PasswordSafe.com – Is it safe to store passwords online?
The concept is not unique, but the marketing on the site certainly is. Passwordsafe.com offers to secure memos and passwords over a SSL encryption on your desktop or online. The problem is that the security of the service is questionable, and even the marketing team agrees. So if you want to store your ever growing list of passwords, what should you do?
“PasswordSafe.com has been your secure personal assistant username / password manager since 1998. All connections are encrypted, all data is stored encrypted and backed up every 4 hours,” the website states.
The statement is innocent, and something you would expect to see on a website of this nature, but the aspect of the site that stands out is the non-SSL login area on the main page. In fact trying https://www.passwordsafe.com on the browser forwards you to the non secured portal. Reading the source code for the form, you can see direction to https://www.passwordsafe.com/secure. Some testing with Wireshark confirmed that you are encrypted the moment you submit the form, no clear text was located in any of the capture tests.
Can you trust this site? “As we mentioned, pretty much every function is automated, no-one here ever sees your information as it's all taken care of by the programs and encrypted into the database. Again, we'll remind you, we do not recommend you store sensitive information at PasswordSafe. In house, we've used this service for many sites, banner programs, affiliate programs, free email services and much more,” the PasswordSafe FAQ reads.
Therefore, if you want to store non-essential passwords, can you use this service? Sure. However, you are left with a need to store essential passwords; this means two options of storage right? So how can you store both online?
Resources for
No comments:
Post a Comment