epiic (SpookyElectric) (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} epiic) wrote,@ 2009-06-10 04:38:00 |
|
| Entry tags: | workstuff |
Make Me Money and Your Life Easier at the Same Time
Mitto.com: The best Safe, Secure, Buzzword, Synergy, Online, Web 2.0 Software as a Service for Password Management and Sharing and Ultimate Enlightenment
Mitto is my company, started as a spin-off of an internal project at my previous employer. We are now initiating a push to widen our user base beyond the initial testers. As such, I'd appreciate it if you took some time to check it out, and relay the message to anyone you know who may be interested. And if you want some random YouTube content to explore, watch Mitto commercials.
The Idea
At my previous company, we had passwords that needed to be shared among several people. And those passwords often needed to periodically change. So, I made a tool to collectively manage them. Passwords could be shared (via internal RSA public key cryptographic system, transparent to the users) and instantly updated for everyone when the time came to do so. The base version took about a weekend. It had to expand a lot from there, and mitto.com is a fresh-rewrite sharing only the base concept in common.Then we started using it for pretty much everything - even for personal stuff. And it became apparent that many of us really use far more sites than we thought. (In my case, I think I have something like 130 sites setup)
Since it doesn't require installation, I can use it from any computer. And security measures like two-factor authentication help keep data secure even on untrusted machines.
One Ring to Rule Them All
One big concern people have is that now they have a bigger problem if their Mitto password is compromised.
Previously, I had about 9 passwords, but most of my websites (except banking & E-Mail) shared just two of those. Many sites do not use SSL, and I use public wifi often, and many sites have very poor password management, such as storing them in plain text or E-mailing them to you in plain text. So it's easy for a malicious party to have intercepted one of those, and with that potentially gain access to a more important service. So, compromising one of those re-used passwords, or my E-Mail account already was a large single vulnerability.
Now that problem does still exist, but with Mitto, I have two factor authentication, so even if my password to that is compromised, my account is still safe. And if any one of those sites is compromised, it's just that site, since passwords are now unique. So, overall, I'm much safer than with passwords re-used many places floating around wifi networks and E-Mail servers.
Not a Hoax
This would be a great scam. I assure you, it isn't. I believe disreputable practices will inevitably be undermined. Especially since I don't see myself as very lucky, hoping I don't get caught isn't something I could count on even if I did try to do something malicious.However, skepticism is well founded. I store banking information in our service because I believe in eating my own dog food. But others would be understandably not so comfortable. But much of what you log into, such as online communities, are not that critical. So, I hope you'll at least consider using us for those sorts of sites.
Also, this is not a small operating running off a shared hosting provider. We operate a half rack full of equipment in our own locked half-cabinet in a datacenter. Servers run with their operating systems and software read-only, among many other security measures. (With more even layers of security in the works.) No critical data (i.e. your usernames, passwords, notes, etc) touches hard disks or travels outside a server (i.e. over Ethernet cables) unless it is encrypted.
In the works
Right now, you can't auto-login to some sites. I'm working on a new version of the bookmarklet that will allow you to login to pretty much anything, without having to go to our site first. Unfortunately, it's a bit tricky due to measures I'm taking to prevent XSS vulnerabilities in other sites from possibly being used to extract data from us. Unfortunately that will probably not be ready for about two months.Also, I'm planning an API that would facilitate using Mitto for things other than websites. (Again, this is a much more challenging task than it sounds due to the tricky matter of being flexible enough to be widely useful, while ensuring sufficient security, while maintaining ease of use.)
In the distant future (i.e. not this year, maybe next), Mitto may also be usable to sign up for new sites.
What I do
The company is small, but not just me. Arsen, a friend from college, and co-worker at my prior job founded it with me. He is in charge of most business aspects, and manages the support system. I am the lead software architect, and do the majority of the implementation for app.mitto.com. Network engineering and system administration ends up being my domain as well. Most graphic design type tasks, are Matt Ash's work, such CSS/Logos/Icons, and well as most of the brochure website at mitto.com.
Feedback?
I'm interested in any thoughts, questions, etc., that you may have. And if you find anything confusing, or have idea for improvements, please let me know.
You may post here, or E-Mail, or use the "Feedback" option when you are logged into Mitto.
Oh... and if you want free stuff, like Netflix, Southerwest, or Amazon gift certificates, you may be interested in out one-day only promotional contest. Get others to sign up and list your E-Mail address when they do, and you can win stuff.
Regularly scheduled programming of photos, cosplay, and random outings will resume when I get some more photos processed. I promise I won't spam again any time soon. On the subject of cosplay, I was meaning to visit FD Friday or Sunday, but neither worked out, so my next plan is visiting FD this Friday (or *possibly* Thursday). Anyone interested in meeting up? Maybe for lunch around there?
