Frequently Asked Questions
Is Passter a software? do I need to download and install?
Passter Web App is built using latest HTML 5 technology, which allows web applications that run inside the browser to act as a desktop application. This means that you don’t need to download and install the web app. Simply opening passter.com and pressing on the ‘Setup’ button will be enough to start using Passter.
Passter Extension is Google Chrome extension which is a software that should be downloaded from Google Web Store and installed inside the browser. It is also written using HTML 5 and integrates completely with the browser. It is highly secured and has great user interface experience compared to other password managers.
Is Passter safe to use?
Passter is probably the safest password manager around. Running inside the browser (in case of Passter Extension even without any server side code) means your passwords are not traveling to different operation system processes and/or to network locations. Also modern browsers are capable of displaying the source code that they execute.
Important aspect is that your privacy is fully kept since you are not required to open any Passter account or fill in forms. Your identity is always anonymous even when using the online password repository of Google Docs.
Password Policy is also a feature which capable of reducing many potential risks to your passwords, identity and even your money (in case you using PayPal account).
Where are my passwords stored?
You have two options for password repositories. The first one is to store the passwords inside your browser, which is the safest, but have a disadvantage that you can only access them in the same browser at the same computer or device.
The more convenient way is to store the passwords in your Google Account. This means that you can synchronize your passwords between different browsers and platforms (laptops, desktops, mobile devices, etc). The passwords are stored in your Google Docs (every Gmail user has one already), and can be accessed only by you using native Google tools.
Are they encrypted?
Yes, all the passwords, credit cards, secrets and other information is encrypted using AES and stored in the browser. Plain text information is not stored (or sent, in case of Google Docs repository).
Do I need to give Passter my Google credentials?
No. Passter uses Google OAuth protocol which authenticates the user on their servers and in exchange Google give an authorization token for Passter without any identity of the user behind it.
Which servers does Passter use?
Passter Web App is hosted on Google App Engine, while Passter Extension is hosted inside the browser (like any desktop application). If you use the Google repository for storing passwords, then Google Docs server are also been accessed using SSL protocol.
Is there a master key?
Yes. Passter always encrypts your passwords (client side inside the browser). In case of automatic encryption key, Passter will generate a strong 24bit key which will be replaced weekly. This is a good solution if you are the only user in the computer.
The manual encryption key is managed by you, and should be carefully handled and replaced. It is mandatory in shared or public environments or when using Google Docs repository.
What happens if I lose my master key? can I retrieve my passwords?
No. Losing your master key means losing your passwords. No option to retrieve here, but to ‘Eject’ in the Web App, or reinstall Passter Extension with a blank passwords sheet.
Remember that you have the option of backups and restores, but you still need to remember the master encryption key.
Where is the master key stored?
In case of automatic key it will be stored encrypted inside the browser.
In case of manual key it should be always stored in your memory. There is an option to store the manual key inside the browser but it is only recommended in private environments (like iPhone or personal desktop).
What is the ‘Disable’ option?
Disabling Passter revokes your master key from the browser (and also, if set in password policy, the Google authorization token). This allows you to leave your passwords encrypted and useless in the browser until you re-enter your master key.
Passter can be disabled using password policy. For example disabling it after 3 minutes of idle time, or when the browser closes.
What is the ‘Eject’ button?
Eject means that you delete all of the passwords and information from the specific browser. It is similar to the uninstallation operation of the Passter Extension or any other desktop application.
Unlike disabling Passter which means that you will come back, ejecting is useful when you have no intention to reuse the specific browser.