Anyone that puts an important file with an encrypted password on more than a dozen computers, with permissions of the file being world-readable, doesn’t really understand the ramifications involved.

Since then, I have been trying to “crack” the password through regular means.  Given their usage pattern, I’m fairly certain the password is 8 characters long, at least one capital letter, one number, and one special character.  Sadly, only that much information probably won’t be enough for me to crack it without throwing more compute power at it.  The tough part is that its a salted hash, so I can’t really use Rainbow Tables, and I’ve already tried dictionary attacks with Webster’s Dictionary.  So, I’ve resorted to brute-force automated guessing.  JTR seems pretty good at this, but even so it will probably take months to obtain the plaintext password.  It has been running for 11+ days so far.

The encrypted password in question is: {SSHA}KZhA0wzX4AThn9CkxBgYDmmy42pNY9ME

Salted SHA-1, of course.  If you know encryption algorithms, you already know what this is likely used for, but I won’t give that away.  I won’t tell you what its used for, or who it belongs to, or what you might do with it once you’ve cracked it, suffice to say the plaintext password in the wrong hands could cause some damage.

If you know of a quick way to crack such a password, other than what I’ve tried so far, drop me a line.

Recently, a Slashdot submission in this context was:

“Lately I’ve been rethinking my personal security practices. Should my laptop be stolen, having Firefox ‘fill in’ passwords automatically for me when I go to my bank’s site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password ‘vaults’ and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it’s tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don’t have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?”

The response is filled with witty replies and interesting views and suggestions as per usual.  Nothing really new usually surfaces when someone asks this on Slashdot, since it seems the capacity to have passwords for online banking, social networking, work computers, home computers, blogs and whatever else grows and evolves faster than the ability to keep track of them all efficiently (and securely).

A while back, I wrote about my solution to this problem after having tried to solve it different ways.  In that post, I detailed my evolution from a Java application on a USB keychain to a website called Clipperz.

Well, I have been using Clipperz for almost 2 years now.  It is immensely useful and efficient.  I have had ZERO problems.  Yes, none, nada. NO problems whatsoever.  How many things can you say that about?

Clipperz does seem to be growing in popularity, since the last time I remembered the question asked on Slashdot, hardly anyone recommended Clipperz.  This time, a few people mentioned Clipperz on Slashdot.  However, its been 2 years and Clipperz still has the “beta” status.  Granted, Google Mail was in beta for years until they became “production”, but still…

Not just oh-we’ll-find-a-way-to-fix-or-deal-with-it bad, we’re talking a downward spiral that slopes deeper the further we decline until we have reached “terminal velocity”.  The bottom is not yet in sight.

Why?  Well, I’ll tell ya why…  in a minute.  First, I’ll put things into perspective by shedding a bright historical light on the subject.  This is not to mean that the history of email is dark or bad — but the present state of email certainly is, compared to its early days.

Email (not E-mail, since words that are introduced into the English language are often comprised of multiple words that stand on their own, separated by hyphens, normally lose their hyphens as the new words gain wider acceptance) as we know it today, was originally created in the early 1970’s, purely as an experiment, though in a slightly different form.  To put this into proper context, we’ll go back just a bit further. Email (at this time E-mail, or “electronic mail”) only existed in self-contained systems.  People would log into one specific machine (a time-sharing device, which was basically a big expensive computer that a group of people shared at different times) to perform their work, and would occasionally leave messages for one another to read whenever the next person would log in again.  This concept of “self contained” email would eventually evolve into other implementations of the same use — such as Microsoft Mail, which was designed as a central system, namely in an office building, that people would use to talk to only other people in the same office.  I digress…  but, even in its first use case, Email (and E-mail) was used as a convenience.  Some would say, a luxury tool — to save people from leaving yellow sticky notes somewhere, or picking up a phone to talk to someone that may not have time to talk to you.  In tech-geek-speak, email is asynchronous communication:  I can talk to you as much as I like, and you can reply back to me, but it is pure coincidence if we happen to talk to each other at the same time  (there is a variable delay between one person talking and the other person replying).

