my1login

Some password managers store your encrypted data locally, some keep it in the cloud, and others do both. The free my1login tool is so thoroughly cloud-based that it doesn't even install a local client. You can use it with any browser, under any operating system, as long as that browser supports Javascript and bookmarks. It's not quite as automated as some solutions, but it's an interesting approach.

Layered Security
When you create your free my1login account, you'll define both a password and a key phrase. The password lets you log in to the site and connect with your encrypted passwords store, while the key phrase is used in local decryption of those passwords.

Logging in is an unusual process. To eliminate the possibility of password capture using a keylogger or screen scraper, the site does not ask you to enter the password. Rather, it requests the letters at specific character locations, entered by selecting from a drop-down menu. There's nothing for a keylogger to capture, and it'd be tough for a screen scraper to identify exactly what you selected from the menu. I did find myself counting on my fingers quite a bit, to figure out which is the tenth or fifteenth character.

The key phrase creation page recommends using a long phrase, and spaces are permitted. If you're a fast typist you can create a lengthy key phrase that would be tough for any malefactors to guess. And if you're really worried about keyloggers you can enter it using a virtual keyboard.

Once you've authenticated yourself to the site, the site authenticates itself to you. At the time you create your account, you're assigned a special icon that appears in the top right corner of my1login's pages. If you don't see that icon, you've been duped into connecting with a fraudulent copy of the site. This kind of phishing protection is similar to the SiteKey system used by many banks and credit card companies.

Password Management
If you're accustomed to using a fully automated password manager like LastPass 2.0 (free, 5 stars) or RoboForm Everywhere 7 ($19.95/year direct, 4.5 stars), you may find my1login just slightly tedious. Because it doesn't install a local client or browser plug-in, it can't automatically capture passwords as you log in. You must enter each password manually.

You enter the login URL, a name for the entry, the username, and the password. You can optionally add tags for searching, or a free-form note. In the standard free edition, your saved password bookmarks appear in a searchable alphabetic list. If you pay $2 per month for the Pro edition, you get the option to organize them into a multi-layer folder structure.

With mSecure Password Manager ($19.95 direct, 2 stars), both password capture and playback are fully manual. My1login manages to automate the login process using a bookmarklet. That's a tiny piece of Javascript, small enough that the whole thing fits in a bookmark.

The first time you use my1login in a particular browser, you must drag the my1click bookmarklet onto the browser's bookmarks bar. To use one of your saved bookmarks you first click it within the list and then click the bookmarklet button. LastPass and RoboForm both offer a bookmarklet option for use in unsupported browsers or on systems where you don't have permission to install a plug-in.

My contacts at the company say the product roadmap includes "some fantastic upcoming functionality including the capability to handle non-standard and multi-page login forms." At present, it strictly handles standard logins, which admittedly are used by the vast majority of secure sites.

You can directly import passwords from RoboForm, KeePass, and Clipperz, or from a CSV file. I had no trouble exporting my LastPass passwords to CSV and importing them to my1login, though understandably those for sites with non-standard logins didn't work.

In addition to the password-filling bookmarklet, LastPass includes one to fill Web forms with user-defined personal data. My1login focuses strictly on passwords, not on form filling. According to CEO Michael Newman, "We feel that in order to help password managers become better embraced by the mainstream population, improving their security, it is important to focus our service on the core proposition of password management."

Source: http://feedproxy.google.com/~r/ziffdavis/pcmag/~3/cUu8_UCGuzM/0,2817,2407514,00.asp

2011 nfl playoff schedule cowboys vs giants ndaa timberwolves weight watchers rawhide bigfoot