All posts in “Behind the Scenes at Passpack”

Evolving Passpack's Privacy Model

Passpack’s job is to let you store and share private data (passwords) in way that not even we can see them on our server. While it sounds very straightforward, that definition has been in the making since Dec. ’06.

When we first launched Passpack, we equally stressed both data privacy & security and personal privacy & anonymity. It’s anonymity that is up for discussion today.

Currently Passpack’s architecture has some throw-back structures to these early beginnings. Moving forward, these residual elements make it increasingly complex to solve what should be simple problems for you.

We’re planning some significant changes to the architecture, which will allow us to get a move on with some of the important features you’ve been requesting. But before we do so, we wanted to let you know about what those changes are, and give you a chance to voice your opinions.

Shared Tags, Global Groups & More

First – I’m going to details the pros and cons here, and at the end of the post there’s a survey for you to express your thoughts.

Share / Transfer Tags

This is the feature request that first made us wake up and rethink our architecture. It should be an easy enough thing to do to allow you to tag an entry, share it, and have the tags shared along with the entry itself. And technically we could do it with the existing architecture, but to do so would take an enormous amount of time and effort… and really would just be just postponing the underlying issue: are we making our users’ lives harder than need be by obsessively over-encrypting?

Current state - All tags are HPH encrypted in a single monoblock. On the server, Passpack doesn’t know the names of your tags, nor which ones are used on which entries. All of that matching happens on-the-fly on your computer after you’ve logged in.

The change – We’d like to remove the encryption from tags. This will mean that we may know what tags you are using. But unless you’re doing something really odd like using your password as a tag, this shouldn’t actually compromise your password privacy.

Global Groups & Group Admins

Global groups would allow folks to know when they’ve been assigned to a particular group and who else belongs to it. Building on that would be the ability for an account owner to designate someone inside the group as an administrator with permission to manage sharing privileges on the owner’s behalf. Both are pretty basic in most collaboration systems. Both are not possible with Passpack’s existing structure.

Current state - Passpack’s server knows the sharing nicknames of the people you’re connected with. But it does not know the names of your groups, if you’ve renamed any of your people, or which people belong to which groups. Like with tags, all of that matching happens in real-time directly on your computer. Groups exist locally, in your account, as an organizational tool only. The server knows nothing of them.

The change - We must first and foremost make the server aware of the groups you have created, and which people are assigned to them. This will reveal something about your organizational structure to Passpack, but will not compromise the privacy of your passwords.

More Flexibility in Entries

There are a bunch of suggestions in the forum which revolve around the concept of making entries more flexible. Things like customizing entries or storing things other than passwords would work perfectly fine with the system as-is. However some things, like setting reminders and tracking usage are inherently non anonymous, thus in conflict with the existing architecture.

Current state - The name, user id, password, notes, link and email of each and every entry are all HPH encrypted, in a single monoblock. If the entry is shared, Passpack knows the sharing nickname of all the folks involved, but that’s about it.

Also, the activity logs you see in your home page are not persistent. In other words, we can’t actually keep a running log.  Similar to the current approach with tags and groups, the changes in your account are deconstructed by the interface and  shown on screen as a notification on-the-fly. Once you log out, and log back in, that information is gone.

The change - We essentially want to split up the data between “needs to be encrypted” (password and notes) and “doesn’t need to be encrypted” (link and entry name).  While we could make some enhancements to entries now, it would be largely more scalable once we make this split. Also some items, like notifications, simply can’t be fixed unless we make this change.

Bonus: Customer Support

We often have folks writing in saying things like “hey I need help with the 5 entries that I shared with the group ABC.” or “the 10 entries for my tag XYZ” or simply “my Amazon entry”.  Alas, as of now, none of that information can help us locate your encrypted entries in our database. Usually, a lot of back and forth with the customer ensues to try and figure out which entries are the problem ones. It’s frustrating, or sometimes impossible and we’re literally unable to help.

The History of Passpack’s Architecture

For those who don’t already know, Passpack is Host-Proof Hosting (HPH). That means that not only is all your data encrypted, but it’s encrypted on your computer, before being sent to Passpack’s server for storage. The key to decrypt and read that data is your Packing Key, which never gets sent to the server at all. The net result is that Passpack only stores pre-encrypted data to which it does not have the key (aka: we can’t read your stuff).

That’s not changing. We are, and will always be a HPH company (heck, we’re HPH pioneers!). What is changing though is which data HPH gets applied to it, and why.

Striving for both data privacy and anonymity required us to apply HPH encryption to as much account data as possible. We jumped through amazing hoops to avoid accidentally finding out who our users were, or anything about them for that matter. But even back then, we knew a line needed to be drawn between reality and theory. We just chose to draw it in a different place than where it needs to be now.