From being an easy way to leave messages for other people sharing the computer, it turned into a way of leaving messages for people using other computers — no longer “self contained” email, but networked email.  At this point, email diverged into two uses:  local “self contained” messaging on one computer, and “networked” messaging.  The two remained distinct for quite a while, as there were people sharing central computers that had very little need to communicate with people sharing other computers, yet there were people that had a valid need for such distant communication even if “distant” meant “the computer right next to mine in the same room”.  Still, it was viewed as leaving an electronic sticky note on the screen for whenever that person logged in again.  As such with StickyNotes, eventually the glue on the paper dries and at that point it no longer sticks to anything, falling off the surface to become lost when the cleaning lady vacuums the floor.  This was the expectation for early email — “Joe, I left you a quick message about the widget, if you have concerns just give me a call.”  If the email message was lost, deleted accidentally, or was never delivered, it was no big deal because the communication was eventually going to take place in person anyway, and there was no guarantee the intended person would ever read the message in the first place.

As the novelty of communicating with other people on other computers evolved, so did the implementation of email.  To send an email message to someone outside the shared computer, a person needed to know *which* other computer the recipient used.  The @ was born, since that seemed like the most logical delimeter to distinguish “user” from “computer”, and since neither could contain the @ symbol.  For similar computers, the method was “user@computer”, to properly address an email message.  For different systems, it wasn’t so clear.  In fact, it became downright complicated and confusing.  If a person needed to send a message to a distant computer, but the distant system could not accept “user@computer” (possibly it used the @ for something other than a delimeter), the sender of the message needed to know not only who to address the message to, and *which* computer that user used, the sender also needed to know the path the message would take when it was sent from computer to computer to computer.  UUCP (Unix-to-Unix-Copy) was born.  Imagine instead of smith@accounting it was  !cenvax!westnode!accounting!smith.  Gateways from one type of email system to another type had to be erected, to handle the messages and translate one address into another.  Yet, even then, email was still viewed as “fire and forget” in the sense that whenever the recipient got the message, IF they got the message, they will eventually acknowledge by replying in some fashion as courtesy.

Back in my early days of email, I worked in the military in the computer support office.  Then, email was more a novelty than a necessity.  I vividly remember a sergeant I worked with would get daily phone calls after creating a new email account for someone.  Someone would normally call him up to complain “its been 3 days since you created my email account, and I haven’t got any email yet.  I think its broken.”  He would always reply with the same thing:  “you have to send email to get email”, which basically was his smartypants way of saying “it isn’t broken because you didn’t get anything.  You probably didn’t get any email because no one knows you have an email address, or they have nothing to say to you, or all the people you want to talk to don’t have email themselves.”   He would hang up the phone and we would have a chuckle, then I would joke about how the first person in the world with a fax machine probably wondered why he invested so much money in a device that strangely never prints out any faxes.

Slowly, email became the “killer app”.

[For the uninitiated, a "killer app" is an application (a program or function) that is just so utterly cool and awesome it is NEEDED so much that the purchase of an expensive device is justified, simply to use the application.  The other programs and software are bonus, and not needed as much, compared to THE reason the computer was purchased.]

Everyone seemed fascinated with the ability to talk to ANYONE (as long as they were “on email too”) for FREE.  Its better than long distance calling!!  No more busy signals or answering machines!  And its FREE!!

“Move over word processor, I’m going to communicate with the world!!  Shrink yourself into a microscopic icon, Mr. Spreadsheet, EMAIL is the real reason I have a computer!  Now, if only I knew what to say, and who to talk to.  Maybe someone will figure out how to contact me, so we can send messages back and forth.”

Today, no one really needs to know the path a message takes to reach its intended recipient (in some instances, even the recipient need not be known) because we address email to “user@something.somethingelse.com” and we trust the system to do the Right Thing to deliver the message.  To the right person.  At the right time.  “When it absolutely positively needs to be there…”  within the next 15 seconds else I’m going to wonder what the HELL is taking so long, and why haven’t they replied yet because I just got a message that says they’ve read it and it better not have been marked as spam because it wasn’t spam!!

Email has become the primary method of daily communication.  No longer do you “need to send mail to get mail”.  If your email address is on a web page, business card, or if you have ever used your email address to log into a website, YOU’VE GOT MAIL.   Whether you want it or not.  We email each other about meetings, to talk about email.  We email appointments, contact information, political opinions, love letters, chain-messages, advertisements.  The type of content goes on and on.  The problem is no longer about how we communicate with the right person on the right computer, but how to silence the noise to get to the legitimate messages that we need to read.

