Here’s a common problem. You log onto Facebook, Google, your Bank account and numerous other places several times a day. You use your browser to do so, and you may have your browser “remember” the login and password. This is handy, and saves typing passwords over and over again. It also prevents passersby from seeing you typing, and in this way, it actually increases security. However, there is one downside: anyone using your computer can log onto your sites. Most sites give you a warning if you’re using a “public computer”, instructing you not to save the password. You may consider your computer to be private and personal but what happens if your laptop gets stolen? Will you have the time and presence of mind to remember to log into all of your saved sites and change your passwords? What about your bank account? Paypal? Your taxes? Part of my paranoid nature and a desire for a solution to this problem led me to a hunt today which ended successfully with the discovery of Clipperz.com.
What is Clipperz.com?
Clipperz.com is a free online serice allowing you to manage all of your online passwords. It can also manage offline data, but I won’t get into that here. Registering is easy, just pick a name and a password. That’s it. There’s a reason for this: Clipperz.com doesn’t want to know anything about you. The less information that trades hands the better. This means that if you forget your password, you can’t retrieve it, so make sure you can remember it, or write it down somewhere. You create your login with a name and password (called a “passphrase”) and then you are immediately allowed to create something called “cards”. They compare cards to a Rolodex, where you are given a separate card for each of several items. In this case, a card would represent a login; for example, Facebook. This is how the process works:
1) Open an account. Choose a good passphrase that you can remember. Perhaps you should leave a hard copy of it out in real life, in case you fall off your bike and get amnesia (it happens!)
2) Make a bookmarklet. Here’s how. Basically, this will add a bookmark to your browser so you can always easily turn a site login into a card with one click.
3) Navigate to a site with a login window.
4) Click the bookmarklet. You’ll be presented with some code. You should copy it (Apple or Ctrl – C)
5) Go to Clipperz.com and create a new card by pasting the information you just copied. Here’s how
6) Create a direct login from that card. If you use the copy-paste method described above, your direct login will be created for you.
Now, you can access your site by clicking the direct login from your Clipperz account. This means that on any given day, you can log into Clipperz, then navigate to and from your saved password sites securely. If you know all your passwords, you can begin transferring them to cards. When you log out of Clipperz, you have just thwarted thieves with one click. Then, I’d recommend erasing your saved passwords from your browser’s preferences (usually located in a tab called “security” or “autofill”) and unchecking “autofill user name and passwords” from your browser’s preferences (actual wording will vary). This will make it so that the only way to access these sites in the future is by logging onto your Clipperz page with your passphrase. Thieves will no longer be able to go to your sites uninvited. To further protect against theft, you must always log out of your Clipperz account when you leave your computer. Although this can be annoying, it’s easier and safer than the other options which would be either manually typing in logins to every site every time, or having your browser save them unsecurely.
For Bank accounts, I prefer to manually type the password, but most banks make you type your password again before you do anything significant, so thieves with auto passwords will be thwarted anyway. I don’t recommend using Clipperz for storing passwords for fund transfer confirmations and the like.
Beefing up security even more
For best results, you can have your browser clear cookies when you close it. This will automatically erase logged-in states so that you don’t have to manually log out. One handy tool for Safari is Pith Helmet. Pith Helmet has a setting that allows you to have cookies cleared when you close Safari.