March 2007

Passpack Announces a Free-For-Now on Upgraded Accounts

Internet users claim bad memory forces them to reuse the same passwords over and over. A UN report warns that password re-use heightens the risk for identity theft. A new wave of Online Password Managers may be the answer.

How many passwords does the average web goer have to remember? Between social bookmarking, photo albums, blogs, gaming and the slew of new services popping up daily, the answer to that question should be: lots.

On the contrary, Internet users tend to reuse the same passwords on many different sites. BBC News recently reported in UN Warns on Password 'Explosion'. "The number of passwords and logins web users need makes it inevitable they will re-use phrases, warned the International Telecommunications Union."

It's a memory problem

People simply can't, and won't, remember hundreds of passwords. Password re-use may make life easier, but it also significantly increases identity theft vulnerability.

The ITC "called on regulators and businesses to find better ways for people to identify themselves to websites," reports the BBC. But Internet users may get the reprieve they're looking for sooner than expected. The proliferation of online services at the heart of the problem, could also provide the solution.

Open Sesame

The idea isn't new: one master password to access all the others. Password managers have been around for eons. Traditionally they are installed directly on the user's computer. However, with the constant onslaught of malware and viruses, desktop applications may prove to be increasingly less secure.

Pioneers in online password management launched as early as 2005, giving web users a taste of anytime, anywhere access to their passwords. The fourth quarter of 2006 saw a new wave of Online Password Managers sprout up.

According to Passpack founding partner Tara Kelly, the emerging Online Password Managers offer a layer of security that wasn't feasible until the recent large-scale adoption of Ajax scripting.

"The new client-side cryptographic techniques don't replace the old standbys: they build on them. No longer do developers have to rely solely on the little SSL padlock to make their sites safe, now they can leverage the browser as well."

Crossing the Chasm

Growth for the new OPMs has been somewhat stilted by concerns about Ajax-run websites being easy targets for hackers, but the experts confirm: a poorly built website will be easily violated, a well built one will not – Ajax is irrelevant, what's important is that it's high quality.

"Once that message makes it through to the mainstream," says Kelly, "we'll be seeing a spike in Online Password Manager usage. People just want something safe and easy. That's not too much to ask."