A few days ago a very lightweight, intuitive and yet powerful online password manager was released to the world. It is called My ID HUB. This project has been in development and testing for quite some time so you can be sure it is solid.

My ID HUB Home Page

There are a lot of password managers online and why would anyone care to switch to another one? There are a lot of good reasons.

My ID HUB has a very high level of security

Security is no joke, especially considering how often we hear about retailers being hacked left and right. In each case customers lose their data to thieves and may need to face the consequences. If My ID HUB is hacked and entire database stolen it is as good as garbage without each individual user master password. It is economically detrimental to try and guess the decryption keys. If user selected a strong password then looking for a key to decrypt a record will take significant time and money. My ID HUB injects random "salt" into identities before encryption to further increase computational cost of cracking passwords. It may be even cheaper to steal user information elsewhere.

My ID HUB is using 2048-bit EV SSL certificate and DNSSEC to validate connection authenticity to https://myidhub.com and prevent interception of already encrypted content. My ID HUB doesn't accept non-secure connections at all and a request over HTTP protocol is redirected to HTTPS before it is serviced. DNSSEC ensures that DNS entry of the server isn't spoofed either. As such if user machine is not compromised then it is virtually impossible to spoof a web site and show another one looking just like My ID HUB to steal password. On top of that at the transport layer, information is encrypted twice with different keys at different layers.

User data is encrypted on the client side inside the browser using a key derived from the password. Encryption key is never sent to the server. It stays inside the browser in memory. When browser is closed, key is disposed.

Need more security - here you go! My ID HUB offers two-factor authentication via authenticator app for FREE. It the same authenticator app people use for Google, Facebook and Microsoft Live ID. This means that if someone does obtain valid user password and will try to access My ID HUB account he'll be denied without dynamic PIN code that is changed every 30 seconds.

My ID HUB Two Factor Authentication

Certain competitor services offer two-factor authentication for a monthly fee, but not My ID HUB. My ID HUB is committed to providing highest level of security possible free of charge.

How about a bit more security features? My ID HUB has a built-in account audit support. It means that user can see all requests issued by anyone in the world for his account, both authorized and denied. Each request is mapped to geographical locality (so called GeoIP) to let user reason about who it might be.

My ID HUB User Audit

PS. I apologize for red bars, just trying to keep my privacy private :)

Any more security? My ID HUB got it:

  • CAPTCHA prompt during login prevents brute-force attack on user account. Service denies requests that fail CAPTCHA.
  • Automatic block-listing of IP addresses that send too many requests per minute. This keeps people who want to cause DDOS out, while serving requests to everyone else.
  • A few more interesting features are coming up, like personal firewall, but more about that will come later.

Convenience at the heart of the service

Everyone knows that security comes at the price of convenience. It is hard to strike a balance between the two. In my mind, My ID HUB hit the spot. In order to use the service from the browser there is absolutely no need to download anything. Service is available as is - just navigate to the home page and sign-in.

My ID HUB tries to assist users by guessing what they want automatically. For example, if user creates an entry name "Login" My ID HUB will recognize that as identity name and assign it corresponding icon. If user create a "password" property then My ID HUB will suggest to generate value automatically, it will hide the value to ensure no one can see read it visually and offer a button to reveal it. In Internet Explorer it also provides an ability to copy password value into the clipboard without revealing it simply by clicking on it.

My ID HUB Password Experience in Internet Explorer

Availability and fault tolerance

My ID HUB service is backing up the database a few times a day to a geographically redundant storage. In case of a catastrophic failure and complete loss of a datacenter, My ID HUB will be up and running in a few hours with at most 6 hours of data loss.

Overall this is a great tool to keep all your secrets away from prying eyes yet conveniently close just a click away. I would strongly encourage you to try it for yourself and leave comments, and suggestions on UserVoice