Anonymity was a big request from our early adopter. Many early architectural decisions were based on their desire to keep their identity and activity on the web completely hidden. This was much more important to than, say, ease of use or convenience.

That was many years ago. Since then, Passpack has evolved into a collaboration tool used mostly by work groups and businesses. The large majority of these folks have a much bigger need for easy, convenient solutions, than they do for anonymity.

So… time to make some changes.

Tell Us Your Opinion

Ok, so I’ve laid it all out for you, Now tell me what you’re thinking with this super quick survey below.

Have We Told You Lately That We Love You?

This morning, going through the replies to the mobile readiness survey I came across this very disheartening comment:

Did we forget something?
Your users who don’t use the mobile or desktop version…

Reading that felt like a punch in the gut. To the question “what’d we forget”, the answer was “your users” [cringe]. This a much bigger problem than the recent emphasis on mobile and Desktop development. It sparked me to do a little soul searching. I’d like to share some of that with you in this post.

The Fall From Grace

When we first started Passpack, we had your support, because we supported you. We chatted with you in email, over twitter, and here in the blog. We were Tara and Francescotwo founders against all odds, working from the living room and building an amazing product for you. It was awesome.

Then something changed. I think it all started with getting funded… the money, the budgets, the board members… it all distracted us. We made rookie mistakes: the blog became an oddball “industry news” thing and eventually just dwindled down to the occasional product announcement it is now; we recruited folks to help out with chatting with you out there in the wild, which backfired and came off as spammy; we hired so many new programmers that development came to a near-complete halt as we tried to train them.

We basically made every mistake in the book. We messed up.

The Incredible Come Back

In December 2008, barely a year after funding, and with a big recession looming, we were close to having burned through nearly all the cash we’d raised. So we did the first smart (though hard) thing in a while: we let the entire staff go.

Product development resumed, even though Francesco and I were frankly exhausted. We’d put ourselves, the company, and you folks through the ringer.

But we were also really determined to turn it around. And we did.

Some of our investors stepped up to the plate with follow-on cash. We wanted it to last as long as possible, so I stopped pulling a salary, Francesco slashed his, and Passpack moved back into the living room.

It worked. In May 2009 we released Passpack 7 with secure sharing. It was a triumph of blood, sweat and tears. And we did it on our own.

Today’s Reality Check

And we did it on our own.” That’s today’s reality check. It means we stopped paying enough attention to you: our users, our customers, our super-awesome beta testers and (sometimes even) our friends.

That’s bad news. As of today, I’m vowing to make it right.

The Naked Truth

Amazingly, Passpack is now in pretty good shape. Yes, we’re down to two full-timers, but we’re also nearing the much-sought-after break even point.

What does that mean for you?

For one, it means you guys are much faster at suggesting improvements, than we are rolling them out. We have to put new features in a very tight pipeline, doing just one thing at a time (the desktop/mobile juggle was an example of this). Sometimes it means we have to postpone really big projects until revenues grow further and we can invest in them properly (I believe in doing it right, or not doing it at all).

So are we as fast as lightening? No. But the good news is that we’re no longer distracted. We’ve learned our lessons. And we’re fully dedicated to you.

What Next?

I’ve been setting up some surveys here and there, and have been closely following progress on the suggestions forum. I’ve added a known issues page so you can keep track of what we’re up to as far as bug fixing. And while I’ve slowed down on Twitter personally, I’ve also set up a @passpackhelp account that you can ping for… you know… help.

But I want to do more. I’d like to talk to some of you, perhaps set up a call or grab a coffee. I’d like to hear what you have to say about Passpack – not just features, but what challenges you face with it, or how it’s succeeding in helping you.

Are you willing to chat with me? Get in touch.

And thank you. Really, really thank you.

Passpack & Carley Knobloch at BlogHer 2010

A bit of news while you’re waiting for the mobile release – Passpack will be sponsoring Carley Knobloch of Mothercraft fame at this year’s BlogHer event.

For those who didn’t catch it the first time, Carley did an awesome writeup on Passpack a few months back. SO awesome we jumped at the opportunity to have her represent us at BlogHer. Here’s just one of the videos she did up for the conference:

Check out the all three Passpack videos on Carley’s blog.

Carley is a life coach who helps frazzled families embrace technology and simplify life. So if you’re in NY this week, look up Carley at BlogHer – she’ll be the spunky girl geek defrazzling her fellow event-goers while demoing Passpack on her shiny new iPad.

… hey wouldn’t it be really cool if Passpack unveiled it’s mobile version at the show? Hmmm….

