GigaOM » password manager

How to be prepared for death in a digital age

Dawn Foster — Fri, 15 Jul 2011 12:02:05 +0000

Death isn’t something most of us want to spend time thinking about, but it is inevitable for all of us, and we need to think about passing on our digital assets as well as our physical and financial ones. Most of us know that we should have a will and beneficiaries designated on investment accounts so that our assets are distributed to the right people, but many people don’t even take this first step. However, those of us who live and work online really need to go further, and think about how our loved ones should have access to our digital assets, accounts and information.

This is a very personal post for me, since I am dealing with the sudden death of my father, a fellow geek and web worker. He died without a will and without any way for us to access his password-protected computers. He did freelance work for clients as well as in-home computer repair for individuals. We have a stack of computers that we are pretty sure belong to other people, but they aren’t labeled and without access to his computer records, we can’t find the owners. We also know that he administered a bunch of systems for a big client, but we don’t know exactly who the contract was with, or who to contact to notify them. The computers in the house also control key household components, like the lights, and run the web servers for his personal and professional websites, so we’re trying to wait a bit before trying to hack into them to get access for fear of taking out critical household functionality. Would your family members would have similar difficulties if you died or became incapacitated in some way?

Here are a few things that you should consider:

Password management. Come up with some way for your family to access certain critical accounts or computers. I know one person who has an encrypted database with all of his passwords and the access information is in a sealed envelope in a safe. Other people use a password management system, like 1Password or LastPass, and make sure that a trusted family member has a way to access it. How you choose to do this depends on how you manage your passwords and how often you change them. I think most of us could find some creative way to make it easy for our family to get access to at least a few key accounts.
Technical documentation. Make sure that you have some kind of documentation about your technology in a place that people can access it without having access to one of your systems. This is especially important if you have systems tied together in a complicated manner. If you don’t have another tech-savvy family member, make sure that this documentation includes the names and phone numbers of a couple of trusted friends who can help out.
Client or work contacts. Keep a file or some kind of documentation about your clients in a place where other people can access it. At a minimum, you might want to include the name, email address and phone number of each current client, or your manager if you are a corporate worker, so that they can be contacted. I know that when I was running my solo consulting business, I kept everything on my password-protected computer, and it would have been very difficult for my family to contact my clients if anything happened to me.
Digital assets. Most of us have family photographs and other digital assets that our family will want to access later. Make sure that someone knows how to find those important photographs and other documents, and don’t rely on online photo storage services, which might be deleted at some point. If you keep most of your data on your own server (hosted or onsite), leave instructions for how to access and download anything that someone might want to save.

What else can we do to make this easier for our families? How prepared are you?

Photo used courtesy of Ken Mayer

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

Orggit: Your Firesafe in the Cloud

Nancy Nally — Tue, 15 Dec 2009 17:00:04 +0000

We all know that we should safeguard our critical data and documents in case of a disaster. Yet way too few of us follow the best practices of having these items backed up and kept in multiple locations. As a Florida resident conscious of the threat of hurricanes and wildfires, I know I should be better at doing this. But I hadn’t found a really good way to do so until I was given the chance to try out Orggit.

Some Monsanto executives learned the value of safeguarding their data the hard way when they couldn’t access key information they needed during the chaos after 9/11. So in 2003 they founded Morgan Street Document Services to help individuals and businesses protect their important documents from disasters. Orggit was launched recently to bring this service to a wider consumer audience through a user-friendly interface.

Unlike storage and sync services such as Dropbox and Sugarsync that are just storage space for files, Orggit has a user interface that allows for organizing various types of information records.

After logging in, users are greeted by four tabs across the top of their Orggit home page:

Wallet: This section stores information about all the cards you might carry in your wallet. It is organized using tabs down the left size for various types of cards, and each tab’s contents appear in the main area of the screen when selected. Each card type’s fields are customized to hold standard data types for those cards, including customer service numbers. Images of the cards can even be added. A “wallet report” can be printed containing details of all of the stored cards to use as an offline back-up or for reference in filing a police report or canceling stolen cards. This section of Orggit is similar to a Palm app that I used to have that is now available for a variety of mobile phones called SplashID. However, SplashID syncs only between a desktop and mobile device with no cloud backup of data; that redundancy is a key feature of Orggit.

Medical: This section contains a service I’ve never seen offered by any other back-up or storage service: 24/7/365 ICE (in case of emergency) medical record forwarding. It allows a user to create and store a complete medical history for themselves, including scanned documents. This history can then be downloaded in a nicely formatted PDF form for sharing with healthcare providers. Orggit will also fax or email it 24/7 to healthcare providers that request it in an emergency if they provide Orggit the member ID number found on the ICE wallet card that is mailed to every Orggit member. The card provides instructions on how to call and retrieve the records, or report a lost wallet.

As someone with a complicated medical history involving several chronic conditions, I love the idea of healthcare providers being able to access a comprehensive healthcare record for me if I have a problem away from home. My one complaint about this section is that the date fields for items require complete MM/DD/YY date entries and it can be hard to be that specific about things that were a long time ago. It would be helpful to be able to enter an incomplete date, such as just the year, or just month/year. What I’d like to see added would be more fields for recording routine doctors’ visits, and events such as routine illnesses or symptoms. Perhaps a calendar or journal function in this section could serve for those purposes.

Accounts & Codes: Designed to store logins, this is the least robust of all the service’s sections. It keeps a single alphabetized list of your logins. Clicking on the item will take you to an entered URL but won’t log you in. For day-to-day password retrieval, this can’t compete with applications like 1Password for Mac or even Firefox’s built-in password manager. But it has some advantages those sorts of programs don’t, such as the cloud storage of the data and being able to make it visible to other family members in case of emergency.

