PasswordBox: Unbreakable Passwords That You Don’t Have to Remember

Xconomy National — 

Leave it to tech entrepreneurs to turn bad news into good news.

For most of us, our passwords are the keys to our entire digital lives. The bad news is that we’re losing the race to keep these passwords safe from hacker attacks. Making up a secure yet memorable password used to be a matter of picking a random word or two and throwing in a couple of numbers—say, “fid0bark5.” But today, hackers have so much computing power at their disposal that almost any password simple enough for a human to memorize can be decrypted in seconds.

To be truly secure, a password should be so long and so random that it couldn’t be deciphered even if the encrypted version stored by your bank or your e-mail provider fell into the hands of a hacker. But a password that lengthy is effectively impossible to keep in your head, let alone type in every time you login at a website. I’m talking about jumbles that sound like FedEx tracking numbers—for example, “lxgJSN4F6BvAK6HTUfMo” or “PASzYFweX8sbACYgB8hN,” just to use two 20-character strings that I generated randomly using Wolfram Alpha.

So what’s the good news? It’s that designers, engineers, and entrepreneurs have been thinking hard about the problem. And they’re finally coming up with solutions that can help average consumers put less of their precious brainpower toward remembering passwords.

The Xperience Key to the Top Password Managers
ClipperzWeb-only0.25-1.00 Bitcoin/
DashlaneMac, Windows, iOS, AndroidFree, $20 for sync
LastPassMac, Windows, Linux, iOS, Androd, Blackberry Windows Phone, WebOS, SymbianFree, $12/yr for mobile sync
1PasswordMac, Windows, iOS, Android$ onepassword
PasswordBoxChrome, Firefox, Safari, iOS, Android$12/
PasswordGenieMac, Windows, iOS, Android$15/yr desktop, free on passwordgenie
RoboFormMac, Windows, Linux, iOS, Android, Blackberry$19.95/
SplashIDWindows, Mac, iOS, Android, Windows Phone, Blackberry$19.95 desktop/$9.99 splashid

This week I’ve been testing a new consumer-oriented service, PasswordBox, that can make up strong passwords and then remember them for you across the Web, whether you’re using Safari, Chrome, or Firefox, and whether you’re surfing from your PC or your mobile device. Once you’ve entered your existing online passwords into PasswordBox or created safer new ones, all you have to remember is one master password. Then, to log into a password-protected site, you just click on the site’s icon on the PasswordBox menu.

The service is both secure and extremely easy to use—a combination that’s been lacking in most previous password-management software. It has an unusual “legacy” feature that allows you to designate a friend or family member to take over you’re accounts in the event of your death. It works on iOS and Android phones, and because it’s cloud-based, any change in your passwords is reflected immediately on all of your devices. And perhaps best of all, it’s cheap ($1 per month, and free for life if you get five friends to sign up).

There are many other dedicated password management programs to choose from (see the table above); they’re all better than trying to memorize passwords on your own. But ultimately, even systems like PasswordBox can’t guarantee that your online data will always be safe, or that hackers will never find a way to drain your bank account, run up your credit card bill, or wipe your cell phone. For one thing, there’s still that master password: if someone else gets it, you’re back where you started.

To achieve the next level of security, many security pundits say, we’ll probably need to abandon passwords altogether and adopt two-factor authentication, biometric technology, or other schemes. Wired senior writer Mat Honan, the victim of a much-publicized 2012 hacker attack, says “The age of the password has come to an end; we just haven’t realized it yet.”

Be that as it may, there’s still going to be a long transition period. So it makes sense to investigate services like PasswordBox that can boost your protection, while easing the burden of remembering all your old-fashioned alphanumeric passwords.

In a way, you can think of the password crisis as a design failure. The sins for which consumers are constantly berated—picking short, easy-to-guess passwords; using the same password on multiple sites; keeping the same passwords for years; or, God forbid, writing down your passwords on paper and carrying them in your purse or wallet—seem unavoidable in a world where every service from your frequent-flyer account to your dentist’s appointment portal requires authentication. A 2007 study by Microsoft Research found that the average Web user had 25 accounts that required passwords, but had only 6 actual passwords, meaning that each password was being shared each across four or more sites. And that was before the mobile-apps explosion; the numbers would doubtless be even more disturbing today.

The reason it’s such a bad idea to reuse passwords is that one successful breach could allow a hacker to infiltrate all of your accounts. Browser makers have tried to help by adding features that offer to remember multiple passwords, but they only work for selected sites, and with the exception of Firefox, they don’t sync across your desktop and mobile devices. The system built by PasswordBox—a San Francisco- and Montreal-based startup that opened its system to the public this week after more than a year of private beta testing—can remember an arbitrary number of passwords and log you in using the right one each time you visit a secure site, whether you’re using your computer or your phone.

Here’s how it works. When you sign up, you download an extension for your browser and give PasswordBox a master password; it’s becomes the key to the virtual chest where all your other keys will be stored. Then you input the usernames and passwords you use at all your usual haunts on … Next Page »

Single PageCurrently on Page: 1 2

By posting a comment, you agree to our terms and conditions.

8 responses to “PasswordBox: Strong Passwords That You Don’t Have to Remember”

  1. a says:

    Correction: Keepass Supported operating systems:
    Windows 98 / 98SE / ME / 2000 / XP / 2003 / Vista / 7 / 8, each 32-bit and
    64-bit,Mono(Linux, Mac OS X, BSD, …).

  2. Erika J says:

    Hey, Wade–LastPass is free for the desktop/laptop versions. $12/yr is to add mobile (phone, tablet) support.

  3. Jorsh says:

    Intuitive Password should be mentioned. A cloud based password manager, very nice user interface!

  4. Joost says:

    I am not comfortable with using a cloud based solutions. Various native KeePass clients are available for Linux, iOS, Android and legacy cellphones. KeePass supports two branches 1.x and 2.x. I chose the 1.x format and have been using KeePassX, KeePassJ2ME and MiniKeePass for a few years now. See

  5. Edie says:

    I can’t remember my master password for my Password Box app. How do I get a new one?

  6. Stephen Mugford says:

    I love PWB but I have found a glitch. Suppose you
    forget a password for a site. Maybe PWB is recalling it for you on your pc but
    you need also to log in to the site via (say) your smartphone. So, you send a
    request to the site and it sends one of those updater emails. You click on the
    link and, quick as a flash, PWB leaps in, whacks in a new password and sends it
    off. It also recalls it so you can log in fine from the PC. But since it didn’t
    show you what it was inserting (and you cannot view it in PWB for security
    reasons), you are still disabled on other devices. L Sure,
    when you KNOW this is the issue it is easy to remember to turn PWB off for a
    few minutes while you do the renewal business. But you need to know it. I
    didn’t. I spent an age at one point with very helpful folk at AMAZON (on an
    international line from Australia) as we patiently did a manual, remote fix
    because this glitch was interfering every time I tried to reset the AMAZON
    password … (They didn’t know either.) Then it happened with another couple of
    sites. Hmm, had to be inside my browser configuration I decided. So, patiently,
    I started turning off my Chrome extensions one by one and bingo—when PWB was
    off the renewal process worked fine.