That’s why I’m reluctant to store passwords online in third party’s database, there’s trust, there’s ONLY trust. You have nothing else to fall back on if something goes wrong. And it’s not just trust of the third party not stealing your passwords, it’s also trust that the said third party can provide sufficient security against external attacks, even more so than online banks, since for online banks at least there’s something else to fall back on.

I’m the guy that wrote all the information at the ALTools web site, and for every detail about security, I checked, double-checked, and triple-checked everything for accuracy.

ESTsoft has no interest in stealing any information at all.

It is a privately held and profitable company with a very good reputation. The vast majority of computers in South Korea run software from ESTsoft (think 90% ). There’s almost nobody in Korea that doesn’t know “ALZip”. (I’ve never met anyone that didn’t know it, including friends that know next to nothing about computers.)

ESTsoft has several product divisions, but revenue for ALTools comes from corporations and government. They are free for home users.

It is in ESTsoft’s best interest to NOT know your passwords. And no unencrypted ALToolbar passwords are stored on any ALTools servers (it uses 2). That’s why there’s a warning about resetting your password — if you do, all your data will be lost forever.

You don’t have to take my word for it though. You can get a network sniffer like Wireshark and analyze packets yourself. Or get a debugger and find out what’s going on. You will see that all ALPass data is securely encrypted until it is decrypted client-side inside of ALToolbar on your own computer.

Now, that’s a lot of work to do, but you can verify it. (I certainly wouldn’t want to go through all of that though.)

Trust is an issue, but that will go for any piece of software that you install on your computer. It isn’t very difficult to write something to steal passwords and logins then send them somewhere. Once something is running on your computer, you’re at risk. I’ve never heard of a password manager that was a blackhat tool though.

Just FYI — I am using the ALPass Online functionality. And I’m definitely in the “more paranoid” camp when it comes to computer security. But I’m also much more knowledgeable about comptuer security than most people and know when to be paranoid, and when not to be.

As for the “browser warz”, my thoughts on the topic are here: http://renegademinds.com/Default.aspx?tabid=60&mid=415&ctl=ViewEntry&EntryID=118

The browsers are different and have varied strengths. It depends on what you want to do.

IE7 is a good browser. (BTW – The IE8 private betas are going on now.)

I’ve actually been using Opera for a while now (Firefox before that), but switched back to IE because ALToolbar gave me what was most important to me — solid Mouse Gestures. I still use all 3 browsers though, depending on where I am and what I’m doing. (Opera at the moment as I’m on my Korean WInXP box with IE6, which I refuse to use unless I must because it lacks tabs. Though this is becoming more frustrating as I really miss the Mouse Gestures.)

In any event, just thought I’d pop in here with a few comments. I’d be happy to respond to any questions. You can reach me through the ALTools site easiest.

Cheers,

Ryan

Because I have been actually using maxthon for 4 or 5 years, i never saw the need switching to firefox.

But in fact… I do know something about these guys: I have been using their desktop-based login/password filling software without any adverse consequences for almost two years, and at the very least I can say that I do not believe they are in the business of stealing passwords.

@Freewarefiend, guest: thanks for your input on this.

@Pitzelberger, Barry: I like to write about interesting browser extensions for IE and Firefox both.

Barry Cleave
http://proreviewer.com

If you have an online bank account, credit card, Paypal, etc., THEY have your password stored on their servers, too…. and they KNOW your name and address.

Unless someone gets extremely lucky at guessing, they can’t get a random user/password combination that’s been encrypted.

That being said, I don’t store my bank or credit card PW’s anywhere but in my brain. So while I believe that my passwords are as safe with ALT as they would be anywhere else, I prefer to keep sensitive data to myself.

What is useful is saving PW’s from messageboards, newspapers, and other websites that have free memberships and no access to my digital $$. The worst that can happen there is that someone posts a message in my name, which in many cases might be a better, well-written comment than I could make

I too wonder about storing logins and such online, but as most users infos can be ’seen’ when transmitted in certain instances, we each should exercise our individual discretion in how we secure our system(s) to begin with.
As always, great job with this/your site FreewareGenius!!

To each his own, I guess!