To make life easier on you folks who go to the Passpack homepage in order to get to the login screen, we’ve added a login form right there for you.
We’re also testing a new home page design, so don’t be surprised if it looks different.
Since Passpack is a service offered via the browser, we’ve always battled with the distinction between “website home page” and “application home page”. Which one should you get when you simply go to Passpack.com? Until now, that’s been the informational website.
But the scales have recently tipped, and the majority of folks now coming to Passpack already know about us (horray!). Our guess is that they want to head straight to the app to either log in or sign up, instead of leafing through the informational pages. So today’s redesign is a test in that direction. We may keep playing with it – or not – in the coming days. Let’s see how it goes.
New Setting for Multiple Concurrent Sessions
Also pushed out today is a new option under Settings > Alerts. If you frequently receive the Operation failed because another session exists alert, then this setting may be for you.
But here’s the caveat: if you turn this alert off, and you don’t know what you’re doing, you could ruin your data. Yes, I just said you could ruin your data:
Passpack is built so that only one person should access one account at any given time. Should more than one account be open, Passpack will alert you and require that you establish a new session. This is an important security measure. It assures that an old version of your account does not override newly saved password changes from elsewhere. Additionally, it protects against people using the same account and overriding each other’s changes unknowingly, which may also sometimes cause corrupt or damaged data.
Only use this setting if you are a power user who works simultaneously across multiple browsers and knows enough to log out and refresh your data if you have even the slightest doubt that it might be stale. Even then, don’t say you weren’t warned.
The Better Way to Share
If you need to share passwords with someone, please open a separate account for each person, then use the password sharing features we’ve built specifically for this purpose.
If there are just two of you, you can do this each with your own free account. For groups of 3 or more people, you’ll require that one account upgrades to paid (usually a company account) then everyone else can keep their free accounts as usual. Also check out the Getting Started Guide PDF for a quick walk through of sharing features and how to set them up.
19 Comments
Keep up the great work, guys!! Well done!
Passpack is amazingly useful! :)
Some users have reported that using Internet Explorer the login form is misaligned and it is difficult to enter User ID and Password. We are working to resolve the problem. Meanwhile, IE users will be redirect to the classical login form.
Thanks all.
@Lorenzo, thanks for your enthusiasm. We need it!
IE issue has been fixed.
Changing the home of the app, we introduced also a bug in the mobile version. It has been fixed.
I think you should engineer Passpack such that concurrent sessions are automatically kept in sync. Unless the same record is being concurrently edited by two or more persons this should not present a major problem. I also think this ought to be a basic feature, especially after the release of your mobile version.
@Frederik, it is more than what it seems at first glance.
We’re warning people about how their data can be damaged if two or more people access the same account and save the same entry before that the other can realign the data, because that’s a simple use case to understand.
Passpack is a Host-proof Hosting application and the server doesn’t know what you are saving. It just knows that you have the rights to save something. For this reason Passpack has been built on the basis that every user has his own account. And for this reason we have built a complex sharing solution that respects the Host-proof Hosting nature of Passpack.
So yes, if you change something on your mobile, that is not a big problem. You are pretty safe because the chances that you simultaneously save the same entry from your PC is minuscule. Instead, if five employees use the same company account, they can cause damage because they use Passpack in the wrong way and the probability of simultaneous changes skyrockets. Again, this is what sharing features were built for.
But the session control serves a deeper purpose for protecting against a typical attack tactic. It is to avoid that a call to the server can be repeated with success.
Here’s an example. Imagine that you send a call to your bank authorizing a payment. Since all the data is encrypted you are safe. But if a hacker intercepts your call, even if he can’t read it, he *can* attempt to replay it, say, after a week. If the bank’s system accepts the repeated call, your account could feasibly get depleted this way, or your data could be otherwise damaged.
That is a classical type of attack to a cryptographic system in order to simply damage the data. The single concurrent session is part of a system built to protect against this risk. The collateral effect is a boring security alert.
I rely on PassPack as much as any other application. My impression is that it is very smart and well maintained. PassPack understands security and is able to communicate that understanding to the user. Congratulations for being one of the few to build a truly excellent and valuable application.
@Dan, thank you so much :)
Just a little feedback, I think adding a login form to the front page is a great step forward, but I find the design of the front page to be a step back. The previous design was informative and professional, but this one seems somewhat thrown together…
Of course this doesn’t affect your amazing product, keep up the good work! =)
Ok, we reversed to the previous home.