In the past, whether it was “self contained” or sent from the other side of the continent, each message was read and discarded soon thereafter.  Lately, email is received and almost immediately archived for “safe-keeping”, sometimes without it even being read.   It seems the focus now is not the immediate meaning of each message, but that a potential need might arise in the future where we might need to re-read the message.  Email used to consist of one file, appended to whenever new messages arrived — older mail was at the top of the file and newer mail was at the bottom/end.  Email now has folders, sorting, searching, tagging, categorizing, filtering, and archiving of all types.  We rarely, if ever, delete email that we’ve read.  Sure, it was really nifty when Google unleashed GMail to the world with its “2GB and growing” size limit on the amount of email one person could have, but if we’re only talking about purely text-based messages it amounts to billions of messages. (By the way, it is no longer only 2GB — its more like 7 or 8GB now.)

Email is no longer just the “killer app” in the sense of being able to communicate with anyone.  It is a presentation moniker; an address with @gmail.com is not as prestigious as it once was, but an address with @yourreallastname.com is.  It is a storage mechanism; people have figured out a way to use free online web email accounts to store documents, MP3s, and photos.  It is a calendar; if you’re using a particular email system that is tied into a shared calendar, you can send/receive appointments, and reminders of upcoming events.  It is a ToDo list; some people have an email folder with messages they have sent to themselves containing the errands they need to perform in the course of a day.  It is a webpage; modern email software will accept HTML in the body of an email message and interpret the language of webpages, even in the sense that images need not be attachments to the email but can be referenced to elsewhere on the Internet.  It is submissible legal evidence; there is legal precedence where email messages are a form of evidence, able to be subpoenaed by a court of law.

How did we get this way?  What changed so radically that “e-mail” could come from an experiment on the ARPANET (a solution looking for a problem), to “email”, a common term of the layman’s vernacular so much that it is no longer a privilege but a rite?   How could a function of computer networking change the way we communicate, yet itself change so little?

How is it that email is no longer a novelty method of asynchronous communication, but is now a basic human necessity in the modern world, measured not in its content of communication, but in cosmetic appeal of its address and in its storage size limit?

I haven’t even got to the bad part yet.

SMTP, or Simple Mail Transfer Protocol, was basically an afterthought in the broad historical map of the creation of the experimental networks that were the grandfathers of the Internet we know today.  SMTP is the most widely accepted and “standardized” method of sending and receiving email.  It was essentially created to bridge the gap between unlike electronic messaging systems, back when “e-mail” was growing in popularity and usefulness.  The unfortunate part of the story, though, is that SMTP was created back when there was no real malicious threat or intent proliferating through the networks.  Users basically trusted other users in the sense that everyone followed the same rules because that was what it meant to “be connected”.  After all, if you behaved badly on the network, people would want to network with you less, until eventually you would be partitioned from everyone else in such a way that you gain a decreasing benefit from being part of the network.  It was a self-governing system, yet relatively unofficial.  “Netiquette” dictated good form and respectable practices toward other network-citizens, which mainly consisted of college students and faculty among connected higher education organizations.  SMTP was very trusting back then, and still is.

To this day, anyone can still send email as anyone else — so easily that specialized software is of little concern.  Simply connecting to a mail server with a bare terminal (Telnet), typing the correct sequence of commands and syntax, and voila!  You just forged an email message.  If you’re lucky, someone will believe they’re talking to whom you pretended to be.

What does all this mean, then?  Put together all what I’ve said so far, and it paints a rather dark and confusing portrait.  Email is *everything*, yet flimsy in it being unreliably verifiable.  Email messages pass from machine to machine across the room, or across the hemisphere, and yet they are “essential communications”.  They are submissible in a court of law, yet easily forged.  Messages are quickly and easily created and more easily deleted, yet we archive them for years or even decades with the possibility that we might need them later even though we already know what each message means, resulting in a liability if they are ever subpoenaed, and requiring constantly increasing storage.

How do we end this accelerating downward spiral, or at least slow it down so we might recognize and begin to approach the problem?

When will added functionality, storage space, and guarantees of quality be enough for this old and simple luxury of slow and insecure communication?  When will we finally realize that we have already outlived email’s usefulness and begin using the next electronic communication “killer app”?

If anyone reading this knows the answer to any of the above, drop me an email. 

