For many people, creating and remembering passwords is a vexing part of online life.
Meanwhile, as recent attacks against Facebook, Twitter, Gmail, LinkedIn, and Evernote demonstrate, hackers can break into almost any site and steal your personal account information – unless you have it protected with a highly secure password.
But research indicates that more than 90 percent of user-generated passwords are not strong at all and therefore are vulnerable to hacking.
“Lots of people use the same the user name and password over and over, with just 6-8 characters, and hackers can decrypt it in minutes,” says Dan Robichaud, the CEO of PasswordBox.
His service, which launches publicly today, is the first social password manager that helps people securely store, retrieve and even share their passwords on any device.
You can store up to 25 passwords free with the service (the premium upgrade costs $1/month); it also will automatically generate very strong passwords for you when you join new sites, or when you want to upgrade your current passwords.
The standard it adheres to is NSA-level encryption, known as AES 256 bit. “We generate a 26-character password that is unique to each site,” says Robichaud, which would take centuries for hackers to decrypt.
When you input your passwords into PasswordBox, all the encryption is done client-side on your computer and/or device. Therefore, if PasswordBox were to ever face a breach, your information would not be available to hackers due to the client-side, secure encryption.
Here is how it works. You download the app and then log into PasswordBox, in the process creating the one password you are going to have to remember going forward. (More on that in a minute.)
If you wish, you can establish your start page through the service; it will adjust to your browsing habits, adding all of your bookmarked and favorite sites.
A feature beta testers especially liked is one-click log-in to all their sites stored in PasswordBox.
For shared accounts, such as at Netflix, you can use the encrypted social account sharing feature to send passwords to family and friends.
There is also a “legacy vault” feature, which protects your digital assets. Those assets, such as photos, records, email, etc., can be bequeathed to your designated person when you pass on.
“You enter their email address and they will get a link to share the content,” says Robichaud. “Once we get and validate the death certificate, we can give them access.”
Now, about that one last password you need to remember – your password to PasswordBox – if you lose or forget that one, you are screwed. (Presumably your designated person will need to know it as well.)
That’s because, Robichaud says, “We do not have the key to decrypt your data. Even if we get a subpoena, all we can share is encrypted content. We cannot decrypt–we do not have your master password. Only you do.”
This may appeal to people who don’t want the NSA or anyone else snooping on their online activities.
The company of 23, about two-thirds of whom are engineers, has been based in Montreal and is opening its San Francisco office at the end of June. The service is available on the web and mobile, both iOS and android.