We've recently released a free Gmail Gadget called AccountKeeper Lite. It's a Java applet that loads in your Gmail account and allows you to store accounts and passwords securely in Google Docs. This means you can access your account data from any Internet connected computer, since it's stored "in the cloud".If you want to try it out, simply click the link above. In this post, we'd like to discuss how the security works in a little more detail. Storing important data like accounts and passwords remotely means you need to be certain of how the technology is protecting your data.
AccountKeeper Lite works on the following principles.
Your accounts and passwords never leave your computer without being encrypted first.
Since AccountKeeper Lite is a Java applet, the encryption and decryption happens on your computer, before it's sent to Google Docs. When you click to save your data, AccountKeeper Lite encrypts the data first, then transfers it to Google Docs, to a special encrypted document. When it loads the data from Google Docs, it downloads the encrypted data to your computer, then decrypts it. At no time are your accounts ever out of your hands without being encrypted.
Strong encryption.
Your data is encrypted with the industry standard 128-bit AES encryption algorithm. This encryption method has been adopted by the United States government as a secure standard for encryption.
Your key is separate from your data.
Key management is a difficult aspect of encryption. A key is what is used to decrypt your data. So it's vitally important to protect and keep your key secret.
Most people can't remember a 128-bit key. E.g. here's what one looks like:
89c99ef4df29105f97b96b1d6c154c4b
So asking users to store the key, write it down, commit it to memory, etc, is difficult and prohibitive. This difficulty leads to its own set of security failures.
Our solution is to make the key available on-demand, but kept separate from your encrypted data. You are the only one able to bring the key and encrypted data together.
Your account data is encrypted and stored by AccountKeeper Lite in Google Docs, using your Google username and password.
AccountKeeper Lite creates an "access token" based on your username and password, using strong hashing techniques, and that is used to request a key from CompletelyPrivateFiles.com.
We have no knowledge of your Google Docs password, and Google has no knowledge of your access token to retrieve the key. Only you know the necessary pieces to of information to obtain both.
Additional passphrase security.
We provide an additional field on login to AccountKeeper Lite, called a passphrase. This is an optional field that you can use to improve your account security further. If you enter a value for the passphrase, this is used in addition to your account data to generate the access token used to retrieve your encryption key. We recommend using this field, even if you enter a simple, easy to remember value.
With these methods in place, we feel that AccountKeeper Lite provides the best of both worlds. Easy, online access from anywhere, and strong security and protection of your important account data.