[3 Oct 2009 Edit: I JUST found out about Google Wave!!  Go here, here, or here to learn more about it.  It is in closed invitation beta right now, but I hear its going to be released this year.]

But, Dave…  There are well over 800 Linux distributions out there already.  What makes you think you can compete?

Competing is not the point.  The point in mountain climbing is not to see who can reach the top first, but to learn something about yourself, and generally “because its there”.  If my Linux distro gains momentum and ends up being something more than just a hobby/pasttime, great!  If it doesn’t, that’s fine too.  I’m not going to make any promises to anyone, at first, because this will be to used fulfill my own needs which don’t necessarily apply to anyone else.  If I later discover that other people have needs similar to mine, we’ll talk about where to go from there.

Basically, there are two approaches in creating your own Linux distribution:  building from scratch, and basing it on existing.  Some Linux distros are based on other Linux distros.  For example, Ubuntu was created out of re-building software packages from the Debian/GNU Linux distribution, but Debian was created from scratch by hundreds of volunteers.  Ubuntu itself has spawned derivative Linux distributions; Kubuntu, Xubuntu, Ubuntu Studio, and Mythbuntu to name a few.  Both methods have their advantages and disadvantages, and both are equally valid (and probably equally popular).

A few existing Linux distros come with their own “roll your own” application that will automagically create a customized ISO image that you can use to modify/install/spin/fold/mutilate to your heart’s content.  Yes, the method bases it on a specific Linux distro, but it will be relatively different depending on the customizations you’ve set in place.  For example, Fedora has Revisor.  There are also non-distro-specific utilities on the web such as Instalinux, as well as complete Linux distros based on customization and optimization in which everything is built from source — Gentoo.

The other method is to construct a Linux distribution completely from scratch, appropriately named Linux From Scratch (LFS).  While this approach isn’t entirely difficult initially — its just building binary files from source files — it is time-consuming.  It is also recursive, meaning that software you compile in the beginning stages are depended upon by other software you build later, and you’ll have to start over from the point of contention if you discover something broken.  This is termed “building the toolchain”.  Building software so that you can build other software with it, that software becomes dependent on the initial software build, which is then used to build even more software — creating a chain of software used to create a system, which will be bundled together to form an installation, and a Linux distribution.  That’s the easy part.  The hard part isn’t in building the software; its in maintaining the whole thing such that when a bug is discovered it is easily and quickly patched/fixed and the remaining components of the toolchain remain relatively unaffected or are automatically rebuilt using the new link in the toolchain.

Whatever method used to build the Linux distribution, there still needs to be some point to the exercise, else time invested is wasted in making an exact copy of something that could have been simply downloaded to begin with.

My goals:

• Hybrid approach, mixing Linux From Scratch with useful tools from established distributions.
• A practical level of security in the system, without sacrificing usability.
• An agnostic mindset for software packages, trying not to rely on one set of software built for one distribution.  A best of breed path would be ideal, taking the best software from well known distributions, and possibly introducing software that is not available in any Linux distro.
• Initially, aim at the desktop and see how that goes before configuring things for a server platform.
• Simple for the user, but without the cost of being difficult or complicated for the system administrator (who is often the user also).

I’ve had quite a few discussions with friends about what I should name it. After all, that’s the most important aspect of a Linux distribution, right?  Amazingly, in the discussions about naming my distro, no one ever asked me what I wanted it to do — but everyone has suggestions for a name.  I guess in the age of Google, and Yahoo, the name doesn’t have to be related to what it does.  I have a pretty good idea what I want to name it, but that may change later.  Considering there are over 600 distributions of Linux in circulation, a few hundred discontinued, and a few hundred more about to be announced (some of which might be discontinued in a few months), the name doesn’t matter that much to me as long as it isn’t completely ridiculous.  Douchebag Linux doesn’t smack of “Download me!  Use me!  I’m useful!”  On the other hand, Master of All Linux sounds good, but is probably just a tad too ambitious.

