All posts in “Did You Know?”

About Automatic Entry Recovery

Passpack keeps backup copies of the last successful saves for each and every entry in your account. This ensures that should an entry ever get corrupted, the system will ask you if you’d like to recover the last useful backup.

A glitch in the Internet connection during saving seems to be the only cause identified so far that will cause a corrupted entry alert.

In most cases, this automatic recovery works just fine. At worst you may loose the most recent change you were making to the entry. However, should this automatic restore fail, Passpack will alert you immediately. In the event you get one of these failed recovery alerts you should contact us. We’ll work with you to try and restore the corrupted entry manually.

Tighter Controls & False Positives

We’ve only had a couple reported cases of a failed recovery alert rearing it’s ugly head so far (one of which was a false positive) – but hey… once is enough, so we’re taking care of it.

Over the course of next week, we’ll be rolling out an improvement on the saving procedure to further counteract connection hiccups. Should you get a failed recovery alert, please don’t panic. We have tightened the controls, so there’s a chance there may be some false positives. Just contact customer support and we’ll double check for you.

Scope & Performance

For those who are interested, this is a SHA-1 checksum for server control that data arrives uncorrupted to the server. This SHA-1 checksum is applied to all data. This is not a new control, rather an extension in scope. Previously we were only checking a few key types of data (ex. tags, entries) during saving, while now this has been extended to every single bit getting sent back to the server for saving.

This may make thing run a little slower when saving large amounts of data, though we don’t expect overall performance to be impacted. If you do have a noticeable change in performance, please do the following:

  1. Connect to this website.
  2. Email results to us (PDF, save as HTML, copy/paste or screenshots).
  3. Don’t forget to include a note explaining the issues you are having.

Thank You!

Thanks to the folks who contacted support and worked with us to pinpoint the problems and get them fixed (you know you you are – thank you!).

Shared Host-Proof Hosting

In order to understand how shared host-proof hosting works, we need a quick overview of host-proof hosting – what it is and why it has gained such standing in online privacy matters.

The Need For Privacy Online

Whenever you send anything over the internet, your data is exposed. The sites you visit, emails you send, videos you watch all become part of the vast web. Your info travels across many networks until it finally reaches its destination but how safe is it really when via transit and when it reaches its recipient?

Rule of thumb – information that you send in a standard email is just like writing info on a postcard. It can be seen by anyone with the right tools and the wrong intentions.

The Need For Host-Proof Hosting

Some things can be written on a postcard:

  • appointment reminders
  • birthday wishes/friendly letters
  • casual documents

Some things can’t be written on a postcard:

  • confidential information
  • PIN numbers
  • passwords

This is where host-proof hosting comes in. Host-proof hosting is a security pattern which allows you to encrpyt your data before it even leaves your browser. Client-side encryption ensures 100% data privacy so sensitive info like your passwords, can have a safe trip across the web and remain just as safe on the server.

For more info on host-proof hosting, take a quick look at this post.

Sharing Privacy

It wouldn’t make much sense to have a web based on host-proof hosting or encryption, especially in a social web. Online identities are created by what we post to the net. There are certain things we want to share. There are certain things we want to keep private. And there are certain things that we want to share AND keep private.

Here’s where privacy and sharing become important

  • you and your colleague(s) need to access the same merchant accounts
  • you and your spouse both access online accounts for the ‘household’
  • you manage several different clients and you need to share certain web accounts

What do all of these scenarios have in common? Each one of them sees the need to share sensitive info in a secure way. How do you do that on the web without just sending a password or access code via email or skype?

Ideally you would find a way to send delicate info to one other person so that only you two can read it and no one else. How would that work?

Shared Host-Proof Hosting

Shared Host-Proof Hosting is the basis for Passpack Secure Messaging and Passpack Sending Password Entries where you can send passwords, password entries, notes and more in complete confidentiality. This means that only sender and recipient can read what is sent.

Shared Host-Proof Hosting is a security pattern based on Host-proof Hosting which uses both 1024 bit RSA public and private keys as well as AES 192bit encryption and it works more or less like this:

Jane wants to send Jack a message. First she needs to generate her set of RSA public and private keys and so does Jack. This may sound difficult but not to worry, it is all done automatically
just by pressing a button. Ah, the wonders of modern technology! She and he do this one time only and these keys are how sharing is made possible.

Then Jane needs to invite Jack to her Ring of Trust, a series of trusted contacts that Jane has chosen. Jane sends Jack the AES 192bit key they will use to exchange messages from that point on. She does this by using Jack’s RSA public key.

Once Jack receives this, he decrypts it using his RSA private key. Then both Jane and Jack have the same AES key to forever exchange messages. This means that all encryption is done on the client-side, as well as all decryption.

All of this generating, encrypting and decrypting happens ‘behind the scenes’ so don’t worry, neither Jane, Jack or you need a degree in cryptology in order to feel safe online : )

Say That Again?

In simple terms, if Jane wants to send something to Jack and doesn’t want anyone to read it in transit, or when it is on the server she sends the info encrypted.

Jack needs to decrypt the info Jane sends and vice versa in a way that only he can read it and no one else. So when they first decide to “be friends” and enter into each other’s Ring of Trust, they have personalized “keys” created which they will later use to decipher what the coded/encrypted/private message is they are receiving.

And from then on they are able to easily exchange sensitive info at liberty without worrying about who else can see it.

