Co-founder of Clipperz, Marco Barulli, recently contacted Read/WriteWeb to let us know about their recently launched online password manager – available in both english and Japanese. In this age of social networks, the Web Office and Best of Breed web apps, it can get tricky to keep track of all your usernames and passwords. I tend to rely on Firefox to store these, but even then I find myself cursing at the computer more often than I should, due to a forgotten username/password that got cleared out of the cache (or I’m testing out a new browser, etc). This is where services like Clipperz, and its direct competitor PassPack, come in.
But is managing your passwords enough of a ‘value add’ service, given that browsers do much of it already and OpenID is also solving some of those issues in the web 2.0 world? I wouldn’t think so, and perhaps this is why Clipperz markets itself as being able “to store and freely organize any kind of confidential textual information” – not only passwords, but also “confidential notes, burglar alarm codes, credit and debit card details, PINs, software keys, and so on.”
Clipperz also has an answer to the obvious question: can I trust you with my personal data? Clipperz says that user data is encrypted by the browser before being uploaded. In other words, Clipperz doesn’t hold your personal data in its original form. It is encrypted first, using a “passphrase” that is known only to the user.
PassPack is a similar service, styling itself as a “Online Privacy Manager”. With PassPack you can “organize and store passwords, private notes, links and much more to come”.
But there is still the over-riding question: why use another web app for password management when a) your browser handles this; and b) OpenID is increasingly being used for this function too? Allen Stern wrote about Clipperz a couple of months ago and an interesting back and forth ensued in the comments between representatives from Clipperz and PassPack, which addressed these issues. Tara Kelly from PassPack said in the comments that both Firefox and Internet Explorer have security holes in their password storage, hence you should use Clipperz or PassPack. Tara also said that OpenID and Password Managers solve two different problems:
“OpenID = authentication (no security implied)
Password Manager = secure storage (no authentication implied)”
These are good points, but probably not sufficient to convince me to use Clipperz or PassPack.
Zero-knowledge Web Apps to the rescue?
I don’t think I need a service like Clipperz or PassPack, although both seem very sophisticated apps. Perhaps their real use will be as an intermediary service that enables more private third party web apps. Indeed Marco has a term for this – “zero-knowledge” web apps, which he says is a new breed of web application. Basically zero-knowledge web apps are ones that don’t store your private data as plain text, but encrypt it before it reaches their server. And this is where Clipperz comes in, as it does the encryption part on the browser. It sounds complicated, but Marco says that “the “zero-knowledge” paradigm could be used for a wide range of applications: a personal finance manager, a confidential to-do list, patient records for physicians, etc”.
So while I don’t necessarily see a need for Clipperz and PassPack as another web service for me to sign up for, I can see such services being useful for other web apps. I was actually thinking of a use case for this today – online accounting services. Now I am definitely in need of an online accounting service, because I have had problems with my current desktop accounting software. But I am hesitant about uploading my financial data to someone else’s server. But what if I could be assured that my data is encrypted before it is uploaded? Well that might be the tipping point for people like me to ‘trust’ web apps with their personal and sensitive data.
What do you think about services like Clipperz and PassPack? Do you see a need for them, now and in the near future?