So while the fallout from the last time I came across this company clears up, I decided to find out exactly how they do what they do. At the time of this writing, PassPack is at Beta5.39.5.
First and foremost… My old nemesis, multiple stylesheets for multiple browsers.
Whenever I see :
<!--[if gte IE 7]>
That’s usually the sign of a poor UI implementation. That means they are jumping through hoops when they really shouldn’t. That excerpt above means that they have a separate stylesheet for Internet Explorer 7. There’s one more for IE6, and it appears they have been through several versions of each stylesheet. It also appears that they’ve been experimenting with stylesheets specifically for the iPhone as well.
I know there’s no “standard” when it comes to the CSS implementation (especially CSS2), but in the year 2008, can we start “attempting” to use cross-browser CSS please? But hey, it’s a beta, so let’s move on.
You will be reminded to enter in an email, I strongly suggest you do use it. Just in case you forget your password… for the password reminder *cough*.
There’s an option for Auto-Login, and I suggest you not use it. As far as I can see, this defeats the whole purpose of security. Call me paranoid, but I never enable auto-logins in anything I use. Call it an old habit as an admin, but I think it makes sense.
The system will automatically log you out when inactive. You can change this setting by going into Account > Options. I suggest you not increase this setting. It defaults at 5 minutes, and in fact, you may want to reduce that to 2. Quickly finish up any entry you are making as the system cannot lockup while you are making an entry. Do not walk away from your computer while you are entering in anything because of this.
Get into this habit : Login, do your thing, logout. You might think it’s a pain to re-enter your info, but don’t worry about having to log in again. It’s much worse if you left it unattended for some stranger screw up your passwords.
The Password display shows if you have set any of the additional options for each password entry… That is an actual Password, a UserID, a Link to whatever login page you will need the password for as well as any Tags. I’m not sure if the Tags make any sense if you are descriptive in the Title.
Do use the disposable logins if you plan to take a trip. It allows you to create a one-time use login for when you are away from your home computer. It’s a good idea if you are using a system in a CyberCafe or hotel.
The scripts are designed to ensure that you are not being tricked into entering data while browsing another page. I.E. Phishing attempts. Also a lot of password encoding, special character recognition, strength metering, query sanitizing etc… takes place client-side. Some of the scripts appear to be written by Francesco Sullo, also the author of aSSL.
It’s too bad their employees couldn’t learn any lessons from this guy, because he apparently knows how to
spam “Evangelize” properly… That’s what I call helpful spam. Now if only he would stop giving 5 stars to his own product on Download.com.
In addition to this, PassPack does use some publicly available code. The system makes heavy use of the jQuery script library to do AJAX calls and perform other UI functions. jQuery alone has a number of browsers that it is compatible with, and a few others that it isn’t.
Any attempt to use them or other incompatible browser, and you will be greeted with the following message :
Sorry. The version beta5 of PassPack has not been full tested with this browser version.
As far as betas go, it’s pretty decent. I would like to see more UI refinement and for God’s sake, get rid of the multiple stylesheets.
I think I will be keeping my account and I look forward to the next iteration. Hopefully they will continue to perform as advertised.
What exactly is PassPack? It’s a bookmarker on steroids. Except, substitute “Title” with “Location” and “URL” with “Password”. For what it is, it gets the job done.
It’s not accessible. The UI could use a bit more streamlining as I can see how novice users can get a bit tangled up during the registration process. They need to make it clearer ahead of time that there are three crucial bits of information required from the user during the registration :
Your Password (Moderately complex)
Your PackingKey (Very complex)
The Password allows you to login to the system. The PackingKey unlocks all your entries.
They haven’t restricted access to the stylesheets and script libraries. Which means a compromised browser may be tapped by an unscrupulous individual and trick the user into entering in his/her info. I should not be able download any of the script files or CSS by plugging the URL into my browser. This is kind of important.
It would be nice if they can accommodate users with special needs.
What’s inherent to this system, and indeed endemic to all web-based solutions, it’s web-based. As in you need to have Internet access to retrieve your passwords.
Now if only they will fix their ridiculous marketing campaign, things would be dandy.