Posts Tagged ‘clipperz’

Password Storage Clipperz and Keepass

June 9, 2010

I have been using http://clipperz.com

for about a year now for password encryption/storage and am very pleased with it. I do have one caveat. I created a new account and immediately stored all the userid and password info into clipperz.com and logged out. The next day I logged into clipperz.com to retrieve that info and to my horror I discovered that this one particular record was CORRUPT. Fortunately, I was able to recreate the information but I suddenly realized that to be safe and secure, one should log out and then retrieve a new password just to make certain that it is readable. Also, one should BACK UP clipperz daily and keep a folder with all backups just in case one has to revert to some previous backup to retrieve something.

I was totally mistaken about one essential matter regarding clipperz. I realized that there was a way to EXPORT clipperz to a .JSON file (which is their format of export file. I assumed that I should regularly export JSON files in addition to the off-line backup files. I also incorrectly assumed that a JSON export was protected by my password. I discovered my error when one day I decided to create a NEW clipperz file and import the JSON. I WAS NOT prompted for any password and it was then that I realized that anyone who has access to a JSON export can easily IMPORT everything to their own clipperz account and thereby gain access to all passwords.

The CORRECT thing to do is to regularly create the OFF LINE copies of clipperz. In the event that you actually need a JSON file, you may create such an export from an off-line backup of clipperz. The off-line copies ALWAYS remain password protected.

Having made these observations about clipperz, I would now like to describe a different password program: KEEPASS .

The following link fully describes all the features of KEEPASS

http://keepass.info/features.html

NOTE: You can even install KeePass on your Blackberry cell phone by going to the browser on your Blackberry, entering this link http://keepass.info/download.html and clicking on the Blackberry install. You will have to use your desktop Blackberry media manager to copy your password database to a folder on your Blackberry device.

For me the biggest advantage of clipperz is that one may log into one’s account from ANY computer with Internet access (it is not necessary to have your usb-flash-thumb drive with you.)

I suppose one advangage of Keepass is that you may have any number of separate databases with different passwords and open them one at a time with the same Keepass installation.

KEEPASS requires that you have physical access to your password database either on a local hard drive or a usb drive.

I do wonder about security issues when using either Clipperz or Keepass on someone else’s computer. Suppose they have a keystroke logger installed? Would it not be possible for such a logger to report your password information? In the case of Keepass, even if someone knows your password they still must have access to your physical database file. But in the case of Clipperz if someone knows your user ID and your password then they have instant on-line access to all your information.
Perhaps the authors of Clipperz or Keepass will offer some advice with regard to the dangers of keystroke loggers.

By the way, both programs are open source and the source code may be examined by anyone (who is competent to read source code) and re-compiled to assure that there is no spyware at work in these programs. Keepass even advertises that someone is free to take the source code and substitute their own favorite encryption algorithm. Keepass also allows for the possibility of 3rd party plugin/add-ins.

SO WHY WOULD ANYONE WANT TO USE BOTH CLIPPERZ AND KEEPASS?

Well, IF you value your password info and want to be more certain to guard against the possibility of a corrupted record in clipperz, then you can record userid and password info in BOTH clipperz and KEEPASS.

Keepass may be downloaded to a thumb drive and simply unzipped into the folder of your choice (there is no installation involved.) You may then access your passwords from any Windows computer with a USB port.

I have an Ubuntu desktop in addition to a Windows Dell XP. I wanted to see if the thumb drive would also run under Ubuntu. IT IS NOT POSSIBLE to run the .exe under Ubuntu BUT it IS possible to launch your Ubuntu synaptic package manager, search on KEEPASS, and install Keepass on your Ubuntu deskto. Once installed on Ubuntu, Keepass IS able to open the password database created by Windows on the thumb drive.

My plan is to go through my several hundred Clipperz entries and store the more important ones to Keepass. I keep track of which ones I have ported by updating the Clipperz info description field with “KEEPASS.”

Advertisements

Creating and storing passwords

January 4, 2010

Here is my trick for creating long, strong, memorable passwords. Lets say you like history. You pick 1066 for the Battle of Hastings and you pick Caesar’s “veni vidi viki” (this would also work with the Gettysburg Address or Lords Prayer and
the prime numbers) now veni1vidi0viki66 and to make it even stronger veNi1viDi0viKi66, capitalizing each third letter. If you need to change passwords monthly, you can rotate through the Lord’s Prayer, taking three words at a time and merging with the year you were born.

Or, you can get a free account at clipperz.com
pick some sign-in name like cinderella or superwoman and a long strong memorable password (using technique described above). Now you can store hundreds of passwords, links, email addresses, notes. It is encrypted on your client side BEFORE it is sent to their server. Clipperz people dont know WHO you are or what you store. You can invoke its random password generator.
You can access it from anywhere on the Internet. You can also download a read-only version to a memory stick or hard drive for when you are off line. And there are 2 methods to back up and restore.

The Importance of Backing Up

November 23, 2009

This is not quite as eloquent as “The Importance of Being Ernest”
but it is far more important.

My total Ubuntu crash sobered me to the realization that I am not backing up everthing that I should be.

For one examble, my bookmarks on http://delicious.com/billbuell

If I click on settings there is an EXPORT feature. I download, right click on the download, choose OPEN CONTAINING FOLDER and then copy it to my USB flash drive, to a folder of MYBACKUPS to a folder called DELICIOUS to a folder dated with todays date 20091123.

And Oh, by the way, I am in Ubuntu, and they are so clever to have the time and date right on the desktop at the upper right (so unlike Windows, where I have to hover over the Date on the lower right taskbar, and half the time it does not show!)

And it never occured to me that my Ubuntu email server offers a backup and restore method.

After I finished backing up Evolution Email client (to a gz tar zip on my flash drive USB), I noticed some instability, and closed and then relaunched Evolution, but now it seems to be OK.