I’ve been considering starting to use a password manager for awhile now, however I’ve been holding off because of the simple fact that a password manager means that if someone cracks or keylogs your master password then they can view all the passwords you have for every site in existence – including your SSN and other personal information if you have so chosen to put it in their system.
PasswordBox works by having a you downloading a client and setting a master key that will be used to encrypt all of your passwords – so your passwords aren’t really stored on their system but instead a encrypted version of your password is stored and then decrypted by you entering your master key. The encryption method is AES-256 which stands for Advanced Encryption Standard, and PasswordBox does not store your master password on its server.
That being said, if your computer is already compromised than one entry of the master password means that hackers could potentially download the PasswordBox program and then use that one password and see all the passwords you have for all of your sites : email, facebook, banks, etc.
For that reason I am still sceptical, not to mention there is no fee for this application so it’s doubtful they aren’t collecting information to generate revenue from the users.