I set up direct logins in Clipperz for five web sites, but after creating my own four-word “one-time passphrase”, I could not login to Clipperz. I can still login in with my non-one time passphrase – a simple password like you’d use to login to your email – but login failed after I copied and pasted my four-word passphrase. I may have made a mistake in pasting it, as the Help section states that “it can be used only once. If the same passphrase is used again at a later stage in a login attempt it will be rejected and the login process will fail.” My advice is be very careful in entering your passphrase because if you enter it wrong, you can’t use it again, and you have to generate another one. Problem is, even after doing this, login still failed. So I returned to my simple low-entropy six-digit “password”. So cryptography has been diminished greatly here, but Clipperz still very secure and very convenient and worth using. If anyone reading this has successfully used the one-time passphrase method please let me know! Leave a comment below.
I learned about Clipperz through Digital Inspiration blog and it uses an ajax web environment (whatever that is) to run an applet in your browser. You log-in to your Clipperz account with a username and password, like any other web site. For better encryption and faster login to Clipperz, use a one-time, four-word “passphrase”: you don’t have to enter it every time you get online. Either way, both methods scramble your login fields before they’re uploaded to Clipperz.com servers. Clipperz features a browser-based UI has you create “cards” with, for example, your Gmail username and password info (also automatically scrambled before any transfer of data takes place), or for any oft-visited web pages that require logins that you don’t want to always enter every time you’re online.
Now, to generate an uncrackable passphrase, you can use a random word generator. Supposedly Mac OS has random number capability through the shell or some obscure way, but the easiest thing to do is to roll a dice and use a “word list”, like the one at Diceware Passphrase Home Page. Scroll down to the section “Using Diceware” and it tells you how to (physically) roll a dice four times (or four dice once) to get 16 numbers, which will give you four four-digit numbers. Look up the corresponding words in the word list and you have your four-word passphrase to use in Clipperz (there are alternate word lists, too – check out the “Links” section at the bottom of the Diceware page). Diceware’s word list is at http://world.std.com/%7Ereinhold/diceware.wordlist.asc This passphrase then stands between you or any would-be hacker or snooper,f and your master list of “direct logins”, which are listed on your Clipperz UI in your browser. You can create direct logins – which require just one-click – for any number of sites, from email to banking to commercial sites with sensitive personal info, like Amazon or eBay.