Filing Cabinet: The filing cabinet is designed to store scanned copies of important documents, similar to Dropbox and other storage services. However, unlike Dropbox, it doesn’t sync files with edits in another location. This lack of file syncing to an offline source in Orggit’s filing cabinet is not as big a deal as it might seem. Most of the files that Orggit is intended to store are scans or PDF’s of static files such as legal documents that would require creation of a whole new file if they were changed. They also aren’t documents that are typically updated that often.

Using the filing cabinet is simple. There are buttons for its drawers across the top of the page. Six drawers are already named and come configured with pre-named folders to suggest contents for them. Users can add a seventh drawer or tailor the existing ones to meet their needs. Basically, the drawers and folders are just a user-friendly way of representing a file storage structure to users.

The iPhone app is a nice addition to the service but not a key component of it. It has the ability to trigger the faxing or mailing of medical reports from its emergency section. The iPhone app also gives you the ability to use your phone’s camera to take pictures of your ID cards rather than having to scan them or use your camera. The camera can also be used to update family members’ profile pictures. You can also create a custom home screen for your phone using one of your pictures that includes a banner with instructions for accessing the Orggit ICE service.

The app is very limited in function beyond those nice features, however. Information cannot be added or edited (besides adding the photos), only read. And there is no access at all to the filing cabinet.

Orggit has the capability of holding virtually the entire identity of a user if they use the service to its full potential. The site obviously requires a high level of security. So before I commit a large volume of my data to the site, I wanted to know what security measures are in place to protect my data — and me.

The Orggit’s representatives that I contacted say that the site uses the same standards of security as the National Security Agency to secure customers’ data. They have servers in multiple locations, and those servers are behind a firewall and use the highest-grade Extended Validation SSL Certificates from VeriSign. Orggit also says it encrypts all member passwords, security questions and phishing images with AES 256 bit encryption, “rendering brute force attacks unfeasible.” They also use the VeriSign Extended Validation green address bar to signify to users that they are connected to a legal web site.

Although at first glance Orggit may seem oriented towards personal use, it can have several important business applications. The wallet tab and the ICE service can provide extra security for road warriors. One of the filing cabinet drawers can be configured to hold work documents (an especially critical mission if you are self-employed and have documents like tax returns and articles of incorporation to protect).

Orggit costs $49.99 for an annual subscription. The subscription includes the company’s free iPhone app ; the addition of up to nine family members on the account; auto-reminder service for expiration dates of credit cards, drivers license and passport; 24/7/365 ICE medical records forwarding service; and 5GB of storage space. Added family members must have an email address and get their own “wallet,” medical and accounts/codes section; the filing cabinet is shared between all users. The primary member controls whether family members can see each other’s data or not, and whether they can see the shared file cabinet.

It does take time to enter all of your critical data into an application like Orggit. But in an emergency, having access to that data via Orggit will make the investment of that time seem like a tiny price to have paid.

Do you keep important documents safe with off-site backups?

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

Passpack: Online Password Manager With Secure Sharing

Simon Mackie — Thu, 21 May 2009 23:00:41 +0000

Passpack, similar to many other password managers, offers a convenient and secure place to keep all of your passwords in one location, and can automatically log you into web sites, which can be very handy when you use lots of different apps and services. One thing that makes Passpack stand out from the crowd, though, is the new Secure Sharing facility.

Why is this useful? Well, for example, say you’re a web developer handing a project over to a client. You’re going to need to provide them with passwords to a whole range of things (databases, servers, app logins, etc.). By using Passpack’s Secure Sharing feature, you securely can send them the passwords in a neat and tidy list — no more insecure emailing of Excel or text files. It also could be very useful if you’re a sys admin for a company and need to hand out passwords to your co-workers in a secure way. If you need to update the passwords for whatever reason, they’re just kept in one place.

Sign-up is easy: Pick a username and password. If you’re concerned about privacy, you don’t even have to provide an email address if you don’t want to. You then need to pick a “Packing Key”: a long phrase which is used to encrypt your passwords. Passpack never sees this key, so you know that your passwords are safe. (Note: This also means that if you forget your Packing Key, you won’t be able to access your passwords. So make sure that you pick something memorable!)

Then, it’s simply a matter of entering your passwords into the system. Passpack makes it easy to organize your passwords, and even allows you to tag them and add notes for each account, which will make passwords for lesser-used services easier to find later. To make your passwords extra secure, Passpack can even suggest long random phrases for you that should be much harder to crack.

In order to share with someone else, you first need to connect with them (so Passpack can generate the encryption keys required) and then enable sharing. You can choose to let the person you’re sharing the password with view and modify the password, or just view it.

As you would expect, Passpack takes security seriously. Like many online password managers, Passpack uses the Host-Proof Hosting Ajax pattern to ensure data privacy (so Passpack never see your passwords unencrypted), which normally makes sharing passwords in applications like this impossible. Passpack developed the pattern to maintain privacy but allow sharing. Another security measure that Passpack has in place is the ability to specify your own welcome message — a great idea as an anti-spoofing measure. If you don’t see the personal greeting you defined for yourself, you’ll know that the site you’ve visited is not the genuine Passpack site and won’t enter your precious Packing Key. Also, the process of connecting with someone else in order to share passwords is quite convoluted. In any other app, I would be quite critical of the hoops you need to jump through, but in the case of a password manager, you really don’t want to accidentally share passwords with someone you don’t intend to.

All in all, Passpack is a nicely designed, easy-to use, secure password manager. If you’d like to use a desktop app rather than the web interface, there is an optional free AIR (a adbe) client available (for Windows, Mac and Linux). The service is free for up to 100 passwords and one shared user on the account. Premium upgrades are available if you need more storage or to share your passwords with more people.

What do you use for password management?

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.