New Features From the Suggestions Box

While we work on the upcoming mobile release, I thought I’d reach out and ask for your thoughts on a few other ideas from the suggestions forum. Like ‘em? Vote ‘em!

Pre-populated Accounts

Having a hard time getting staff on-board? This idea is for creating shared accounts for them, from inside your paid administrators account. No more waiting for replies to invites.  Vote for it here.

(tip: Download the Getting Started Guide for Administrators PDF)

Suspicious Activity Alerts

Get an email or sms when someone logs in from outside a designated IP range. Vote for it here. If you like this, you might also like the Logs & Audit trail idea.

Password Reminders

Set an email alert when it’s time to change a password or for other “things to do regarding this entry”. What do you think? Let us know how you would use a feature like this.

Account Beneficiary

Delegate a person (or people) that can recovery your account in the event you get abducted by aliens. A fancy alternative to saving a print-out of your Passpack login. Vote for it here.

Passpack OpenID Provider

So you have some OpenID accounts, each with it’s own password, which are stored in your Passpack. Cool. If Passpack were an OpenID provider, would that save you some clicks? Vote for it here.


Now you folks go off and vote. It’s head’s down working on the mobile version for me. Coming soon to a smart phone near you.

Your Suggestions with Uservoice

We’ve switched the Passpack suggestions box to the Uservoice platform. Check it out, you can see the status of your suggestions, as well as converse with us about what’s going on.

You can access the forum directly by connecting to Uservoice. Or from the Suggestions & Feature Requests link in the Help Center, or from the Feedback tab on the main website.

Your Votes Are Counted

We surveyed all the suggestions you’ve made to date, across our various systems – suggestions box, help tickets, personal emails. The votes you’ve cast have all (hopefully) been migrated. No need to re-vote.

Guess What, We Do That Already

The main reason we opted to switch was so that we could actually reply to you about your ideas – especially when you suggest a feature that Passpack already has. Here’s a few ideas that we didn’t migrate over to the new system.

“It would be nice to be able to organize passwords in folders or something”“organize password in a multi-level folder tree” - “create password categories”

No folders, we have tags. We even have related tags for an easier drill down. You can view them as a cloud, or a list, or inline in your password table. This should cover all your folder and sub-folder needs. Le Roi est mort, vive le Roi!

“Allow import of tab-delimited text files”

You can use the CSV import option. On the second screen, change the Choose the field separator option from “comma” to “tab”. And you’re ready to go. We’ll change the term “CSV” to make that a clearer.

“On the startup options page, if I choose Password as my primary tab, please add a sub option: Show only Favorite entries. “

Um, that’s there.

“Create a user voice site for Passpack”


Have Mercy!

We take all your suggestions seriously into consideration. Serious consideration takes lots of time, and planning. We are a two person team and sometimes get bogged down. So bear with us: we’re listening, working and will keep truckin’.

Thanks everyone for all your support and suggestions! You folks are truly fantastic.

Coming Up Next at Passpack: Groups

I’ve been stingy with the blog posts as of late, so I wanted to drop in with some news on what we’ve been up to, and what’s coming up next – Groups & Localization!

For the past 5 months or so I’ve been traveling, while Francesco has been preparing some important Passpack changes. Let’s ignore the traveling since you can read all about that on my personal blog, and jump right into the exciting new stuff.


Just one small word, but chock full of Passpack power. The next update you’ll see to your account is the ability to share not just with single people, but with entire groups. This is incredibly useful for provisioning passwords, for example, to an entire department.

Right before the official release, we’ll stock up the Help Center with how-to articles for you. But here’s the gist:

  • Add a shared user to a group and their account gets populated with all the password entries that have been previously shared with that group.
  • All changes are automatically propagated across the group.
  • Remove someone from a group and all group-shared password entries will disappear from his/her account.

Localization Tool

For those of you wishing you had Passpack in your own language – your moment is coming.

Following the Groups release, we’ll be finishing off a few smaller features to round out the both the free and business packages. The next big thing you can expect though will be a localization tool. We build the tool, and you (the community) can translate until your hearts delight.

Until then, welcome me back, and get ready for 2-3 months of intensive development.

Tales From the Suggestions Box

As you all know, Passpack has a suggestions box (you do know that right?) where you can vote up the most requested features, or send us your own ideas.

Since you won’t get any reply when you leave a suggestion – write into the help center if you need a reply – but here are a few interesting things we caught in there that I wanted to respond to:

Please allow sharing of logins/passwords with multiple people for free.

We do that! The free account allows you to start active sharing with 1 person AND you can receive passive sharing from an unlimited number of people. Read this article for a how-to.

The mobile app (for the iPhone) should be free.

Hm, well, we don’t have the mobile interface rolled out yet – but it’ll be free.

