A cryptographer's perspective on choosing a password manager

in #techreview8 years ago (edited)

Summary: To evaluate the various password managers available, I come up with desired features and a threat model. I then compare 1Password, Lastpass, Enpass, KeePass, pass, iCloud Keychain, and memorization with a paper notebook as backup, and see how they each stack up in terms of security and usability.

Password managers

"You really should use a proper password manager."

It's something I've been telling myself for a couple of years now. I've been using a home-brew password manager I came up with a few years ago, but I'd never really invested much effort in it. It works, it's probably fairly secure (because of good crypto, but also: who's gonna attack my password manager that only I use?). I can store and retrieve passwords, but it's cumbersome. No browser extension, no mobile sync – so I end up with memorizing most of my passwords anyway, which means I reuse a lot of my passwords.

But, as you might know, reusing passwords is bad. And as a cryptographer (although a theoretical one – I'm basically a mathematician), I really should know better. Of course I don't have just one: a unique one for my email, another one for my bank, one password for websites I don't care about. But that last category has by now gotten so large and I actually started to care about some of my accounts on these websites, so I need a new approach. Thus, a few days ago I decided to take action and invest some effort into finding a good password manager. This post is the result of this effort.

In case you're not yet fully convinced you need a password manager, let me try to convince you. (Even though for Steemit you couldn't even pick your own password, so unless your memory is really good, you're already storing that one somewhere.) A password manager helps you avoid two pitfalls:

Reusing passwords If you use the same password to log in to websites A and B, then if website A gets compromised (or the admin has ill intentions for you), then can also access your account at website B. Note that this is true regardless of how website A stores their passwords, because each time you log in you send them your password. You can of course choose different passwords for different categories of websites, like one for your social media accounts, another for your bank, and another for websites you don't really care about, but when that last category keeps growing it can get a pretty big deal if suddenly all of your accounts on those websites are accessible by someone who doesn't like you.

Using short and predictable passwords Short and predictable passwords are easy to memorize. But they're also easier to bruteforce, for someone wanting access to your accounts. When a hacker steals the password database of a site you use, passwords are usually encrypted. The shorter the password, the easier it is for the hacker to figure out your password.

With a password manager you can use a strong, unique password for each service you use. The downside of this, is that someone who wants access to your accounts only needs to look in a single place. This is where the threat model comes in. But before we can talk about threats, we need to look at what we want to achieve.

What I want is simple, in essence. Basically, I want easy access to services (websites, computer accounts, etc.) from any of my devices (laptop, phone, work computer, etc.).

The threat model

Security by itself is a sort of empty term. Secure against what? What you want to defend against of course fully depends on your personal needs. Here's what I came up with for my situation.

My passwords need to be secure against:

  1. Service isolation: One service being compromised doesn't lead to another service being compromised – see "Reusing passwords" above.
  2. Bruteforce attacks on the services – see "Using short and predictable passwords".
  3. Snooping: Someone briefly accessing my device, when I am logged in. Also shoulding surfing can be a concern, which is why something like autofill is good.
  4. Device theft: Someone stealing my device. Let's assume it gets into the hands of a skilled hacker.
  5. Malicious software on my device. This is a hard one to defend against. Generally if something has access to your computer it's over, although OS-level sandboxing is getting better. Using a popular password manager increases this risk. For good defense against this, you probably need something like Qubes.
  6. Software vulnerability: Compromise of the password manager. This is hard to evaluate. We'll have to base ourselves mostly on the reputation and security practices of the author of the manager. Using a popular password manager increases this risk.
  7. Data loss: Losing my passwords.
  8. Server compromise: If we're using a server to synchronize, someone with access to that server.

There is rarely a thing such as "absolute security". It's all about estimating and weighing the involved risks. This is something you should do for yourself.

Features

I want easy access to services, hence a password manager that's usable. This means:

  • my device can run the software
  • there is some synchronization between devices
  • it should be easy to use a service (e.g. log into a website)

Additionally, I'm including the price of the system.

Candidates

Let's look at the various password managers available. I will look at their supported platforms. I need the manager to run on at least MacOS and iPhone, since those are the platforms I'm using personally. However, I'll expect the software to run on all of MacOS, Windows, Linux, iOS, and Android – if it deviates from this I will mention it.

