The file eWallet GO! saves on Dropbox is fully encrypted using 256-bit AES encryption. This means that an eWallet GO! data file using a strong password would take thousands of years to hack! Even if someone did get into your Dropbox account over the weekend, your data is safe if you stored your important information in eWallet GO!

And if you aren’t using eWallet GO! you should get it today! That way, if the other guy drops the ball, you can relax and know that your most important information will remain secure!

It’s easy to do! Just export the LastPass data and save it into a text file, then run through the Conversion Utility wizard. That’s it! The utility does all the rest!

For more information about eWallet GO! click here.
To access the eWallet GO! Conversion Utility click here.
To learn more about converting to eWallet GO! from LastPass, click here.

* Previously known as the Wallet Transfer Utility

When you backup your information to Dropbox or Google Docs from eWallet GO! you’re backing up a fully encrypted file. This file features the power of 256-bit AES encryption. Even if someone managed to get this backup file, as long as you’ve chosen a strong password, it is effectively impossible for them to access your personal information stored in eWallet GO! And when we decrypt your data so you can view it, it all happens locally – we never, EVER send your password over the internet.

But how safe is safe?

But what does this “256-bit” stuff mean? In a great article on Wikipedia about what it would take to hack a file using 256-bit AES encryption, they offer the following:

A device that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would in theory require about 3×10⁵¹ years to exhaust the 256-bit key space.

In other words, a really good password using 256-bit AES encryption is effectively unhackable by anything outside of science fiction. Humans will have constructed a Dyson Sphere around the sun and shed our mortal forms by the time someone can get to your data.

Good Passwords Required!

There is a caveat – the security is only as good as the password. First, we all know choosing a password another person could guess is a bad idea. We also know that we should never leave the password where someone else could find it, and we know that we should never pick a word that appears in the dictionary. We hear this advice time and again from security experts, and it’s true!

But what about a “brute force” attack, where a hacker uses a computer to guess the password by trying different combinations of letters, numbers, and symbols? In this case, the longer the password, the harder it becomes to crack. How hard? Let me give you a couple of examples:

An 8-digit password using all lowercase letters would take, in theory, around 3-6 years to hack with brute force.

An 8-digit password using a combination of lowercase, uppercase, numbers, and symbols would take, in theory, around 4000-8000 years to hack with brute force.

That’s right – if your password is f8#$mGQ! it could take 4-8 THOUSAND years to figure it out using an off-the shelf computer and the appropriate software.

And here’s the best part – length benefits are exponential! Add one more character – and now it might take 250-500 THOUSAND YEARS to hack your password.

At the end of the day, you don’t have to sacrifice convenience for security. With eWallet GO! you get all the benefits of cloud based storage and sharing while significantly reducing the risk.

Need help building a strong password? Visit www.passbuilder.com to generate super-strong passwords!

Thanks!
First let me say thanks to everyone who posted their support. We really appreciate it and we are working very hard to live up to your expectations. The new release is a pretty big deal and I think you’ll all like it. In fact I think you’ll REALLY like it. So thanks for your kind words and we hope you like eWallet 7.0!

eWallet 7.0 Will Be Out Tuesday
eWallet 7.0 will be out tomorrow morning. This was the planned release date all along and we’re sticking to it.

More after the jump!

Why Did iPhone Come Out First?
Ask Apple! Our last update took 4 weeks to get approved. This one? 4 days. Seriously. We wanted them to come out pretty close (or at least have the desktop version out first) and we thought our timing was pretty good but once again Apple proved us wrong. What can I tell you – we’re at their mercy on this and we have absolutely zero control over when they release our software. It sucks. They should let us choose a date to go live once they approve it.

I Have to Pay to Upgrade?
As it says in the update notes for iPhone version, the upgrade to eWallet 7.0 on desktop may be a paid upgrade if you purchased more than 90 days ago. The price is going to be our usual $10.00 upgrade price, but with this release you’re getting something extra as well. More on that tomorrow.

I Don’t Want to Pay to Upgrade!
If you don’t want to upgrade, then you don’t have to. We’ll continue to support our previous versions just like we always have. Heck – we’ve got a couple of eWallet 2.0 users we still take calls from now and then. So if you fall outside the 90 days and you don’t want to pay to upgrade, feel free to keep using the previous version.

I Already Upgraded My iPhone and Don’t Want to Pay to Upgrade!
I’m sorry. We made it extremely clear in the upgrade information that you may be required to purchase an upgrade to the desktop version. I’m very sorry if you didn’t read that before you upgraded. Update information really is very important and worth reading.

Although Apple doesn’t provide you with any way to backup to an older version (although they should) there are some work-arounds out there in google searches. Here is one that Pierre posted in the blog comments here:

You can revert back to your iPhone e-wallet version 6. You need to look at your Recycle bin and check for ewallet.ipa. It should be 2.8meg. Delete your version 7 in iphone and itune. Double click ewallet.ipa and reconfigure sync. Back to normal.

Keep in mind that this is a non-supported function. I can make no promises about how well this will work.

UPDATE: OK, so in talking to folks we discovered that our perfectly clear message was anything but. In fact it was a bit misleading. Please check out the NEXT blog post for an update on that – we’re working very hard on a solution to help out folks who are having trouble now or who don’t want to upgrade. Again, sorry about that!

Just Send Me the Old Version
If I send you the old version today, we’ll be kicked off the AppStore tomorrow and there won’t be an eWallet for iPhone. Apple won’t let us do that. Period. In fact they don’t even give us a way to get software onto your device outside of iTunes.

You Shouldn’t Charge For Upgrades!
Not charging is not a sustainable business model for a product like eWallet. New sales alone don’t cover the costs for development of major changes in functionality. We have to charge for upgrades.

