The nasty thing about identity thefts is that victims are usually not aware of the perpetrated crime. At least not until the consequent damage becomes self evident. And, of course, early detection can often avoid more serious outcomes.

UPDATED ENTRY

When we launched our online password manager, we dubbed it the first example of a zero-knowledge web application. We simply meant that Clipperz knows nothing about its users and their data. It was a simplistic and inaccurate definition: the zero-knowledge paradigm needs to be better defined. Our fault.

In the previous post I wrote about our zeal in building zero-knowledge web applications and our pledge to never introduce features that could compromise the integrity of our model.

Now I present a comparative analysis of Clipperz and PassPack with regard to the implementation of one-click logins. The analysis will clearly show the benefits of adopting a rigorous zero-knowledge methodology.

A true zero-knowledge web application knows nothing about its users and their data. We have been fascinated by this simple idea since 2005 when we started this blog. Since then it became our obsession.

Authentication is an essential part of any web application. But why are web service providers so secretive about their authentication protocols and procedures? Why they are not disclosing any information about how users’ credentials are communicated, verified and stored?

Clipperz password manager is a huge Javascript application downloaded to your browser before you sign-in. No further Javascript code is downloaded to your browser after the login page is loaded. Therefore it’s quite easy to take a look at the whole application code and verify if it is a genuine version.

Clipperz online password manager is a cryptographic system designed and built to achieve a 128-bit security level. This could be an obscure statement and I will try to clarify it.

Using a password manager is not merely convenient, it’s an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.

But could you gauge the strength of your passwords? Can you easily determine how much entropy they contain?

Nothing was more appropriate for Clipperz than being reviewed by Charles Martin on his blog Before you are gone that displays the intriguing and remarkable subtitle “What happens to your Online life when your Real life has ended?”.

I wouldn’t recommend to use your browser as password manager. It’s not just a matter of security, but mostly of convenience.