Ask HN: I'm having doubts about LastPass security, what should I switch to?
However after noticing (https://news.ycombinator.com/item?id=6621560) that LastPass' vault is easily broken into when open, even with strict reprompt settings, I'm starting to trust their security model less and less. I opened a support ticket about the obvious password breach detailed above, and they say it's an inevitable consequence of Chrome's broken security model in extensions.
Well, if that model is broken, I don't want to use it. I find it misleading that LastPass even offers a reprompt option, since it is so easy to retrieve passwords from the application when it is logged in, even if a reprompt is required. Sure, it would slow down unsophisticated attackers, but you don't need to be that sophisticated to change the type of an input.
I have been trying to use it with very fast autologout policies but it very annoyingly asks for a password twice (once to login, once as a reprompt) as well as the Yubikey for every single site. The usability is garbage.
I've been looking at 1Password but I was turned off by their lack of meaningful 2FA support (Yubikey), and their exposure of data if used in any sort of convenient fashion (I would like access from my phone, which is part of the reason I want Yubikey support).
What do you use and what do you like/dislike about it?
65 comments
[ 4.5 ms ] story [ 136 ms ] threadI think the underlying issue, which KeePass also has, is that the entire database is encrypted. So to be able to search the database to see if a password exists, you need to decrypt the whole thing, including the passwords. If the passwords were each individually encrypted separately from the database, this could be fixed.
You can try KeyPass (http://keepass.info/), but if you're upset with the usability of LastPass you probably won't like KeyPass.
http://www.keepassx.org/
https://helpdesk.lastpass.com/security-options/multifactor-a...
This sounds like a non-vulnerability to me.
You can't get mad at Ford because someone stole your car when you sat them in the front seat and left the keys in the ignition. Why not log out?
LastPass has a series of reprompt options for all sorts of actions, such as opening password /secure note entries, logging in with a password, etc., and you can make those reprompts time out; so, for example, you can keep the thing turned on (so autofills will be prompted, passwords can be generated, etc), but doing anything meaningful with it will require a reprompt after a short amount of time.
As I've discovered, even with the reprompts enabled, you can access the data, so the option is IMO totally useless.
Perhaps I am overreacting but this was a really nice workflow, and it's disappointing to see that it doesn't quite work from a security standpoint. It is perhaps better to not use it at all, but to set a very fast idle timeout so in case of a stolen laptop, in the time it would take an attacker to crack your login password (if it happens at all), LastPass completely logs out.
We have a similar model for reprompting, but you can alter the code as you see fit. Someone was working on a command line client too, but I'm not sure what became of it.
Maybe an asterisk after the first sentence with a footnote stating "this product comes as is with no support" or something similar.
Just tried your service. It's not bad. You are exporting CSV but not importing it.
I don't find it especially good or bad, but it does the job and it's all stored locally -- I'm not concerned with accessing most accounts across different machines.
http://keepass.info/
[1] http://keepass.info/help/base/keys.html
Of course, all of this is in addition to service provided 2FA where applicable, e.g. Google, banks, web hosts, via SMS/Authenticator.
Cross-Platform Pro-Tip: KeePass 2.x runs great as is on the Mono VM with only the obvious Windows-only functionality unavailable.
https://www.schneier.com/blog/archives/2014/09/security_of_p...
Although, in addition to being a non-cloud-based option, it seems he only vouches for the original, Windows-compatible version. That said, the Android and iOS versions do seem to be open source, so at least you can build inspect them for yourself.
http://www.passwordstore.org
I think the usability needs to be a bit improved (I'm looking at maybe making a Chrome extension), but overall I think it's a pretty good solution.
I like the fact that it builds upon reliable, solid blocks to provide a solution: gnupg for encryption / decryption and git for synchronization between machines / backup.
It's a bit annoying, and it means that recently generated passwords might not be available from iOS, but overall seems to work!
But could this issue be solved by keeping your computer locked when you're not using it? I understand that might not fit your general computer usage, but it's how I use LastPass, and I certainly wouldn't use the service without locking my machine (reprompt enabled or otherwise--reprompt is turned off for most of my passwords).
You also mention trying very fast autologout policies, but that it gets annoying to have to enter your password twice. My question is, if you're logging out immediately, why do you need the reprompt option enabled at all? If a user can log in, they can certainly reenter the password, so the only thing the reprompt does is annoy you, with no added security.
I don't know your particular computer use, though, so forgive me if what I'm saying isn't applicable.
Right now from what I see it's a horrible mish-mash of different apps on different platforms written by different people with an unknown level of support for each of them. Frankly I don't even know if most of the KeePass apps are compatible with each other, and that kind of scares me. Setting up two factor access to KeePass is also pretty obtuse and requires tracking down blog posts and such to figure it out.
I don't mean to denigrate any of the contributions or work people have done in this space (in fact I am incredibly thankful), but it does feel like some leadership to put all these pieces together is badly needed.
I would absolutely love and be more than happy to spend some money on a polished app that's cross platform and is 'batteries included' so you can setup two factor auth & use devices like yubikeys without any extra screwing around. Bonus points if it doesn't require Mono too.
This doesn't seem like intended behavior and I'm surprised it hasn't been fixed yet.
In any case, couldn't you avoid it by simply turning off the autofill function as well for that credential? Then in order to access the site you would need to go through the menu and reprompt.
