Passpack now lets you securely share your log-ins

Password storage service Passpack has a new feature that lets you share your account log-ins with others. It's meant as a way to securely share things like usernames and passwords outside of e-mail or IM conversations, and requires that both parties be registered Passpack users.

Inviting someone to get access to a certain log-in is fairly simple, although you have to be Passpack friends with them first. Then it's simply a matter of checking off which log-in or log-ins you want to share. This is handled in two places, both on your friends page and on each site's entry. From there you can pick how much access you want each contact to have, including whether they can just view it, or go in and make changes.

One smart thing about this system is that as the sharer, you can turn off that access whenever you want. The service makes note of each entry that you're sharing and gives you a quick way to revoke access to everyone sharing that certain entry, or to certain individuals entirely. This means that if you're sharing passwords with an employee who leaves the company, you can pull off his or her access to those passwords immediately.

Passwords you're sharing get a special orange tag. You can also sort just by shared passwords.

(Credit: Passpack)

I can't say I totally find this feature ideal though. For one, the person you're sharing with needs to be a registered user of Passpack, which means you need to bug them to sign up, then get whatever case-sensitive usernickname they've come up with. Second, you're giving people entire log-ins, which means they can just take that information and save it somewhere.

The system is not currently set up to let you share access to a site without the other person seeing the credentials (which it can do for you if you're using the service's autofill bookmarklet). So, say for example I'm using this for work, and want to give Rafe the username and password to the company YouTube account. I'd much rather be able to provision him temporary access to that site without him being able to change passwords and potentially lock me out. However, something like that would require OAuth on each site to make that happen.

Where I think this feature will really shine is for providing spousal or family security, where you can give other people you trust access to your information in case something bad happens to you. Similar to what Legacy Locker provides, this would give those people everything they need to control your various accounts if you die.

[pjk0]

I hope all you people are the extremely trusting sort - because this sort of online credential database is like a nuclear bomb waiting to go off if either A) the vendor is not absolutely diligent and obsessive about security and best network practices and/or B) any US government agency with itchy fingers (or a FISA backdoor greenlight) decides it wants to snoop around at the keys to everything you do anywhere..

[PigSpigot]

As someone who uses a Google Doc to share passwords with fellow employees now, this is definitely a step up, and I'm obviously not particularly worried about pjk0's concerns. You have to trust the people you work with on some level, and this seems like it would make life easier.

[David_Minton]

@pjk0:
I'm doing research for an Enterprise solution for a small company. I am hesitant to trust passwords to a third-party hosted solution, but they may soon offer a solution. From their site:

Passpack Black Box
For businesses that need to run all security software behind the company firewall, the Black Box will let organizations run Passpack on their own servers.