For synchronization, I will distinguish between:

  • Their cloud (the service itself providing storage)
  • 3rd party cloud (e.g. Dropbox, Box, iCloud)
  • Own cloud (e.g. WebDAV support)
  • Local network ("syncing through Wifi")

Easy of use: autofill and automatic entry of a new password is a big plus. As for browsers, if it has autofill I will expect it to run on Safari, Chrome, Firefox, and Internet Explorer.


1Password

1Password is often mentioned. It has a good reputation, looks polished, and is fairly expensive. They just launched a $ 36 per year subscription service which includes all apps and a web service – I'd recommend not using the web service. First 6 months are free if you register before September 21 with this link.

Features

  1. ★★☆☆ Platforms
    No Linux support, closed source.
  2. ★★★☆ Synchronization
    Their cloud, 3rd party cloud, local network.
  3. ★★★☆ Ease of use
    Autofill, auto entry, TouchID.
  4. ★☆☆☆ Price
    $ 36 per year

Security

  1. ★★★★ Service isolation
  2. ★★★★ Bruteforce attacks
  3. ★★★☆ Snooping
    Can be set to auto-lock after idle for a number of minutes.
  4. ★★★☆ Device theft
    Key derivation: (40K-100K) rounds of SHA512.
  5. ★★☆☆ Malicious software
    Password file encrypted. Unknown how hard it is to steal data from unlocked vault. Popular app, likelier target.
  6. ★★★☆ Software vulnerability
    Security conscious development team. Good track record, one minor CVE in 2012. Closed source. Security whitepaper
  7. ★★★☆ Data loss
    Cloud storage. CSV export tool in the app. Documented data format. Some open source parsing tools available (1) (2), but status unclear.
  8. ★★★☆ Server compromise
    Data on their cloud is end-to-end encrypted; on other clouds it isn't. OPVault uses metadata encryption and authenticated encryption.

Lastpass

LogMeIn Lastpass started as a browser plugin, and still mostly uses browsers as its main back-end.

Features

  1. s

  2. ★★★★ Platforms
    Runs pretty much everywhere, mostly as a browser extension. Company maintained open source CLI.

  3. ★☆☆☆ Synchronization
    Their cloud.

  4. ★★☆☆ Ease of use
    Auto fill, auto entry, TouchID. Not quite polished.

  5. ★★☆☆ Price
    First device free. Premium $ 12 per year.

Security

  1. ★★★★ Service isolation
  2. ★★★★ teforce attacks
  3. ★★☆☆ Snooping
    Can be set to auto-lock after idle for a number of minutes (not default).
  4. ★★☆☆ Device theft
    Key derivation: 5K rounds of SHA-1.
  5. ★☆☆☆ Malicious software
    Password file encrypted. Unknown how hard it is to steal data from unlocked vault. Runs in browser.
  6. ★☆☆☆ Software vulnerability
    Plagued by security issues in the past, and as recently as a week ago. Closed source.
  7. ★★☆☆ Data loss
  8. ★★☆☆ Data loss
    Cloud storage (only theirs). CSV export tool in the app. Company maintained open source CLI.
  9. ★☆☆☆ Server compromise
    Account password on their server is equal to the vault password.

Enpass

Enpass offers a free desktop version, and a fixed once-off $ 10 per additional platform app. It uses SQLCipher as its storage backend.

Features

  1. s

  2. ★★★★ Platforms
    Offers lots of native apps for different platforms.

  3. ★★★☆ Synchronization
    Their cloud, 3rd party cloud, own cloud.

  4. ★★★☆ Ease of use
    Auto fill, auto entry, TouchID.

  5. ★★★☆ Price
    Desktop app free. Other platforms cost $ 10 once.

Security

  1. ★★★★ Service isolation
  2. ★★★★ Bruteforce attacks
  3. ★★★☆ Snooping
    Can be set to auto-lock after idle for a number of minutes.
  4. ★★★☆ Device theft
    Key derivation: 24K rounds of SHA-1.
  5. ★★☆☆ Malicious software
    Password file encrypted. Unknown how hard it is to steal data from unlocked vault.
  6. ★★☆☆ Software vulnerability
    Closed source. Security mostly through SQLCipher.
  7. ★★★☆ Data loss
    Cloud storage. Export tool in the app. SQLCipher is free/open source. Easy access with scripting languages.
  8. ★★☆☆ Server compromise
    Metadata encrypted. SQLCipher uses authenticated encryption.

