Enter

KeyMemo.com - free online password manager.

Security

Usability


schema

KeyMemo.com is a free secure way to store your valuable data online, so you can access it from anywhere any time.

Why is it safe to use KeyMemo.com? The main idea is that your passwords don’t leave your computer at all. The only thing your browser sends to KeyMemo.com is a hash of your valuable data. This is done by double encrypting every field of your record right in your browser and sending resulting hashes to the server. This way no valuable data ever leaves your computer. This hashes are of no use for anybody, but the person, who has the master password (it should be you). KeyMemo encrypts your data with 256-bit Advanced Encryption Standard (AES) and Blowfish.

All in all KeyMemo.com is an anonymous storage of anonymous hashes.

There are offline applications to store passwords. Why would I want to use your service?

It is really hard to keep your data in sync if you have more than one place, from where you need access to your passwords. Offline password managers don’t usually provide an appropriate data synchronization. If you keep your passwords on a flash stick in an encrypted archive, you can easily lose your stick, or it might be stolen. Moreover your stick, as well as your hard disk with offline password database, may unexpectedly die on day, leaving you without all your valuable data. You must always back up your sensitive data. But it is hard and boring. Almost nobody does that. With KeyMemo.com you can keep everything in one highly secure place, while being able to access it online any time both at work and at home. And even better than that, you also get backups of your data to 5 e-mail boxes at once!

Hackers may break into your server and steal my data.

The only thing hackers can find on the server is your hashes. This hashes are useless without your master password. It is impossible to restore original data without it.

Hackers can intercept my secrets, while they are being transported over the network.

It is impossible, because KeyMemo.com transmits your data via https protocol, which is proven to be highly secure.

Site authors can steal my secrets.

It is impossible even for us. KeyMemo.com keeps only hashes, and no passwords. We know neither your passwords nor your secrets, that’s why it is very important that you remember your password really well. There is NO way to restore it.

Well then how is it possible to log me in, if I don’t transmit my password over the net?

The password you enter to log in is hashed with MD5, and then this hash is transmitted over encrypted connection. This hash is then used to log you in, so there is no need to transmit original password. There is no way to restore your password from the MD5 hash. Also this hash can’t be used to decrypt your secrets and is meant only for authorization.

This site may be down due to some reason and I can lose all my secrets.

No, you won’t. Every single time you change something in your account, you get an e-mail with full backup of your data that you can access with your master password. This backup is a tiny html file, which you can open with your favorite browser.

I don’t feel like keeping all my data at the same place, because it doesn’t seem to be very secure.

You are absolutely right, that’s why you can keep only part of your data online. For example, you can store your credit card’s pin, while not storing your credit card number (you can always see it on the card), or store a password to some web page without mentioning the page it refers to (you can simply choose some keyword to remember the page later).

Is there anything to be aware of?

You should try to avoid key loggers, Trojan horses, viruses and other malware. It is possible to steal you master password only on your computer, so it is a good idea to protect yourself as well as possible. Learn what phishing is, don’t follow any links from your e-mails, don’t enter your passwords anywhere, but the place they belong to. Check SSL certificates on sites you visit.

I have few passwords, so I just remember them all.

Well, lucky you! But the more you use Internet, the more passwords you have. Some people have over 50 password, while using some of them only once a year.

What are the most forgettable passwords?

The most forgettable password is the one you rarely use. It may be your credit card’s pin, registration keys for an application you bought over the net, e-mail boxes, web pages, instant messengers. The reason behind that is the “remember me” feature. You don’t have to enter your password often, so you just forget about it. But you also must remember your BIOS password, router or gateway password, laptops, NAS, etc. You can’t possibly remember all this stuff.

I use really simple and short passwords.

The simpler your password the higher risk of breaking it. Here are the examples of REALLY weak passwords: qwe, qwerty, 123qwe, 123123, password, password1, etc. Also you shouldn’t pick a name or a noun as your password. They are all easily guessed with the help of special software. Usually a good hacker needs several hours to find out your simple password. Here is the example of a very strong password: i%U1eec_Hio1. The time needed to hack such a password is measured in decades. But you can’t possibly remember it. So you can use KeyMemo.com ;)

I have 3 master passwords and use them everywhere.

This method is highly insecure. You mix your sensitive data, such as bank accounts, with useless one, such as your spam mail. Also you just can’t blindly trust the administration of the services you use. Leaving these master password all over the Internet will sooner or later allow someone to access your mail, your facebook page or even your bank account.

I keep all my secrets in my personal notebook, which I carry with me all the time.

You can simply lose your notebook and all the data with it. So you won’t be able to access your e-mail box or facebook page. Even worse – your notebook can then be found by a person, who can steal all your data and sometimes money.

I keep all my passwords in a plain text file on my hard drive.

Keeping your password in a plain text or in any other unencrypted way is just a BAD idea. It is a matter of time for you to be hacked.

I keep all my passwords in an encrypted file. I use offline application to store my sensitive data in a secure way.

Hard drive, where you keep your encrypted data may break down one day, without leaving a chance to restore your precious data. Moreover, let’s say you saved your password file at work, so you won’t be able to access it at home and vice versa.