Update: The other weaknesses addressed in the following have been resolved in my chrome instance of lastpass https://news.ycombinator.com/item?id=6622154
- For each new account, generate a long, random but pronounceable password using apg [1].
- Don't let it touch disk. Immediately save it to a gpg-encrypted password file. I use gnupg.vim. [2]
- After a few logins the pronounceable password usually sticks. If I can't remember though:
The downside: there's no mobile version. That's okay -- I'm not sure I trust my phone with the keys to my kingdom anyway. I also wouldn't trust closed-source software with the keys to my kingdom, or even immature open-source software, for that matter.YMMV depending on paranoia level / threat model.
[1] http://linux.die.net/man/1/apg
[2] http://www.vim.org/scripts/script.php?script_id=661
1- Choose a common base ie. laroS-14
2- Take the two first characters of your login and slide one character back in the alphabet ie. mylogin = lx
3- Take the two first characters of the websites and slide again one character back in the alphabet ie. dropbox = cq
4- Concatenate 1-2-3 ie. laroS-14-lx-cq
Voilà! You have now uniq combinaisons for each website/login. Of course, change the rules to suit your habit and make it yours. It's stronger than using an external service or a software and you don't have to rely on anything!
How do you figure? Your scheme clearly has less entropy than a randomly generated string of the same length, and if an attacker learn two of your passwords, then they know they only have four characters to brute force for every other password you possess.
http://en.wikipedia.org/wiki/Kolmogorov_complexity
You're better off just doing something like concatenating a secret password with the fully qualified domain name and sha256'ing that and using that.
Or using a "correct horse battery staple" XKCD password generator (I'd use 5 or 6 random words, though, at this point).
- Password database in KeePass (the mainline version, not KeePassX or one of the other spinoffs)
- Database requires both password and key file to unlock
- Key file only lives on a USB thumb drive, which lives on the keychain in my pocket
- Database lives in a folder that is auto-synced to my various devices via SpiderOak (https://spideroak.com/)
- Password autofill provided by KeeFox (http://keefox.org/)
Using a password and a key file provides a "kinda sorta 2FA" solution, since the key file is tied to a physical artifact (the thumb drive, "something I have") while the password provides "something I know." It's not perfect, however, since the key file could theoretically be separated from the thumb drive if someone got ahold of it.
A better 2FA solution would be one that incorporates a key that's completely tied to the physical token. However, I haven't found a great consumer-oriented product along those lines yet, despite much looking. The YubiKey is the closest, but after buying two of them and spending hours fighting with them, I eventually gave up trying to make them work; they force a choice between their one-time-password (OATH) implementation, which is theoretically awesome but in practice very finicky, and just using a static password stored on the key, which isn't really any better than my USB stick solution.
I chose SpiderOak for syncing the database over alternatives like Dropbox, primarily because SpiderOak appears to actually give a shit about security and privacy. But it doesn't really matter that much because without both the keyfile and the password they couldn't look into the database anyway.
I chose KeeFox for the browser integration primarily because it's well-reviewed and open-source. But if you're concerned about the security of autofill in the browser, you could omit it entirely and just copy the password from the KeePass app when you need it. As always, the right balance of security vs. convenience will vary from person to person.
Chrome on OSX uses the OSX Keychain to store passwords -- and I figure if you can't trust OSX Keychain, then you're kinda doomed anyway using OSX. (But I actually think it's pretty solid software). (I am not sure if Firefox on OSX also uses the OSX Keychain? Safari surely does.)
And it's easy to share a Keychain file accross multiple OSX computers, even over dropbox -- but just OSX.
There are also of course a number of third-party, and in some cases multi-platform, password storage systems that simply keep your passwords in an encrypted file. I am not sure if any of them have as good browser integration as LastPass (or built-in browser auto-fill) though. Anyone know of any good ones?
What exactly are you referring to by that? The 1Password keychain is encrypted using PBKDF2 with a large number of iterations so they're rather resistant to offline attacks, particularly since I'd assume all of your devices have FDE enabled. If you're too paranoid to trust iCloud/Dropbox for the actual file exchange there's also a local WiFi sync option.
I've been using Emacs and GPG files (one for personal stuff, one for work accounts) as a password manager since GNU Emacs 22 came out with GPG integration in 2007. Works almost anywhere without needing any other applications. I back up the GPG files to remote servers and keep my private keys on several private devices to get the benefit of remote backups without the risk.
Both iOS and Android are pretty much designed as surveillance devices, I would not recommend putting your private keys or password list on them.
That's just a justification for his password manager which has no other way to transfer passwords. There's no security benefit.
Keyloggers don't literally "log keys." A stream of typed keys with no context is utterly useless. Particularly when the goal is automated data theft (rather than a dedicated attacker targeting you personally).
Most keyloggers are embedded somewhere on the HTTP stack (e.g. browser extensions/plugins, Win32 message hooking (e.g. steal the password from a specifically named element when that element is destroyed), TCP driver, etc).
Why do otherwise intelligent people continue to think that malware literally logs their keys? Even a cursory thought about the subject would flag all kinds of issues and better alternatives.
I strongly suggest everyone with an interest in the topic go grab some malware source code and read. It isn't like it is hard to find.