I wish there was a quick way to check if a name is already taken.  Like a global registry, or something that I could search for to determine if a name is used.  Distrowatch.com is good, but there is a 90 day waiting period for a Linux distro to be added to the list because “this is to discourage submission of new projects that start with great enthusiasm only to vanish in a few short months”.  Like I said…  Easy to start, difficult to maintain.  Incidentally, ParanoidLinux is on the waiting list to be added to Distrowatch.  Its not mine, but I get quite a few people that read this blog after searching for that particular distro.  I wonder why…

You want to get into a website that you’ve already registered, but you’ve forgotten your password. In lieu of chatting with someone on the phone or offline, the website asks you a few predetermined questions that you answered when you registered to the website. You know the questions, because most websites have the same set of questions…

• What is your mother’s maiden name?
• What is your first pet’s name?
• Where did you grow up?
• Who did you lose your virginity to?

…ok… maybe not so much that last one, but you get the point.

The problem, though it may not be abundantly apparent, is that your mother’s maiden name is easily obtainable, as well as where you grew up. Most of the things asked to verify your password is a matter of public record, or otherwise obtainable by investigating you.  Essentially, what you know (your password) turns into something other people might find out (mother’s maiden name, high school mascot, etc), in the case you forget your password.

One proposed solution is that these types of questions to verify your identity is replaced by your preferences; in music, movies, colors, type of food, sports, etc.

Enter the Blue Moon Authentication system.

The question, here, is:  Can these things be learned, given a person’s name?

Granted, some things might be actually learned about a person.  A person’s last name denotes heritage and geneology, which might infer food preference, types of movies, etc.  Sites like last.fm actually track a person’s music preferences, and pairs it with  “neighbors” of similar preferences.

Parallel to this, some people answer these types of questions (mother’s maiden name, high school mascot, etc) with purposelly false information, such as “qwerty1234″.  Subsequently, when/if they forget the password and are presented with the question “What is your mother’s maiden name?” to recover the password, they believe they are protected from public records giving this away — qwerty1234 is the answer to all questions, and this is not public record, and therefore useless in attempts to learn the password.  This obfuscating strategy works in a question/answer scenario, but likely doesn’t work very well in the realm of preferences — if you purposefully choose falsely, you may not remember your purposeful false choices upon you forgetting your password.

Quite an interesting problem, indeed, with an interesting possible solution.

If only people could choose good passwords, and remember them…

This is part of a research effort to solve the problem that humans, by nature, choose poor passwords as well as have difficulty in remembering good passwords and/or randomly generated passwords.

Passwords are part of a security system that allow 1 of 3 things:

• Something you have. (Think something like a physical key or keycard)
• Something you are. (Think your fingerprint, or your iris)
• Something you know. (This is where your password fits in. Its “safe” because it should exist only in your brain.)

The proposed solution is to reference a song, image, or other type of digital content to act as the seed of a cryptographic formula. Insert the digital content, apply the proposed hash function, and out pops a password. Granted, you’ll probably have to browse around to find the file used each time you need the password, and doesn’t necessarily solve the problem of when things on the Internet get deleted, its still very interesting stuff.

I haven’t read the entire paper, found here, but one begins to wonder about ways to defeat the method/mechanism… such as learning what song/image someone has used in attempts to gain access as them, or if this is vulnerable to a man-in-the-middle attack since it depends on something you have for a seed.

I’ve thought of a few different ways to answer that question, but I’m always led to two different methods of thinking: Active and Passive.

One way to view the use of personal computers is Passive. By this, I mean that computers aren’t necessarily used as a tool to actively accomplish a goal in the grand scheme of owning a computer, but is meant as an appliance that provides a fundamental use. There are no large heavy computations taking place to predict election results or simulate weather on a distant planet. The computer sits on a desk and is available on a whim of the owner to perform very short tasks like viewing family photos, listening to music or chatting with a friend while balancing the checkbook via online banking.

One analogy in the passive use of computers would be to compare a PC to a home, since people live in homes but don’t USE their homes for much of anything other than a place to live.

A PC is like a home:

1. People own houses with windows, doors, rooms and yards. People want computers they can customize to their liking, with different video cards and monitors (like windows), network cards (like doors), memory and hard drives (like rooms and yards to store things).
2. Home owners purchase appliances and budget for infrastructure repairs as needed. PC owners furnish their devices with software according to their own needs and budget (similar to the way you furnish a home) and purchase peripherals that help them facilitate their use.
3. Home owners budget for expansions or a move to a new location as needs change. People normally budget for a new computer, or an upgrade every so often, and plan for a move (of important stored data).
4. Houses are parts of communities (even if the house is in the middle of nowhere and the closest neighbor is miles away it is still considered a community), with home owners helping each other in cooperation to help the community thrive and succeed. PCs are part of a large community since the majority of personal computers are networked in some form, taking part in a community, most often more than one. There are instant message communities, blogs of similar interests, as well as family members emailing each other.
5. Home owners do their best to secure their homes when they’re gone such that possessions within are not damaged/stolen, or the houses themselves are not vandalized. Personal computer owners, for the most part, understand there is an apparent need to secure their computers (they install virus scanners and firewalls because they understand a need to “lock the doors”).

