In the world of bad ideas we have seen a remarkable array. There was hair in a can, the car-b-q and the pocket fisherman to name a few. Sure they have camp value but, you wouldn’t rely on any of them as a matter of practice. So, why then do people hand over their passwords for chocolate? Or, as in this case, for convenience of an online service.
Maybe that’s just it.
People have so many passwords that they are falling out of their ears in a lot of cases. Passwords are frequently viewed by the average user as little more than an irritant. They’re not given the importance that people might assign to the banking PIN number. This type of thinking inevitably leads to sticky notes on computers and inane passwords such as “password”, “letmein” and “secret”.
Today (Monday) I read about a service called Clipperz on the Web Worker Daily. This is an online service that will store your passwords for you. Maybe my professional paranoia of the last decade+ as a security operator has rotted my brain but, how is this realistically a good idea?
No ill will intended to the folks at Clipperz. I’m sure they have all the right intentions and have taken proper steps to ensure security.
From Web Worker:
Obviously, security and privacy are a consideration when using such a service. I liked that no personally identifying information is required for registration, not even an email address. On the security side, Clipperz says that all data is encrypted or decrypted locally at the browser level and that even your secure passphrase is never saved or sent to the server. They make the source code available for security review and I found no indication from anyone who questioned their methods.
That isn’t the part that gets me. It’s the message that this conveys to the user. Sure, you don’t know me but, trust me.
I’ll store your password for you.
Want some chocolate?