Clipperz is a free online password manager. If the last three words of the preceding sentence give you pause, they should. The idea of trusting one website with your login information for all the other sites you use seems naïve at best.
But Clipperz has a clever approach to privacy. Using a combination of anonymous user accounts and in-browser encryption, Clipperz has come up with what it calls a “zero knowledge” Web application. When setting up a user account, you need only create a user name and password, no personally identifiable information is part of your account. Your browser encrypts the passwords and other information stored in Clipperz. Sensitive data isn’t sent in the clear and the server that stores it can’t decrypt it. The net result is that Clipperz has zero knowledge of your identity or data. If, after all that, you’re still skeptical, the source code is available so skilled administrators can host their own Clipperz servers.
Getting started requires a visit to https://www.clipperz.com. When you create your account, you enter your desired user name and passphrase. Make sure you remember that passphrase, too, because it cannot be recovered.
Now you’re ready to create cards. Click the “Add new card” button and you’ll have a choice of six card templates: Web password, bank account, credit card, address book entry, custom card, and direct login. The first four have fields appropriate to the data you need to store. For example, the credit card template is preconfigured with slots for the card type, owner’s name, account number, expiration date, and security code. Custom cards have three untitled fields to start with. You can add and rename fields to suit your needs. Having filled in data and saved it, your card’s name will appear on the left side of Clipperz main content area.
The last card variety is for a feature call direct login. For sites that require a user name and password, Clipperz direct login seeks to provide single-click access. Setting up a direct login card requires adding a special Clipperz bookmarklet to your browser’s bookmarks. You then visit the login page of the site and select the bookmarklet. A small window pops up with a snippet of code to copy. The last step is to open your Clipperz account and create a new card choosing the direct login option. Paste in the copied code, save the card, and the link appears under the Direct Login heading. That’s the principle, anyway—in my testing, it worked with about half the sites I tried. One of the shortcomings of the direct login concept is that it can’t connect to sites that use Flash or Java for authentication. Even some sites that apparently use standard HTML forms are incompatible. Still, when it works, direct login is a very compelling feature.
One of the primary attractions of a web-based password manager is that you have access to your private data from any computer any place. But using an unknown computer is a risk in itself. If wandering eyes or a key logger manage to get ahold of your Clipperz login, all your information is compromised. To safeguard your security in such a setting, Clipperz offers single use passphrases. You must generate single use passphrases in advance, but using one on a keylogged computer is harmless as it can never be used a second time. The only trade-off with single use passphrases is they’re too long and random to commit to memory, so you must record them somewhere and keep them physically secure. Obtaining the written codes with knowledge of the associated user name defeats the feature.
Clipperz is compatible with Chrome, Opera, and Safari, but is optimized for Firefox. A compact version of the site is designed to load in Firefox’s sidebar. Links clicked in the sidebar load in the main pane to the right. While this is handy for opening direct login links, I found it easier to use all the other functions without the sidebar.
A password generator feature handily creates long, secure passwords. You can specify whatever combination of upper case, lower case, numbers and symbols to be used. All the passwords it creates are 19 characters long but you can edit them to be whatever length you wish. As you modify a password, a visual indicator offers Clipperz’ opinion on just how secure the password is. While it works just fine, Apple’s password generator (accessible through either the Users & Groups system preference pane, or in the Keychain Access program in your Utilities folder) can generate memorable passwords that are nearly as secure.
Committing information to any website means risking lost access. If the site goes down or you find yourself without Internet access, all that data is useless to you. Clipperz recognizes that inherent problem and offers a few ways to cope. The most useful and innovative of these is the offline copy. When you request an offline copy, Clipperz creates a little self-contained version of the website with all your cards embedded within. You log in just as you would with the regular site and have access to all your cards. Because the contents of your cards are encrypted, an unauthorized user cracking into your offline copy file will see only gibberish. Clipperz also offers a printer-friendly view of your data so you can have a paper copy to lock away in a safe.
Clipperz might not be especially pretty, but it’s a well-conceived and executed solution to secure storage for digital nomads and multiple device users alike. Being both free and anonymous, there’s no reason not to give it a try.
Clipperz