In the passive view, homes are very similar to computers in the way they’re used. Many people have little trouble at all fixing a door or knowing who to call to repair plumbing in their home, yet PC owners don’t necessarily know what is wrong with it when it doesn’t behave as they expect — whether it be a broken video card or a failed mouse.

PCs can also be like cars, making their use more active than passive.

1. Vehicle owners like to fully customize their cars, making them unique and distinguishable from vehicles of the same make and model. Computer users will customize their desktop backgrounds, icons, mouse cursor, mouse pad, etc. to enhance routine daily use.
2. The mechanically inclined enjoy tinkering with the engine, or transmission, sometimes completely replacing factory standard parts with custom 3rd party parts. Computer geeks will tinker with certain aspects of the operation of the computer, customizing all the system defaults, installing specialized uncommon software or even replacing the operating system with something other than what the machine came installed with.
3. Automobile owners view their vehicles as more than just a conveyance, but as an investment or even a status symbol, and go to lengths to protect it as such with theft deterrence and tracking systems. Some PC users view their devices as more than just a tool or a novelty and use it to accomplish tasks they would not otherwise be able to perform without a computer; they balance their checkbook, participate in an auction, or keep a journal or photograph album to be shared with people they’ve never met.
4. There are drivers that speed, so much that they’ve invested in RADAR detection devices in attempts to break the speed limit without getting caught. There are PC owners that could be considered scofflaws in that they violate license agreements, copyright agreements, as well as ethical use.

Active view suggests that vehicles are like computers in that they provide more utility and that makes them not only used more but more functional in their use. The hot-rodders with souped up systems, fancy peripherals, and homegrown or free software become trailblazers that push the limits. These are the “computer geeks” and “hackers”.

Looking at things this way, I’ve found that there are contrasts between these two use cases, but there are also a few similarities. To extend the analogies, homes and vehicles, both require people to obtain some sort of insurance to protect themselves and others as well as the items contained within. Both cases also imply a concept that owners are master of their own domains, constantly making their own decisions.

Doc Searls is exploring how Linux and the Net could be considered infrastructure of hard and soft. I’m not sure how my analogies here would fit into that concept. One thing I am certain of, though, is that there seems to be a fundamental need for change in the way people use computers, or even view the way they are used.

Everyone is forced into becoming their own system administrator, making their own (often uninformed) decisions about their computers whether they actively choose to or not. Whether they realize it or not, this happens often to their own loss and pain (and sometimes damaging others) because most people don’t know how to be a system administrator.

Maybe there should be a license in order to operate a computer. Perhaps there should be some kind of insurance to protect ourselves from computer operators without a license.

Most humans can’t keep more than a few important pieces of information in their brains for long periods of time, such as a password. I know I can’t keep more than a few “good” passwords in memory for more than a few weeks — the more passwords I have, the shorter I tend to remember them. Also, I tend to have a “good” password that I use for important things (like bank websites), which gets rotated every so often, and a “not-so-good” password that I use for less secure things that are much less important (like web forums). The problem is, the more places I use these different passwords, the more difficult it becomes to keep track of which is which, what the passwords are, and how often I need to change them.

Back in 2003, I found a good solution to the problem. Password Manager runs as a standalone Java application that encrypts into a file of all of my passwords, usernames, addresses, and other odd things that I need to remember but not write down. Four years ago, I had the idea that I could run Password Manager directly from my 64MB USB keychain. This way, I could run the application and have access to all of my passwords, etc. anywhere Java was installed — Windows, Linux, etc. With its very small footprint (~400KB), I could keep every password, keycode, and secret that I could think of on a USB device that lived in my pocket and access it via the nearest computer just by plugging it into a USB port and lauching the application. Considering that the application encrypts all of its data into a file controlled by one “master” password, its safe even if I lose the USB keychain — if I lost the device that held my information, I’d no longer have the information, but no one else would either since nobody else knows my “master” password to unlock the data.

