat.

]]> By: Tara http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-502 Tara Mon, 16 Jun 2008 21:02:51 +0000 http://passpack.wordpress.com/?p=491#comment-502 @Saniul He added an encrypted authentication token associated with the domain that lets the button authenticate itself to the server so that the server knows that it's OK to reply with the encrypted login data. If the token is incorrect or missing, the server will ignore the login request. Just want to underline: The "login data" that the server replies with is now, has always been, and always will be, encrypted with a AES-256. So even if a fraudulent attempt were made (prior to last night's change) the fraudster would have still found himself with an encrypted jumble that he would have had to brute force attack (which is considered "uncrackable"). But that bothered Francesco, so he put up this additional barrier so that a fraudster wouldn't even get his hands on the encrypted data to begin with. Also, the attack that the fraudster would have to put together would have been fairly complex and aimed at a single person. I hope that makes sense :) I'll see if we can't get a detailed description of the process written for you. @Saniul
He added an encrypted authentication token associated with the domain that lets the button authenticate itself to the server so that the server knows that it’s OK to reply with the encrypted login data. If the token is incorrect or missing, the server will ignore the login request.

Just want to underline:

The “login data” that the server replies with is now, has always been, and always will be, encrypted with a AES-256. So even if a fraudulent attempt were made (prior to last night’s change) the fraudster would have still found himself with an encrypted jumble that he would have had to brute force attack (which is considered “uncrackable”). But that bothered Francesco, so he put up this additional barrier so that a fraudster wouldn’t even get his hands on the encrypted data to begin with.

Also, the attack that the fraudster would have to put together would have been fairly complex and aimed at a single person.

I hope that makes sense :) I’ll see if we can’t get a detailed description of the process written for you.

]]> By: Jared http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-501 Jared Mon, 16 Jun 2008 20:34:27 +0000 http://passpack.wordpress.com/?p=491#comment-501 I am having the same problem, although I have only tried it on a couple of sites. Facebook worked with the button perfectly before but now its not working since the update. (Safari 3.1.1, OSX 10.5.3) I am having the same problem, although I have only tried it on a couple of sites. Facebook worked with the button perfectly before but now its not working since the update. (Safari 3.1.1, OSX 10.5.3)

]]> By: Tara http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-500 Tara Mon, 16 Jun 2008 15:25:27 +0000 http://passpack.wordpress.com/?p=491#comment-500 @Sanuil I'm writing a reply for you... just a moment. @Clemens Sending you an email. @Sanuil
I’m writing a reply for you… just a moment.

@Clemens
Sending you an email.

]]> By: Clemens http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-499 Clemens Mon, 16 Jun 2008 15:09:26 +0000 http://passpack.wordpress.com/?p=491#comment-499 The new button doesn't work for me. (Firefox 2.0.0.14 Vista SP 0 and XP SP3) The new button doesn’t work for me. (Firefox 2.0.0.14 Vista SP 0 and XP SP3)

]]> By: Saniul http://blog.passpack.com/2008/06/good-morning-time-to-change-your-button/comment-page-1/#comment-498 Saniul Mon, 16 Jun 2008 13:54:34 +0000 http://passpack.wordpress.com/?p=491#comment-498 What did he change? :) What did he change? :)

]]>