When I register at a new site, I want save it to Passpack at the same time, rather than having to go back and retype all the info into an entry.

Yup. That’s coming in soon with Auto-login 2.0 (in private Beta testing now).

“Copy password to clipboard” button for logging in to sites without the standard auto login.

You can do that now from your password list, here’s how. Also, the Auto-login 2.0 will extend that feature greatly.

Also, don’t forget that we use the number of votes a feature request gets to help us prioritize the development schedule. Right now, the mobile versions and Desktop improvements are leading the pack – so use the checkboxes on to vote for your favorites.

Wrapping Up the SF/Boston Tour

Wow, what a couple of weeks have gone by. I’ve traveled the US coast-to-coast in a series of very interesting meetings, while back at HQ the testers have been doing a fabulous job on Passpack 7.

And we were chosen as a Red Herring 100 Europe finalist.

US Tour

From Boston to San Francisco, it’s been a whirlwind tour pitching, demoing and meeting great people. I actually lost my voice!

mindthebridgeThe event that spurred all this on was Passpack having been chosen as a finalist to pitch at Mind the Bridge. Special thanks out to Marco Marinucci, Elisabetta Ghisini, Matteo D’Aste and Fabrizio Capobianco — great people, doing wonderful things for the Italian business community. Also congrats to fellow startup Zooppa for taking home the grand prize!

Still a meeting or two to go, then I’m back to HQ to get Passpack 7 wrapped up.

Passpack 7 Testing

We’ve been incorporating feedback from the testers  little by little and are finally beginning to see the light at the end of the tunnel. I can’t thank these guys enough – really an active, constructive crowd.

What’s left to do? A few more usability items that have been waiting for attention (yes, I’m personally the bottleneck on this one) need to be taken care of. Then updating the help materials and… launch!

Hold onto your seats.

3 Ways We're Riding Out the Recession

A recession is the best due diligence. The good investments are the companies still standing once its over.
(overheard at ETRE – more insights here)

Some of you have asked me on twitter and facebook how things are going at Passpack. I know, the underlying question there is really “Will you guys still be standing?”

The short answer is: Yes.

How We’re Riding Out the Recession

1. We Sell

The Pro account release added a revenue stream to help support the company beyond our funding. Break even wasn’t planned for at least another year, but we’re quite happy to be spot on the forecasted free/paid ratio.

We’re also bumping up the release of a Black Box appliance for small enterprises originally planned for much later in 2009. This is still under construction, but go ahead and ask me for more details if you’re interested in beta testing or a taking part in case study.

2. We’ve Cut Spending

Back in late December, we made some tough choices, moving our staff from full-time permanent positions, to on-call and consulting work. Only recently has our new formation stabilized: Francesco full-time on the product, Dani part-time on customer support, Olga part-time for the administrative tasks, Louise chipping in on the blog and me straddling the fence between product development and general administration.

I’ll be pruning the company page over the next couple of days to reflect this.

3. We’re Aiming for Slow & Steady

Rather than pouring resources into trying to get “magic traffic spikes”, we’re focusing inward on the product instead. It’s the better investment.

Right now we’re working on improving the experience for new users just getting started, and on completing those key developments we’ve already got underway. Are we going as fast as we originally wanted to? No (especially given #2). But slow and steady, we’ll win the race.

Coming Soon: New Blog. Your Thoughts?

We use this blog for announcements, help articles, some news-ish posts, posts on password basics and even a few things which probably would have been best left unsaid.

In other words… it’s a mess [smile].

So we’ve built a new blog! (sneak peek here).

And I’m cleaning things up during the move. Here’s the idea:

  • No more support articles. Those go in the knowledge base.
  • The basics, and intro to password articles go in the library (also new) so that (1) we can modify them at will without stomping on basic  blog etiquette and (2) your RSS doesn’t get smothered as we publish more.
  • News-ish post. Basically This Week in Privacy and the occasional comment. Strong personal opinions in the personal blogs only. Mine’s here (I rarely post).

What To Do with the Old Blog?

I LOVE throwing things out. So I’m trying very hard to avoid mass historical revisionism.

The posts on will remain as-is, with commenting closed. But I’m concerned about folks who stumble across old help articles, and get outdated information.

There is, I admit, one temptation I couldn’t resist.  I changed every PassPack to Passpack on the new blog (the fact that it remains unchanged on the old blog irks me… but I’m resisting further temptation).

Can You Help Me Out?

First, what do you think of that shiny new blog ? (I’m still working on it, so comments, pinging etc. are closed for the moment)

And can I (pretty please) replace the help articles here with a simple link to the Help Center?

Anything other ideas for building a better blog?