It's pretty easy to check - this gadget doesn't include any non-visible code (HTML and JavaScript), so you can simply review the code to determine whether or not you consider it to be trustworthy. Simply rename the .gadget file to a .zip file, extract the files and review. I've done a quick review of the code that is labelled version 1.0 (SHA1 checksum: f147552049999e81799298184b2579c372657d7b) and I don't see anything untowards that would expose you to obvious risk. I cannot validate the correctness of the AES encryption algorithm that is implemented in the JavaScript, but the file is definitely encrypted using the password you supply. AES is pretty well-known and the file contents could easily be validated to be correctly encrypted (I have not done this). As with any encryption, it can be cracked through various techniques, but the US government considers it secure enough for their own data (i.e. they can crack it with expensive equipment, but they don't expect most people to be able to). For more details on the encryption standard used, consult sources such as Wikipedia (AES, 128 bit). As with any symmetric encryption, you should always choose a good, long, random key (your password). If this password can be guessed, someone can read your data. However, since it's stored on your computer, you have some control of the physical security of the computer, so keep that in mind. Also, this tool does require you to define your own password file on whatever device you want (e.g. removable USB key), so you can also control physical access to the password file if you're feeling paranoid. Why trust me? Don't - check yourself. I'm just offering an opinion since people seem concerned about it. I would generally say that the author of tool is using it themselves and they trust it to keep their data safe. Consideration seems to have taken place to most reasonable security concerns and features/techniques used accordingly.

haha even tho there isnt a hint and answer field i think its wonderful! and even tho most of my passwords are the same thing i still dont kno which password goes with which acount haha! soooo this is a really helpful tool for the sidebar! keep updating it plllllzz!

Thanks RDTurner for your thorough considerations. If I understand correctly, then a trusted third party signature would only verify that what we are downloading actually is from Chris Mrazek rather than verifying that what Chris Mrazek provides is reliable and free of malware. "Nice idea... (7/20/2007)and would be really useful, but (and not implying anything about your integrity) this would really need to be signed by a third party so we could know it was trustworthy itself :-)" RDTurner's idea to check and explanation of how to check should allow us to meet our integrity objectives though.

Great gadget, and as it's written in JavaScript, you can check out the source code yourself. To those whining about it not being reviewed by a third party - check the source code yourself! You don't whine about Linux being unsafe, do you? Anyhow, great gadget and it's on all my computers. You can even get your preferred backup tool to backup the password file so if your HD dies you still have your passwords (in encrypted form of course!)

I have so many passwords to remember this help a lot. I wonder if I could use it for Key codes for like microsoft office and my adobe creative suite 3. If I loose those I'm screwed.

How do I get all my passwords back? Thanks

..but how do we know no one is able to see the contents?

No documentation, no directions, no way to figure out how it works. Wasted time trying to figure this suppoosedly easy tool out. I uninstalled it

and would be really useful, but (and not implying anything about your integrity) this would really need to be signed by a third party so we could know it was trustworthy itself :-)

I love this little tool, however, i really think it is missing an export option. I hope you¨ll keep develop this gadget