We have been using PasswordBox for about two months. It works great and is a great free (for now) alternative to RoboForm or LastPass. Unfortunately, thanks to my not double-checking, PasswordBox has become “invitation only” with a waiting list. Darcy lashed me many times for not double-checking before I wrote it up.
So because I’m trying to make amends for my misdeeds, I’ve found another great password manager called Passter. Despite it’s religious sounding name, Passter Darcy, it’s a great password manager — and the fastest one I’ve ever seen.
Passter is a browser extension so there’s nothing to download. Setup is fast and easy. I chose to allow Passter to generate and remember a security key (master password) for me — since I’m the only one using my computer. If I were going to be allowing others to use my computer, I would have made up my own security key. I probably should have, but I was lazy and hurrying to turn the agony of defeat (PasswordBox) into the thrill of victory. You should make up your own master password/security key. If you have no clue what I’m talking about — you will if you install Passter as an extension in your favorite browser and set it up.
I’ve been using it since I was beaten and lashed by Darcy over the PasswordBox flap. I had to move quickly to save my sagging reputation. I think I’ve outdone myself! I think Passter is better than PasswordBox — and faster too. Plus it comes with a full retinue of features including a strong password generator. Passter also allows you to store your encrypted passwords on your own computer or device.
Passter has a lot of features, so rather than listing them all, we’re going to show you all its features in one tidy screen shot:
Passter works in Internet Explorer (IE8/IE9/IE10) and in current versions of Firefox and Chrome. It also works on most tablets and smartphones. Best of all it grabs your passwords and user names as you enter them on the sites that requires them — and it remembers them the next time you visit those sites. Of course, you can choose to add them manually as well – or import them. And this time folks, I did try it TODAY. I tried it on all three browsers — and no kidding — no waiting list, no giving up your email address, no invitation only…
Now some words from Passter:
Is Passter safe to use?
Passter is probably the safest password manager around. Running inside the browser (in case of Passter Extension even without any server side code) means your passwords are not traveling to different operation system processes and/or to network locations. Also modern browsers are capable of displaying the source code that they execute.
Important aspect is that your privacy is fully kept since you are not required to open any Passter account or fill in forms. Your identity is always anonymous even when using the online password repository of Google Docs.
Password Policy is also a feature which capable of reducing many potential risks to your passwords, identity and even your money (in case you using PayPal account).
Where are my passwords stored?
You have two options for password repositories. The first one is to store the passwords inside your browser, which is the safest, but have a disadvantage that you can only access them in the same browser at the same computer or device.
The more convenient way is to store the passwords in your Google Account. This means that you can synchronize your passwords between different browsers and platforms (laptops, desktops, mobile devices, etc). The passwords are stored in your Google Docs (every Gmail user has one already), and can be accessed only by you using native Google tools.
Are they encrypted?
Yes, all the passwords, credit cards, secrets and other information is encrypted using AES and stored in the browser. Plain text information is not stored (or sent, in case of Google Docs repository).
Do I need to give Passter my Google credentials?
No. Passter uses Google OAuth protocol which authenticates the user on their servers and in exchange Google give (sic) an authorization token for Passter without any identity of the user behind it.
Which servers does Passter use?
Passter Web App is hosted on Google App Engine, while Passter Extension is hosted inside the browser (like any desktop application). If you use the Google repository for storing passwords, then Google Docs server are also been accessed using SSL protocol.
Is there a master key?
Yes. Passter always encrypts your passwords (client side inside the browser). In case of automatic encryption key, Passter will generate a strong 24bit key which will be replaced weekly. This is a good solution if you are the only user in the computer.
The manual encryption key is managed by you, and should be carefully handled and replaced. It is mandatory in shared or public environments or when using Google Docs repository.
What happens if I lose my master key? can I retrieve my passwords?
No. Losing your master key means losing your passwords. No option to retrieve here, but to ‘Eject’ in the Web App, or reinstall Passter Extension with a blank passwords sheet. Remember that you have the option of backups and restores, but you still need to remember the master encryption key.
Where is the master key stored?
In case of automatic key it will be stored encrypted inside the browser. In case of manual key it should be always stored in your memory. There is an option to store the manual key inside the browser but it is only recommended in private environments (like iPhone or personal desktop).
What is the ‘Disable’ option?
Disabling Passter revokes your master key from the browser (and also, if set in password policy, the Google authorization token). This allows you to leave your passwords encrypted and useless in the browser until you re-enter your master key. Passter can be disabled using password policy. For example disabling it after 3 minutes of idle time, or when the browser closes.
What is the ‘Eject’ button?
Eject means that you delete all of the passwords and information from the specific browser. It is similar to the uninstallation operation of the Passter Extension or any other desktop application. Unlike disabling Passter which means that you will come back, ejecting is useful when you have no intention to reuse the specific browser…”
So if you’re looking for a great password manager and you’re not fond of RoboForm or LastPass for some reason, Passter might be just what you’ve been looking for.
Passter is freeware. For more information or to get the extension for your browser visit http://www.passter.com/ . Enjoy!
Will my passwords be transferred automatically?
No, but every site you log into the password will be gathered by Passter and it will ask if you want to save the login for that site. If you say “yes” eventually all will be transferred. It’s very simple.
Hi TC & EB,
I must be mighty dense! Is Last Pass now fading into the past, in favor of your new PASSTER?? Is one actually “safer” than the other??
By now you both know how much I value your knowledge and appreciate all the information you provide! Thanks so much for clearing this up for me.
What is wrong with Last Pass? I have been using Last Pass for a couple of years and have found no problems with it except that I can’t figure out how the Android mobile version works.
Posted too soon.
Also, I have not had a chance to look at it, have you checked out password safe from Sourceforge?
PasswordSafe isn’t the same as LastPass, Roboform, Passter or PasswordBox — it’s a program that generates strong passwords and stores them securely — it does not have an auto-fill function which makes LastPass et. al. convenient and easy-to-use. PasswordSafe is better than keeping your passwords on scraps of paper but the lack of an auto-formfill feature means it’s lacking a major convenience for the user.
There is absolutely nothing wrong with LastPass — and here’s a quote from the article on which you’re commenting…”So if you’re looking for a great password manager and you’re not fond of RoboForm or LastPass for some reason…” I don’t think we ever said anything was wrong with LastPass… Passter is just another good option for those who don’t like LastPass or RoboForm. The important point is — everyone needs a password manager of some kind in the age of the cloud. Simple 12345 passwords are going to get a lot of people in a lot of trouble in the coming years. Password managers — regardless of brand — make it easy to generate and recall strong 12 to 14 character passwords which are required to keep your accounts safe.
I have been using Roboform for years. Is it a problem that I am required to set up an account with them, unlike Passter? I have not liked the latest upgrade from RoboForm but am getting used to it and I can’t get RoboForm Everywhere to work on my Andoid cell phone but I have a ton of passwords stored in it. Is Roboform no longer safe to use? I began using it because of your recommendation years ago! Love you, EB and TC!!
Does it offer two-factor authentication where I have to telesign into my account?
No. And not ever login offers a two stage sign-in. However you can make LassPass or the others always a two-stage sign in by setting it to require your master password every time.