Thanks for all feedbacks :)
Why did you revert the changes? :o
P.S.: I’m noticing issues logging in to Google (I tried on Chrome and Firefox…): auto-login with the button doesn’t work (only copy/paste!).
Availability has been flaky the last couple of days, maybe more as I wasn’t a user before that and couldn’t see it. The positive aspect is that one of your developers has seen my tweeting about it and corrected two out of three bugs so far. See: http://twitter.com/#search?q=%23passpack
The negative side to this is availability. PLEASE take extreme caution so that you do not introduce bugs when you update jQuery for example. High availability is essential to me if Passpack should be considered an option at all. You can solve this by not working on the live site and setup tests which makes certain the most basic things work. Like accessing the Auto-login tab (bug 1/3 I’ve reported) and adding a new password (bug 2/3). I am frankly shocked that you allowed them to slip out into production.
You have a nice product. Please fix the bugs (I’m reporting one more on Twitter in a couple of minutes) and proceed slowly. Users are actually depending on your application. I was about to buy even though I am fine with the free option just to support you guys. Now I’m going to wait a month and see if you solve your quality issues.
I was really happy to see your product. Such a smooth browser integration for example. To see these kind of issues arise saddens me. And I think you need to do something about them now.
I’m giving you a couple of more chances. It would be sad to have to part ways. You have a security and the user interface just right. Except for the bugs.
Hi Kent, thanks for you passionate feedback.
Passpack exists from 4 years but our revenues are still very low. So, we are not able to grow the company. At contrary, recently, I have remained alone to develope (part-time) new features, answer to customer requests, manage the ecommerce system, etcetera.
I try to do my best to offer a good service but sometimes something goes wrong because it is impossible to cover a complex system like Passpack with exaustive tests.
Our old users can confirm that Passpack rarely had serious bugs. This time, I admit that I was superficial because I was relatively sure that the new jQuery was substantial identical to the previous release. During these years, we have never had problems with jQuery, but, I know, there is always a first time, and this was that time.
Now, I perfectly understand your need of a totally reliable system, and so I can understand if you will move to another service. There are other great password managers, like LastPass or, if you prefer open source, Clipperz. Personally, I hate systems too invasive like LastPass, but a lot of people likes exactly this aspect. In any case, it is always your choice.
I will be happy if you want to continue to use Passpack but, if not, I will be happy the same. Life is fun for a lot of reasons and every experience is useful :)
I’m sharing with a workgroup. One account to hold all the passwords and all users share passwords with that.
My problem is if someone leaves. Sure I cancel sharing to their account, but they could still use another workgroup members account. My problem is that I can’t control the packign keys of individual accounts.
Is there a plan to have client accounts controlled by a central administrator?
Thank you for answering, both here and on Twitter Francesco!
First of all, my complaints are due to the fact that I think you really have an awesome product in its core. If I thought it would have been so-so I would simply have moved on.
It became sort of an anti-climax to find your great product and then stumbling over bugs that hinder me from using it.
I’ve previously used KeePassX with the database stored at Dropbox. It worked pretty well, I had access to my passwords in Windows, GNU/Linux and on my Android phone using KeePassDroid.
I like Passpack because it’s easily accessible. Available on more or less all computers that have a web browser.
When offering to store someones passwords. A great responsibility is laid onto you. But at the same time, what can free customers really demand? It seems like a match not exactly made in heaven.
Your reply was very informative and honest. It convinced me to step away. KeePassX here I come. I’ll keep an eye on the product and hope it takes off. If it does I’ll be back as a paying customer. I think you have a very special product, but I can’t trust it at the moment.
Best regards and good luck, Kent
@beedster, the best practice is that when someone leaves your workgroup, you stop the sharing and, absolutely important, you change the involved passwords. All the other workgroup’s users will receive the modification in a transparent way and you are sure that the former coworker can not access to the specific service anymore.
What do you intend with “they could still use another workgroup members account”?
@Kent, thanks :)
@Kent, I was reviewing my previous comment and I must do a precisation to avoid that people could misunderstand what I wanted to say.
I understand your concerns, but it is important that you know that the minus bug that you found was an exception. Passpack is a very stable system. The fact that we have a very high level of renewing of the service (almost the 100% for Group and Team plans) is a clear demonstration of this.