No, there is nothing I can do. All information stored by the application is anonymous, so even just figuring out where your password file is stored requires both the file name and password. Since there is no 'backdoor' there is no way to decrypt your file without the password. Resetting a password requires being able to decrypt the file and encrypt with a new password, so I can't do that either.

Password keeper applications that store your passwords on your computer have the same restriction. If you forget the password, no one can help you recover your file (unless it has weak encryption).

PassPlace is a password keeper application, that enables you to securely and anonymously store your passwords. It also features:

• Along with the password, you can record the user name, a link to the site, and free format notes.
• Random password generation, where you can set the length and which special characters to include.
• Advanced encryption of the password and related data.

For the same reason I created this app in the first place. I have lots of passwords to keep track of, and I know it isn't safe to use the same passwords everywhere. I started using freely available password keepers that, unlike PassPlace, were installed software that ran on computers.

There were a couple of problems. Firstly I could not access passwords I had saved at work but needed at home. So I figured out a way to synchronize password files on my home and work computers. But on some occasions I needed a password on my smart phone, or on a hotel computer, so I was stuck. That's when I thought about creating a web-based password keeper.

Good question, and no really good answer. If you've been invited to the beta and you know me, then you know you can trust me, but there are still some possible problems:

• There could be a bug, and I lose your data.
• The site's host server could decide to terminate, possibly based on something I didn't do (like pay my bills).
• I could decide to shut down the site, for example, if it was being abused and/or it was getting very expensive.
• There could be a bug in the encryption program, and it may not be as secure as I think it is.
• You might choose some easily guessable password for the file key, or tell someone, or not keep your file key secure.

If you don't know me, then how can you possibly verify that I am not stealing passwords? If you are a geek, or have a geeky friend, you could try to review the program to make sure it is properly encrypting and not giving away your secrets. But the program has been minified so it is almost impossible to understand. Also, I could change the code at any time. In fact, anyone could have made a copy of this site and modified the code, and you aren't actually on my site but some evil copy.

PassPlace is only secure as the password you have for your password file. That is why it requires at least a 12 character password, which should be strong enough to withstand brute force attacks which also means you won't use any of the most common passwords.

PassPlace encrypts your password file using the Advanced Encryption Standard (AES-256). It is approved for top secret information by the NSA.

Also, PassPlace uses https , which securely hides exactly where your password file is being stored.

Since I have access to the server that stores the password, I can see how many files have been stored and how big they are, but I can't tell what the file names or passwords are. The files are stored under a key made from a SHA-256 hash of the file name and password.

The server itself is Amazon S3, which is quite secure. It is likley much more secure than a home-based server or a corporate server.

No, there is no way anyone can access and decrypt your file without knowing the file name and password. Which means, if your forget either one or both, just like other password keeper software, no one can recover and decrypt the file for you.

They are lost and cannot be recovered. See above.

You don't register to use the app, so I don't know who you are. Since everything in the file is encrypted, nothing I could see can help me figure out who you are.

Like any webserver, the PassPlace server needs to know your IP address in order to communicate with you. This could potentially identify where you are contacting the server from and help identify you.

If you have access to the internet, you have access to your passwords. Since you just need a browser like Internet Explorer, Firefox, Chrome or Safari, you can use just about any computer or smartphone to access the passwords. Any you don't need any special computer privileges to run PassPlace since it is not installed or downloaded.

Yes, due to Kerckhoffs's Principle using an open but secure algorithm is better than hiding the details and relying on security by obscurity. Your password is what keeps your password file secure.