Review: Web Confidential for Mac and Palm
Web Confidential for Mac 2.1
Developer: Alco Blom
Requirements: System 7 or higher.
Recommended: System 7.1 for shared menus, Mac OS 9 for Keychain.
Trial: Feature-limited (no PowerPC version, can’t create records after 30days).
Web Confidential for Palm 1.1
Developer: René Laterveer
Requirements: Palm OS 2 or higher, Palm Desktop 2.1 or higher.
Recommended: Palm Desktop 2.5.
Trial: Feature-limited (no HotSyncing, can’t create records after 30 days).
Back in issue 5.01, I reviewed Web Confidential 1.1. For those who don’t remember, Web Confidential is an application that keeps track of Internet addresses, passwords, and other personal information. At that time, I felt that Web Confidential was a strong program that did its job. There were several shortcomings, however. First, even though you could encrypt your data with either the Blowfish algorithm or MacPGP 2.6, there were several loopholes in the program that would allow others to view your passwords. Second, several of Web Confidential’s better features required you to use a specific application, as opposed to your Internet application of choice.
Web Confidential now stands at version 2.1. It includes some changes in the program itself. Also, Web Confidential now has the ability to sync with any Palm-compatible handheld, making certain features, like the ability to keep track of ATM numbers, much more useful.
On the Desktop
Although the name would imply that Web Confidential only tracks Web sites, it is capable of far more. Each Web Confidential file contains 15 categories for storing data; they are WWW Sites, WWW Forms, FTP Servers, Newsgroups, E-Mail Contacts, Login Accounts (Telnet), POP Accounts, Bank Accounts, Credit Cards, ATM/PIN Cards, Personal Data, Software Keys, Serial Numbers, Membership Numbers, and Miscellaneous. Each category contains five fields for data entry—usually a name field, one to three fields specific to the data type, and a notes field.
As you might expect, both the WWW Sites and the WWW Forms category are for Web sites. However, there is a difference in the types of sites each category expects. The WWW Forms category is for sites where there is a Web-based form asking for login information. This is the approach that you see on many e-commerce Web sites or Web-based mail services. The WWW Sites category is for sites which have no password protection, or which display an authorization window asking for your name and password. In my experience, the form approach is by far more common, but I still encounter sites that use the authorization window method. It is nice to see Web Confidential handle both types of sites.
In Web Confidential 1.1, dealing with forms was both one of the program’s greatest strengths and biggest weaknesses. Using Shared Menus, Web Confidential allowed users to access information about Web sites in the active Web Confidential file. If you were using Internet Explorer, you could send your name and password information from the information card to the server and be logged into the Web site. If you used Netscape Communicator or some other Web browser, you could not access this feature—all you could do was copy the password to the clipboard.
In Web Confidential 2.1, this has been fixed. You can now use this feature in Internet Explorer, Communicator, and iCab. Also, you can choose to have Web Confidential input this information to the Web site without submitting it or input only your user name. Unfortunately, these features do not seem to work with iCab if you have it set to open a new window whenever it receives a URL from another application.
The WWW Sites category is even better about providing access to the pages in the category—when you access a site, either by clicking the “Go” button in the Web Confidential application, or by selecting it from the lock and key menu when your Web browser is active, your name and password are sent to the server and you are logged in automatically.
Most of the categories behave as you would expect them to—the FTP Server category keeps track of FTP accounts, the E-Mail Contacts keeps track of e-mail addresses, the Credit Cards category keeps track of credit card information, etc.
Although Web Confidential 2.1 now allows any of the major Web browsers to use one-button form submission, there are still areas where it limits the programs it supports. First, to use Web Confidential to automatically log in to a telnet account, you’ll need BetterTelnet 2.0. Second, Outlook Express is required if you want to use Web Confidential to set up a POP account. These features won’t appeal to as many people as one-button form submission, however, so I don’t consider this a serious problem.
In my review of version 1.1, I complained that the simplicity of Web Confidential’s interface was both a strength and a weakness. There were three issues that I touched on in that review—the Go button, the Check drop-down menu, and extraneous fields in the E-Mail Contacts category. These issues, listed below, remain in the new version.
First, the Go button that sends you to the Internet address for a card is always active, even in categories that do not contain Internet addresses. Clicking it while in any non-Internet category forces an attempt to open a Web site using whatever text is entered in the second text field. It should dim when it’s not necessary, like the delete button does when there are no cards in a category. The same can be said for the Check drop-down menu. If it is clicked when the current category does not support Internet addresses, it says “Not Available.” I would prefer if it were disabled. Another minor interface issue is the E-Mail category. Although only two fields are used, the two remaining fields are titled “n/a” but they still accept text. It would better if these fields were dimmed and/or non-selectable.
Another cool feature is the Quick Open item in the File menu. Any file in either the Startup Items or Cabinet folder that Web Confidential creates will appear in this menu. Additionally, any item in the Startup Items folder will open, appropriately enough, when Web Confidential launches.
Also in Web Confidential 2.1 is a contextual menu plug-in for adding information to Web Confidential. All you need to do is highlight the text of interest and choose where you want to store it. There is one issue with the contextual menu plug-in—you cannot specify whether Web Confidential should create a new entry or change the active entry. Therefore, to create a new entry for an e-mail address, you would need to switch to Web Confidential, change to the E-Mail Contact category, create a new entry, switch back to the original application, select the text, and then bring up the Contextual Menu. All these steps severely limit the usefulness of the contextual menu plug-in for creating new entries in Web Confidential.
Share and Share Alike
One of Web Confidential’s major features is that it uses Shared Menus, a feature of the Mac OS since System 7.1. Shared Menus allows Web Confidential to make its own menus available to other programs. For Shared Menus to appear in a program, the author must include the code to make this possible. Fortunately, many Mac Internet programs include this functionality, including Netscape Communicator, Internet Explorer, Mailsmith, Outlook Express, and Interarchy. Since Shared Menus are available system-wide, Web Confidential’s menus will also show up in some non-Internet programs. The only one I have found thus far is BBEdit, but it is possible that there are more out there.
Web Confidential places three menus in programs that support this feature. There is the Web Confidential menu, which allows you to add the current Web page to Web Confidential, switch to Web Confidential, switch to URL Manager Pro, switch to another Internet application, or go the Web Confidential home page. The lock and key menu acts as a bookmark menu, allowing you to access Internet addresses for whatever program you are using. The final menu, the glasses menu, lets you access information cards for Web pages stored in the WWW Forms category. This can get slightly confusing, though—when you are using a Web browser, pages in the WWW Sites category show up in the lock and key menu, but pages in the WWW Forms category do not. On the one hand, this makes sense, since Web forms require the user to interact with Web Confidential to pass the username and password information, whereas sites using no password protection or an authentication window do not. On the other hand, it may confuse users who expect all their Web sites to be in the same place. To accomplish that now, you must list Web sites in the WWW Forms category twice.
With programs like Interarchy and Communicator, Web Confidential falls a bit short with Shared Menus. Although programs like these can access multiple Internet protocols, only items from the main protocol appear in the lock and key menu. This means no grabbing Web pages in Interarchy and no sending e-mail about that cool Web page from Communicator.
Lock and Key
Another feature in Web Confidential 2.1 is the ability to interface with the Keychain feature of OS 9. Web Confidential can read the contents of a Keychain and add it to the Web Confidential file.
Once the Keychain entries are made available to Web Confidential, you can choose to save any changes you make, by clicking the Keychain icon that appears next to any entries in the Keychain. The only problem is that it is easy to forget to click that icon, since you normally don’t need to do anything to save your changes.
Also, you can choose to add any Web Confidential entries to your Keychain. This is accomplished by clicking the plus icon that appears in place of the Keychain icon. Unfortunately, you cannot delete from the Keychain using Web Confidential. This isn’t a major thing, but it would be nice.
Finally, Web Confidential and the Keychain can work together—Web Confidential can store a Keychain password, and the Keychain can store Web Confidential passwords for decrypting files.
Keychain integration is not perfect, though. For instance, both Web Confidential and the Keychain allow you to name Keychain entries. However, when you save the name using Web Confidential, it changes the type of the Keychain entry, not the name. It doesn’t appear to cause any problems with the Keychain, but at the very least, it is an annoyance.
Another case of this can be seen with Timbuktu passwords. I have three systems I access regularly with Timbuktu, so I have three Timbuktu passwords in my Keychain. When I imported the Keychain into Web Confidential, only one of the Timbuktu entries made the trip.
Integrating Web Confidential and the Keychain is a good idea—there are times where the Keychain is more convenient than switching to Web Confidential. Furthermore, there really isn’t any way to edit something once it’s in the Keychain, short of changing its name. The integration doesn’t seem complete, though. Although the problems seem minor, they are still annoying.
On The Road
To be perfectly honest, I never really thought much about Web Confidential’s non-Internet related features. Why would I need to keep my PIN on my computer? I’m not going to drag it down to the ATM when I need cash. In this regard, a Palm version of Web Confidential makes perfect sense—information that comes in handy away from the computer can finally travel away from the computer. Also, if you have a tendency to move from computer to computer, it certainly makes more sense to put all your passwords on a portable device than to keep a copy on each machine. Finally, if you create a new account while you’re not at your computer, you can jot it down in your Palm and sync it with Web Confidential on your computer when you get back to it.
Web Confidential for Palm could easily be described as Web Confidential Lite, and that’s to be expected. The vast majority of Palm owners do not use it to connect to the Internet. The only Palms that ship standard with Internet access, the Palm VII and the VIIx, use Web clippings and e-mail. Therefore, it makes sense that there’s no “Go” button or other way to access the Internet directly from Web Confidential for Palm.
Instead, you get what can be described as the prototypical Palm application. Like the built-in Memo and Phonebook application, Web Confidential for Palm has two views. The first is a list view. Similar to the previously mentioned applications, this view shows the names of the items entered into the database. These items can sorted into categories. By default, Web Confidential for Palm comes pre-set with the same 15 categories as Web Confidential. When you sync, items coming from the desktop are placed in the proper category.
The second view is the detail and editing view. This is similar to the editing view in the Phonebook application. In this view, you can see the same five fields as in the desktop application. If you prefer, the password field can be displayed as bullets (•). When you select this field for editing, it switches from bullets to clear text so you can read or change the password.
Detail and Editing View
All in all, Web Confidential for Palm is everything a Palm application should be—compact, efficient, and able to get the job done.
Both the Macintosh and Palm versions of Web Confidential allow you to encrypt your information to keep it safe from prying eyes. Both versions include the ability to encrypt using the 448-bit Blowfish algorithm. According to the documentation, there is no known attack against the Blowfish algorithm. Also, the Macintosh version includes the option of using MacPGP, if you prefer.
One complaint I had about protecting passwords in version 1.1 was the eyeglasses icon next to every password. Whenever the cursor was placed over the eyeglasses, the password would be displayed. In version 2.1, you now have the option of disabling the eyeglasses in the preferences. This will keep casual browsers from peeking at your password; unless they know their way around Web Confidential, they aren’t going to be able to find your password.
Also, both versions allow for automatic encryption after a period of inactivity. Although this keeps your data secure, there are a few downsides. In the Macintosh version, when the password file is locked, the entries in the Shared Menus become inactive. The full list is still displayed in the menu, but clicking on one does nothing. As for the Palm version, the downside is more of an annoyance than anything else—whenever you want to sync with the desktop, the database must be decrypted. If the database on the Palm is encrypted, nothing gets updated. The only notice that anything is wrong is an entry in the HotSync log.
Like its predecessor, Web Confidential 2.1 provides a central location for storing Web passwords, e-mail contacts, PIN numbers, and the like. It still features strong security features to protect this information. Furthermore, by making one-button submission accessible to all major Web browsers, Web Confidential has eliminated one of its major flaws from the previous version. However, some of the interface problems remain from the previous version, and they keep Web Confidential from getting an Excellent rating.
Likewise, Web Confidential for Palm is also a very strong product and everything you would expect from a Palm application. It is the perfect mobile solution for keeping track of passwords and other pertinent information while you are away from the computer. The only complaint I have about it is the requirement that you decrypt the database before HotSyncing. One of the original selling points of Palm products was the ability to sync with a single button. Now, I have to choose between leaving my database decrypted or remembering to decrypt it when I drop my Visor in the cradle.