This worked quite well for a long time — four years, to be exact — until I discovered something a bit better.

Clipperz.com is a website, but unlike most websites in that it provides a very specific service in a well thought out manner. The Clipperz website is essentially one gigantic JavaScript that keeps things that you need to remember in a secure fashion; a password manager. However, its also a bit more than that…

On Clipperz, you can create what they term as “direct logins” such that the service directs your web browser to the login page of a site and enters your credentials for you automatically. This basically turns the service into a rudimentary “single sign-on” portal. Just log into Clipperz with your username/password, and you’ll have access to all your favorite websites without having to remember or change your password for them. You can also create highly customized entries for things not even connected to a website — like a combination to a lock, or personal information you need handy.

The beauty of Clipperz is that, while it is a “secure” website with the appropriate SSL/TLS certificates and accessible via httpS, the service never actually keeps your data. Each piece of information you enter to be stored is encrypted by your web browser before it is transmitted to the service. This way, if things at Clipperz get dark and someone compromises their database, the intruder gets a bunch of encrypted information he/she doesn’t necessarily know what to do with.

So, what about my USB key with the Java application?

Well, it was somewhat of a pain to plug in the USB device, navigate my way to the directory the program lives, launch the Java application, wait for it to start, open its encrypted database, be prompted to enter the master password, and then finally locate the secret that I needed to remember. Yes, the process takes about 2 minutes, tops, but that’s mainly a Java limitation of the systems that I usually use.

Clipperz has the ability to store an “offline version” that is read-only. Basically, it loads all my secret data into a file with its JavaScript and images, saves the file as an encrypted set of data that I can copy onto my USB stick. VERY handy, because even if I’m “offline”, I can load the file into a web browser, type in my master password and have access to my data in less than half the time of launching a Java application. The file is secure, so the risks are the same as with the Java program — lose the USB stick, and I don’t have access to the data but nobody else does either.

Clipperz claims to have a few new things on the horizon, such as the ability to “share secrets with family members and associates”. For the life of me, I can’t imagine any circumstance where someone would need to do this, but there’s the option coming soon…

One more pro for Clipperz (and con for Password Manager): you can review the source code for Clipperz at any time, while Password Manager is free no one other than the developer may review the source code.

Best home equity loans
Attorney debt settlement texas
Cash out refinance
California cash out refinance las vegas home mortgage loans
Refinance rates
Insurance nhs sexual health clinic
Trw credit reporting
California home refinance rate california home loan mortgage
Refinance home equity loan
Cleaning up credit report
California home mortgage refinance bad credit loan pay
Insurance sexual health clinic sydney
Health insurance portability and accountability act
Credit reporting bureaus
Mortgage rates home loans refinance
Auto refinance loans
Credit card rebate offer
Free credit card offers
Money bank credit card
Va home loans
Whole life insurance advice
Mortgage refinance low home loan mortgage refinance rates
Smoker life insurance
Credit card debt consolidation
Met life dental insurance
Credit repair after bankruptcy
National health insurance company
Family health insurance plans
Student loan default
Credit scores what
Mortgage broker home loan refinance
Insurance sexual health nursing
Debt consolidation credit counseling
Health insurance companies
Las vegas home loans
Calculator car cheap finance home insurance loan mortgage
Equafax credit report
Free term life insurance quote
Walmart business credit card
Best bank credit card
Same day payday loan
Anthem health insurance
Debt settlement scams
Online credit reports
Home equity loan
Sallie mae student loans
Home equity loan source
0 credit card offers
Free credit reports online
Credit report repair services
Student credit card offer
Reporting bad credit
Health insurance for self employed
Commercial credit reports
Ge long term care insurance
Check credit report repair
Auto loans for people with bad credit
Term life insurance
Annual credit report
Experian free credit report
Application card credit mbna
Automobile title loans
Best credit score
Insurance sexual health advice
Relief for tax debts
Debt consolidation credit card
Consolidation credit card
Refinance online
Care insurance lead long term health insurance online
Florida disability insurance
Get my credit report
Affordable term life insurance quotes
Refinance home equity loan refinance mortgage rate refinance
Equifax credit score
Debt consolidation programs
Personal debt consolidation loan
Fixed rate home equity line of credit