You Should Have <Insert Comment>
There was lots of advice in the blog comments. Some constructive – some not. I can’t answer all of them here but we thought – carefully – through pretty much every idea you posted. For any number of reasons they wouldn’t work, with reasons ranging from the limits of the AppStore to economic suicide. We truly did choose what we believed was the best possible path for this process in an environment where we have less and less control over that very same process.

Mac? Mac? MAC!!??
I’ve got something for you – not exactly what you’re expecting but I think you’ll like it! Check back tomorrow!

Correction: This post was originally meant to be tongue-in-cheek, where we would offer Twitter employees a free copy of eWallet to keep track of their passwords. It’s not an offer for the general public.

It looks like you’re having a little problem with your passwords. I know you know that using “password” isn’t a good idea, but I imagine you’ve all probably been pretty busy lately.

We’ve got this program called eWallet – you may have heard of it. It not only lets you store passwords safely so that you don’t have to pick the ones anyone can remember – and hack – but it also has a built-in password generator so you don’t even have to think of one. It’s network compatible, so your trusted employees (though you might want to rethink them as well, from what I’ve been reading) can all use it, and it’s compatible with iPhone, iPod Touch, Blackberry and Windows Mobile phones.

I’d be happy to give you a copy! No charge – consider it thanks for giving us all yet another way to feed our internet addictions. Just get in touch with our Customer Service guys, and we’ll get you your copy.

I’m guessing that everyone who reads this blog knows all this already, but I’m also guessing that everyone who reads this blog knows someone who could use a reminder. I’m very careful what I click on, but I know too many people who forget, or just don’t realize, that what looks like a very, very legitimate email might not be.

Most people wouldn’t call these Mothers’ Day videos, but if watching and remembering one of these videos makes someone’s mother stop and think before she clicks a link in an email, it will be worth a lot more than flowers.

A few related posts and articles I found interesting this morning:

Users’ Bad Habits Invite Malware, Forum Says. I have very mixed feelings about this. I’m a huge fan of being careful. I drown boxes of old business cards rather than just throwing them out, shred everything with anyone’s info on it, even things like holiday cards, and have told my favorite aunt she’s not allowed to send me email until she learns the difference between CC: and BCC:. But I’m not a fan at all of the “blame the users” approach to problems, which I think is much too prevalent among technical people. Yes, people are afraid of change, as the article says, but with good reason. Who hasn’t installed or upgraded some software, only to find their PC not working as well, or not working at all? And who believes that even the most conscientious use of security software and techniques is going to stop all the malware? Not me.

People should practice good security – absolutely. But that alone isn’t going to be enough. The internet infrastructure, particularly email, has to change. And I’d love to see installed software behaving a lot better as well.

But speaking of practicing good security, Marc sent me a fun page describing why Passwords are like Underwear. I particularly liked the illustrations. Maybe I’ll send it to my aunt.

And, finally, getting back to mobile, Tariq at Eten Blog dot Com is publishing a very in-depth interview he did with representatives of a few of the major mobile developers. The interview will be published in 4 parts (it’s long) – the first one is online here. Check it out if you’re interested!

I got an email this morning, looking like it was from PayPal, telling me to login to my account and update my information. I have enough experience to know what to look for before hitting any link, and also to know what kinds of emails to be suspicious of in general, but I also know that a lot of people don’t. I used to think things like the personal images and extra security questions were overkill, but I’ve changed my mind. I’m taking security a lot more seriously now, because some of the tricks the bad guys are pulling are pretty impressive.

I’d bet that people who read this blog (and thanks for reading it; I really like being able to just “think out loud” on my PC and call it working) are pretty careful and knowledgeable too, but I’d also bet that everyone has at least one friend or relative who’d read an email like the one I got today and click that link that looks legitimate. So if you know someone like that, this would be a great time to remind them that emails aren’t necessarily from who they say they’re from. And that links don’t necessarily go to the site in their text.

And now back to figuring out how to get rich and thin.

Our office was broken into. Nothing but one laptop was taken (and it was just used for testing, so had no valuable info on it, plus was password-protected). We think that our alarm scared the person or people away, and they just took the nearest good-looking piece of equipment. While we’re all feeling a little rattled by the thought that someone was in our office, we’re also very aware it could have been much worse.

We stopped keeping the credit card numbers we get for sales several years ago, and are very careful to protect any confidential info – whether users’ email addresses or our own credit card numbers and passwords – on any of our PCs, so I know that anyone getting any of our equipment wouldn’t be able to get any useful information. And I know we’re good about keeping offsite backups of all the corporate and customer info. I hope we’re also good about keeping offsite backups of our own PCs, but I know at least I don’t do that every day. But we’d lose weeks of work if we all had to get new PCs and set them up. I’m not sure that 5-year-old PCs (mine’s at least that old) are even worth taking, but I hope I never find out.

The other thing that’s happened is that as part of two banks I use being acquired, I’m kicking off a long-postponed personal financial reorganization. Wow – there’s a lot of info to enter and keep with new bank accounts. Online security is a lot better than it used to be, which I’m very glad about. But it’s clear that no matter how excellent my memory is, there’s no way I could be without a good wallet program. And being able to enter free-form info – like my third boyfriend’s pet’s name, or the street my high school was on – is a lot more critical than it was when we first added the Notes fields to eWallet cards.

Anyway, I’m glad the banks are looking out for me, and I’m glad there’s good enough software that I can manage everything I need to. And I’m really glad we got an alarm when we moved into this office (we’d always planned to with the previous one, but never got around to it). It’s too bad we need all that, but since we do, it’s good that it’s there.

And, yes, I’m thinking a lot about mobile technology too, especially with all the new announcements lately. I just don’t have anything to say about it – yet – that hasn’t been said by many other people.