KeePass

KeePass is an open source password manager for Windows, but can run on *nix platforms under Mono. There are numerous unofficial ports for various platforms. KeePass has two database formats, version 1.x and version 2.x – some ports are only compatible with one version.

For my use case, I need mobile (iOS) app and a browser extension. KyPass seems to be an app with a relatively large amount of features, but it is closed source and costs $ 7. Since this offers few benefits over for example Enpass, I will use MiniKeePass which is open source. It supports manually copying your database (no two-way sync) from mail and 3rd party cloud apps.

For browsers, there's a built-in plugin for IE, Keefox for Firefox, and CKP for Chrome. There's an unmaintained Safari extension as well. Keefox seems fairly mature, CKP is still in beta.

Features

  1. s

  2. ★★☆☆ Platforms
    Open source, there are numerous forks. Browser support is lacking.

  3. ★☆☆☆ Synchronization
    Manually copying files on iOS. KeePass itself has two-way sync.

  4. ★☆☆☆ 3. ★☆☆☆ Ease of use
    Manual sync and manual password entry on iOS. You have to keep track of different apps.

  5. ★★★★ Price
    Free and open source.

Security

  1. ★★★★ Service isolation
  2. ★★★★ Bruteforce attacks
  3. ★★★☆ Snooping
    Can be set to auto-lock after idle for a number of minutes. Has autofill/autotype.
  4. ★★★★ Device theft
    Key derivation: chained iterated SHA256/AES. IND-CDBA secure (PDF)
  5. ★☆☆☆ Malicious software
    Password file encrypted. Tool available for stealing from a locked vault on Windows.
  6. ★★☆☆ Software vulnerability
    Open source tool. Vulnerabilities in the past [1] [2].
  7. ★★★☆ Data loss
    Everything is open source. Cloud storage must be done manually.
  8. ★★☆☆ Server compromise
    No authenticated encryption on the database.

pass

pass is the Unix philosophy applied to password management: it's a small shell script that uses GnuPG for encryption and Git for synchronization. The downside: no iOS app without a jailbreak. There is an Android app and a Firefox plugin

Features

  1. s

  2. ★☆☆☆ Platforms
    Open source. Desktop well supported. There is a Firefox plugin, none for Chrome/Safari/IE. Synchronization
    3rd party cloud, own cloud, local network if you set it up.

  3. ★☆☆☆ Ease of use
    Autofill using Firefox, no auto entry. No autofill on Price
    Free and open source.

Security

  1. ★★★★ Service isolation
  2. ★★★★ BruBruteforce attacks
  3. ★★★☆ Snooping
    gpg-agent can auto lock after a number of minutes.
  4. ★★★★ Device theft
    Uses GPG, which is quite robust.
  5. ★★☆☆ Malicious software
    Password file encrypted.
  6. ★★★☆ Software vulnerability
    Open source. While GPG is well-tested, some of the shell scripts/browser extensions/apps might not be secure.
  7. ★★★☆ Data loss
    Uses GPG as a backend, which is long-lived. Git makes it easy to keep decentralized copies everywhere, but still requires user action.
  8. ★★★★ Server compromise

iCloud Keychain

Apple also offers a password storage option, with iCloud Keychain. It only works on Safari, both on iOS and MacOS. Chrome and Firefox also offer password storage for their browser, but iCloud Keychain looks a little more feature complete. Of course, it doesn't work on Android or Windows devices.

Chrome dropped support for it. There is a Firefox plugin for the Keychain, but it doesn't work with iCloud due to Apple only allowing sandboxed apps to access iCloud.

Features

  1. s

  2. ★☆☆☆ Platforms
    Only MacOS/iOS. Only works with Safari.

  3. ★☆☆☆ Synchronization
    Their cl Ease of use
    Autofill, auto entry, TouchID supported.

  4. ★★★★ Price
    Free and open source.

Security

  1. ★★★★ Service isolation
  2. ★★★★ Bruteforce attacks
  3. ★★★☆ Snooping
    The keychain is always unlocked. