These days, we have accounts on dozens of websites and for each of them we have to set specific passwords. Using the same password for more websites isn’t a good idea, especially if it’s linked to accounts like PayPal or other financial services. If the hacker finds out your password, he might be able to use it to crack down more than just one account that you own.
If you’re like me, then Passwd.io will prove to be a great resource. Passwd provides you with a central place where you can safely store your password, PIN codes, online banking credentials. This doesn’t mean you should be using poor, easily crackable passwords! Living in times when identity theft is a real threat, Passwd seems to be a service that shouldn’t be used only by geeks or tech savvy people.
How does it work
Passwd.io works very, very simple. You just log on the website and you store some passwords there, in a central place, so you won’t have to store them in your computer, in hidden text files or in post-it notes across your entire home. Then, you can log in to the website if you switch computers and you can safely extract the passwords and use them.
You might be afraid of storing your passwords on a website, after all, how sure can you be that they won’t be using your passwords? Hackers are so clever that they could be making such a web app, right? Here’s what the Passwd.io makers have to say about this:
The important thing is that your data is yours, and yours only. The information transmitted to the passwd.io servers is already encrypted – none of your confidential data is known to us, not your passphrase, not your content, not even your mail adress. This works because the passwd.io servers are just a “dumb” data store – encryption happens on the client, in your web browser. For this, passwd.io uses AES encryption and PBKDF2 hashing, two very secure crypto algorithms.
You start by entering your mail adress and a passphrase. Both are hashed and sent to the server – this way, passwd.io is able to authenticate you, without the need to know what your mail adress and passphrase actually are. Only the hashes are received by the server. The cleartext passphrase is then used to encrypt your confidential data on the client – thus, only encrypted data is transferred.
So, if we are to take their word for granted, the encryption process happens only on your side, only on our web browsers, the passwords aren’t stored on their servers. The discussion about Passwd.io continues on Reddit, and it seems that there is a number of suggestions already from the members, such as:
- Adding a client-side JS validator that would run as a browser extension
- Putting the client code on github
- Use a XKCD comic to better illustrate the purpose of Passwd.io
Even if there is a number of similar web apps, like Clipperz, LastPass or PassPack, Manuel Kiessling – the creator of Passwd.io – says that his product is different becuase it is very simple and easy to use. Also, he said that you can use whatever email you want when first trying the product, but if you lose your password, the single way to get it back is by providing an email address that you own. For me, Passwd.io gets the job done and even if it’s still in Beta, it inspires trust.