Comments on: Forget Your Passwords with Agatra

By: maddy71892

maddy71892 — Sat, 03 May 2008 22:11:34 +0000

I actually use NeedMyPassword.com and I love it! It’s online password storage and recovery. It’s GUARENTEED safe, secure, and hacker safe… there’s nothing to worry about. It’s so helpful because I have so many passwords to remember. I don’t even know how I got along without it! I would reccommend it 100%

By: Nic Wolff

Nic Wolff — Mon, 09 Jan 2006 05:25:37 +0000

Thanks, Alex, for recommending my Password Generator bookmarklet. I don't know why people are still trying to solve this problem...! (Oh, right, they think they might make some money off it somehow.)

By: Alexei

Alexei — Fri, 06 Jan 2006 20:10:50 +0000

I would put most of my passwords in here (email, logins to most sites) except my banking pw’s.. very little that you do online is secure anyway (especially email) so who cares? If it makes it easier, sounds great to me.

By: åœ‹ç”Ÿä¸‰å¹´æ‰?é–‹å§‹

åœ‹ç”Ÿä¸‰å¹´æ‰?é–‹å§‹ — Fri, 06 Jan 2006 16:35:14 +0000

Agatra å¸³è™Ÿç®¡ç?†

å‰›å‰›çœ‹åˆ°ä¸€ç¯‡æœ‰é—œ Agatra çš„å ±å°Žï¼Œæœ¬ä¾†ä¹Ÿæ˜¯çœ‹çœ‹è€Œå·²ï¼Œä¸?é?ŽæŽ¥ä¸‹ä¾†å?ˆåœ¨ keso é‚£é‚Šä¹Ÿçœ‹åˆ°ä»–å¯«äº†ä¸€ç¯‡ï¼Œæˆ‘æ‰?èª?çœŸåœ°åŽ»çœ‹äº†ä¸€ä¸‹é€™åˆ°åº•æ˜¯ä»€éº¼æ?±è¥¿ï¼›åŽŸä¾†é€™æ˜…

By: Michael

Michael — Fri, 06 Jan 2006 16:11:23 +0000

Kevin, I haven’t verified there’s any browser-side encryption directly, but I asked the president of Agatra (Andrew Hayward) about this before posting and he said this:

“Agatra stores the passwords as encrypted
information throughout the login process. We use the Agatra password as a key
to unencrypt the passwords the users enter. As a result, there’s no way to
unlock the site passwords without possessing the “key” (i.e., the Agatra
password). We have no access to the users “Agatra” password in unencrypted
format, and thus we have no access to user passwords either. In this way, even
if someone with less than honorable intentions gains access to our server, they
would still need all the individual “keys” (Agatra passwords) to gain access to
the site passwords.”

I was left with the impression it’s encrypted locally, and that’s certainly feasible, but it is possible that’s not happening here.

By: Shawn

Shawn — Fri, 06 Jan 2006 15:10:45 +0000

“Would you trust Agatra with your passwords? If youâ€™re a sysadmin (most of us are, even if weâ€™re not actually paid for it :-)), would you recommend it to your users?”

I’d give both of those a big “Hell, no!” in response. If I trust anything to store my passwords other than my brain, I’d keep them in a desktop app (as a Mac user, I use KeyChain) and then encrypt the filesystem wherever the app stores them.

No way would I store passwords in a place where someone could discover SQL injection, XSS or session hijacking.

By: Kevin Dangoor

Kevin Dangoor — Fri, 06 Jan 2006 14:58:29 +0000

Are you sure the passwords are encrypted and decrypted locally? I’m using the Firefox Web Developer extension and I didn’t see any JavaScript for encryption in there.

By: Tom

Tom — Fri, 06 Jan 2006 12:24:26 +0000

There is no safe place to put your password other than your brain – just my opinion. No way would I trust this app.

Tom

By: Business Garden

Business Garden — Fri, 06 Jan 2006 08:29:01 +0000

Plus besoin de retenir vos passwords avec Agatra

Avec Agatra, plus besoin de retenir vos logins et passwords sur Internet !
Une fois connecté à Agatra, vous êtes immédiatement identifié sur les sites de votre choix (Gmail, Hotmail, vos forums préférés, etc…)

Agatra retient tous vos comptes (log…