Your application is going to fail, because very few people are going to trust it, which is going to drive conversions (which are already terribly low for new web apps) through the floor, and because you are competing with things like 1password that already work well across multiple devices.<p>And, while I don't want to send the wrong message about this (because I think you <i>should</i> use language like this to communicate security to end-users), your security language addresses none of my concerns as a security practitioner. What's being stored in bookmarklets in my browser? If I, as an attacker, can read bookmarks from your browser, I have all your passwords, or something that equates to them? What's being encrypted? How?
I like the site. It's uncluttered but seems to give just the right information in an appropriate level of detail.<p>I've never really looked deeply at "password keeper" applications before (I think because Firefox seems to a reasonably good job of it), but your approach seems like a good one. I think if I tried hard enough I might be able to come up with a JavaScript-based attack vector to steal the browser's key, but I suppose that would be a lot of work for relatively little payoff (unless they've already stolen your database and are now looking for decryption keys).<p>I'm curious about your business model. Do you intend to make money from this? How?
This looks to be a fairly strong implementation, and I have no doubt you've done your homework, and it might make a decent open source project.<p>But this is not going to be a successful business ever. The end user has no way to know if your application is legitimate or not, Google, Facebook and Twitter can run authorization services that third parties can rely on because they provide valuable services that establish their user's trust in them. You are asking them to hand over their passwords to everything because you have a clean well-lit website.
PassKey is a web based password manager; it allows you to sign in with 1 click to your online accounts.<p>It's easy to use, you mainly interact with it via a bookmark(let).<p>It's secure:<p><pre><code> * All connections are HTTPS
* Passwords are stored encrypted with AES
* Encryption key is stored in your browser, in a bookmark(let)
</code></pre>
I'd love to hear your feedback.
I really like the idea though I won't register. I'd like to have a central password repository, but I want these features:<p>- ability to store passwords for non-web services<p>- automatically generate passwords based on certain rules (ie always 6 digits)<p>- have an API to fetch/store passwords<p>- have a browser plugin instead of a bookmarklet (I don't use the bookmark bar in chrome)
I like the website. It isn't nearly as cluttered as LastPass.com. Which brings up my main question, why would I switch from LastPass.com to you? If I do switch, do I have to enter everything manually? I didn't see any mention of import tools.