But Clipperz has a clever approach to privacy. Using a combination of anonymous user accounts and in-browser encryption, Clipperz has come up with what it calls a zero knowledge Web application. When setting up a user account, you need only create a user name and password, no personally identifiable information is part of your account. Your browser encrypts the passwords and other information stored in Clipperz. Sensitive data isnt sent in the clear and the server that stores it cant decrypt it. The net result is that Clipperz has zero knowledge of your identity or data. If, after all that, youre still skeptical, the source code is available so skilled administrators can host their own Clipperz servers.
Getting started requires a visit to . When you create your account, you enter your desired user name and passphrase. Make sure you remember that passphrase, too, because it cannot be recovered.
Now youre ready to create cards. Click the Add new card button and youll have a choice of six card templates: Web password, bank account, credit card, address book entry, custom card, and direct login. The first four have fields appropriate to the data you need to store. For example, the credit card template is preconfigured with slots for the card type, owners name, account number, expiration date, and security code. Custom cards have three untitled fields to start with. You can add and rename fields to suit your needs. Having filled in data and saved it, your cards name will appear on the left side of Clipperz main content area.
The last card variety is for a feature call direct login. For sites that require a user name and password, Clipperz direct login seeks to provide single-click access. Setting up a direct login card requires adding a special Clipperz bookmarklet to your browsers bookmarks. You then visit the login page of the site and select the bookmarklet. A small window pops up with a snippet of code to copy. The last step is to open your Clipperz account and create a new card choosing the direct login option. Paste in the copied code, save the card, and the link appears under the Direct Login heading. Thats the principle, anywayin my testing, it worked with about half the sites I tried. One of the shortcomings of the direct login concept is that it cant connect to sites that use Flash or Java for authentication. Even some sites that apparently use standard HTML forms are incompatible. Still, when it works, direct login is a very compelling feature.
One of the primary attractions of a web-based password manager is that you have access to your private data from any computer any place. But using an unknown computer is a risk in itself. If wandering eyes or a key logger manage to get ahold of your Clipperz login, all your information is compromised. To safeguard your security in such a setting, Clipperz offers single use passphrases. You must generate single use passphrases in advance, but using one on a keylogged computer is harmless as it can never be used a second time. The only trade-off with single use passphrases is theyre too long and random to commit to memory, so you must record them somewhere and keep them physically secure. Obtaining the written codes with knowledge of the associated user name defeats the feature.