How Does It Work?
Account Security Features
Protection Against Phishing
Passpack's Anti-phishing Welcome Message combines a custom greeting, IP recognition and hand-eye training to combat phishing attempts.
A custom welcome message is shown after every log in, and before inserting the Packing Key. A fraudulent site will be easily identified when the welcome message is missing. Thanks to the IP recognition, even if the phisher then attempts to login to the real Passpack to glean your welcome message, he'll see nothing.
Strong, Unique Passwords
Use Passpack's simple, yet powerful, password generator to create a different, random password for each login.
Disposable Logins (OTP)
A Disposable Login is a one time Password and Packing Key combination: you use it once, then it's thrown it away. Disposable Logins are handy when traveling or on an untrusted public computer.
Backup & Offline Version
Save a personal, encrypted backup of all your entries. Don't trust the internet? Download Passpack Desktop to manage a local copy of your data, and read personal backups.
Passpack supports both email, and the Yubikey USB token for physical account protection.
Thwart Keylogging Malware
Defeat commonplace keyloggers with an on-screen keyboard when accessing your Passpack Account.
Strong Pass Phrases
Passpack encourages you to use strong pass phrases. It measures your Password and Packing Key while you type.
You can measure ALL your passwords this way in the entry window to see which of your passwords need changing!
Then use the built-in password generator to quickly make unique passwords for all of your logins. Afterall, you don't have to remember them, Passpack does.
No Spying Eyes
Hide your passwords from shoulder-surfers with on-screen "scrambled" passwords and notes fields.
Accounts will also automatically lock-up if left unattended, excellent feature for use in a busy office.
Non-permanent Account Info
Your Password, Packing Key and even your User ID can all be updated any time you want, and as many times you want. In fact, we urge you to do this from time to time. Just PLEASE always remember to make note of the new account information and store it in a safe place.
Summing it all up
With AES encryption (the same as used by the US Government) and an SSL Secure Connection, your data travels safely over the internet. But let's suppose a hypothetical "bad guy" gets into our servers, all he'd find would be a bunch of illegible data (not even Passpack can read your data). If he's determined to crack this data, he'd have to crack the Packing Key of every single user, one-by-one, in order to reverse the encryption process. To date, this type of brute force attack on AES is considered impossible. That makes Passpack an unattractive target.
Only encrypted data is ever sent over the Internet, and it is always sent over an SSL Secure Connection. That makes the data doubly encrypted, and thwarts Man-in-the-Middle attacks.
Passpack resides in a disaster-proof data center, monitored 24 hours a day and equipped with a wide range of security, power management, cooling and network access equipment.
Physical access to the data center is protected with biometric sensors, security cameras and secure access systems. Physical access is limited to the actual server boxes. Application access is performed solely via a protected VPN connection.