Now keep your friends close and your passwords closer. And start sharing the right info with the right people.

Common Problems and Their Solutions

In Passpack support we sometimes get the same question over and over, so I figured I’d write a post about some known common issues.

But I AM Logged In!

Do you ever get this error message when you try to Autologin to a website?

“To use the Passpack It! button, you must connect to this website through your Passpack Password Manager”

Usually that problem presents itself when the browser does not accept third party cookies. Passpack can only work if your browser accepts cookies. To make sure the browser accepts them, you can follow these simple steps:

Follow these steps for Internet Explorer:

1. Select Tools from the browser bar menu
2. Click on Internet Options
3. Click on the Privacy Tab
4. Click on Advanced Options
5. Select both “Allow cookies from sites” and “Allow third party cookies”
6. Press OK

Follow these steps for Firefox:

1. Select Edit from the browser bar menu
2. Click on Preferences
3. Select the Privacy Tab
4. Select both “Accept cookies from sites” and “Accept third party cookies”
5. Press OK

In Firefox 3, you also have to put “” in the list of allowed exceptions. You can choose to do this directly, without allowing cookies from all sites and it should work the same.

That should solve the issue once and for all.

Flashing Javascript Message

On the Passpack login page, does an error about Javascript flash for a second on the page, then the login fields show up?

That is OK, it could just depend on a slow connection or PC. As long as the login fields show up then everything is fine, it just takes a second or two more for them to appear.

If the error stays and does not disappear, then you will have to activate Javascript in that browser.

Follow these steps in your IE6 browser:

1. Select Tools from the browser menu bar
2. Click Internet Options
3. Click the Security tab.
4. Click Custom and Settings
5. Scroll down to “Active Scripting” and click on enable.
6. Click OK etc.

Follow these steps in Internet Explorer 7:

1. Select Tools from the browser menu bar
2. Click Internet Options
3. Click the Advanced tab.
4. Scroll down to “Java (Sun)” and select the corresponding box.
6. Click OK.

Follow these steps in Firefox:

1. Select Edit from the browser menu bar
2. Click on Options
3. Click on the Content tab
4. Select the “Activate Javascript” box.
5. Click OK.

(I’m not sure about this but you might want to restart your browser to make sure the changes take effect)

Internet Explorer 6 (Sigh)

Even after turning on Javascript, does the login page show a white box under the black bar?

Unfortunately this is an issue that we still haven’t been able to duplicate, and have no way of fixing at the moment. The best thing to do is to update browser, or switch to our beloved Firefox (hehe).

Firefox 1.5 (Goodbye)

I said “beloved Firefox,” and yet we had to leave behind the good old 1.5. In fact autologin no longer runs on Firefox 1.5…sorry.

Firefox 3 (and Firebug)

The new baby in the Mozilla family has a few issues we need to work through, one of which I addressed earlier – having to set “” in the list of trusted sites from which to accept cookies in order for Autologin to work. Another little problem is that Passpack will run slowly in Firefox 3 when the extension “Firebug” is installed and running. This is nothing major, Passpack still works properly and no errors occur, it just works a little slower than normal.

Got a problem I didn’t cover? Contact me over at

3 Creative Ways To Use Passpack Desktop

If you’ve downloaded Passpack Desktop and like it, we’re glad to hear that. If you haven’t, here are a few tips and tricks on how to make your Passpack Desktop more than just a password manager.

1. Back Up And Read

Passpack has always let you make backup of your passwords. Just go to Tools > Backup Your Account, continue the process and you have an encrypted backup of your

But what do you do with backups?

Most people have them set aside (as backups) in case they ever need to restore their Passpack Account. But there is one other option…

What if you don’t necessarily want to restore your account but just take a peak into the past at one or two old passwords?

Since you can create as many Passpack Desktop accounts as you like, go ahead and set up separate one, choosing another User ID and Packing Key — et voilà — you have just created yourself a backup reader.

2. Its Freedom Is Limitless

Let’s say you have 108 passwords in your online account (as opposed to the 100 password limit) – Passpack Desktop has more than enough space for those extra 8 passwords! Now you could just create another online account, but who wants to remember two Packing Keys? In Passpack Desktop, space is limitless.

Of course we wouldn’t mind if you went Premium once we introduce paid upgrades, but if you have under 100 passwords and aren’t looking for fancy features, Passpack Desktop may be the right fit for you.

3. Share And Share Alike

As personal as passwords are, some of them (sometimes) are shared. You may find yourself working with others on a project which requires the joint use of accounts. Your spouse/children/family and yourself very likely have web accounts in common in which you share the same password. It can be unavoidable but it doesn’t have to be unmanageable.

We realize that sharing is important and it is something we are working on but for now, here’s a neat trick that can help:

First, set up an account at and share it amongst yourselves. Add ONLY the necessary shared passwords/info.

Then, each person downloads a copy of Passpack Desktop and can sync all the online passwords/info to the desktop application itself.

So how is this different from just sharing the online account?

When you need to add or make chages to the shared online account, each Desktop can sync from web to client with just a click. Since Passpack Desktop is well…on your desktop, whatever else you add to your account is yours and yours alone.

So make some space on your desktop, because there’s a new software in town and it’s just waiting to be installed. Feel free to let us know of any other Passpack Desktop tips or tricks of your own.