Welcome! I am Jason Nguyen, a graduate student in ethnomusicology at Indiana University, Bloomington, and this blog is where I make observations about music, culture, and academic life.

Clipperz and Other Password Management Options

Clipperz LogoIf you’ve kept up with web news, then you might have heard about the hack of the Gawker website, which exposed a ton of user’s password information to unsavory elements.  Such an isolated incident wouldn’t be a big deal–except people tend to use the same password everywhere.  We’ve all done it.  You might be using the same password for your sensitive email as your Facebook.  It’s convenient, and with so many web services and applications to work with, it is impractical to have a unique one for each site.  On top of that, those folks working on corporate or otherwise sensitive sites might be used to changing your password every month or so.  How to be secure while not creating a hassle?

Clipperz seems to be a pretty good answer for me, and I’ve just spent a few hours today transferring to it from my previous strategy (a combination of the SuperGenPass bookmarklet and a great piece of software called KeePass).  A quick word about those two before I move on (feel free to skip on to the main event though):

  • SuperGenPass: is a bookmarklet that generates a unique password with a basic algorithm: master password + domain name –> generated password.  Example: I go to gmail.com, type my username and a master password, click the SuperGenPass bookmarklet and it replaces the master password with the generated password.  Cool.  The problem is that my employer asks me to periodically change my password, and SuperGenPass has no way to manage that.  I could continuously think of new master passwords, but that defeats the purpose.
  • KeePass: A program that you install that basically holds all your passwords, encrypted by a single master password.  There are some automation options in terms of browser auto-fills and whatnot, but the main weakness is that the database/program is either local or has to be carried around on a USB stick or something.  I used it happily for years and it served me well, but it’s kinda clunky.

So enter Clipperz.  It uses a pretty unique method of storing information that uses Javascript to the max.  You see, they never transmit an unencrypted version of your passwords.  Instead, they encrypt using a master password, then they store THAT. Decryption happens totally on YOUR side, maintaining security.  (I’m totally having to stop myself from getting dorkier).

Clipperz Screen Shot

Click for full-sized screenshot

On top of that, the program has an awesome way of creating one-click links that allow you to automatically log into a site by clicking on a link within Clipperz.  Also, because you don’t have to remember them, you can also make it auto-generate obscene passwords using numbers and symbols, making dictionary attacks difficult.

In short, it’s an online service, but helps ease my mind on the fact that it’s an online service by doing all of the heavy cryptography on the client side.  All it does on the server side is store a bunch of encrypted data that can only be touched by somebody who knows both the username and master password (which needs to be strong, but that goes without saying).  It also lets you download a read-only version of your password library for local use in case their site ever went down or something.  Finally, there are extensions that integrate it with most major browsers.  So again, check it out:


8 comments to Clipperz and Other Password Management Options

  • Awesome post Vu. You are welcome to guest post at my blog anytime. We expect links to your blog in the byline if you want some traffic.


  • Hey Clif!

    I appreciate that. I might take you up on the offer. There are some techie things I’ve been wanting to share that are just a tad too much for this blog, but would be great on Techie Buzz.

    Thanks for reading!

  • Download Music Free: http://www.oron.se
    Psychedelic Punk Rap Reggae Rock Rock And Roll
    Soul Soundtrack Techno Thrash Metal Top 40
    Trip-Hop Vocal folk Folk-Rock Folklore Freestyle

  • i understand that hevower they are $60 each and you have 1 subscriber where as the people that review my products have over 30,000 with over 9,000,000 views and that gets return on investment. i get asked for 20 of these a day and i cant afford that. thanks

    • Btw, I just realized I forgot to mention that MariaDB does contribute security fixes to Oracle (and Percona) as a matter of policy. An example was the recent “login as any user without password” vulnerability, which they also found themselves and disclosed with &#bn;02respo2si8le disclosure” approach.

  • I neeԀed tο tɦank ʏоu fߋr t&#1211&#1211іѕ fɑntʏaѕtіϲ r&#6513ɑԁ!!
    I ɑЬѕоlսtelʏ еnj&#1086у&#6513&#8574 &#6513νегʏ
    &#8572ittе Ƅіt
    &#11423f it. Ӏ’νе gߋt yо&#6489 Ƅоoҝmагк&#6513d tօ сҺecқ οut ne&#7457 tɦіngs үߋս роѕt…

  • I don’t know who you wrote this for but you helped a brother out.

  • Question: do Coca Cola bottlers also spend on advertising? That would push the total Coke marketing budget higher.Observation: Samsung's trailing 12m marketing budget (not just advertising) is $9.5bn. Q2 2012 budget was $2.75bn – larger than handset revenue at LG, Moto, RIM or SOny.

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>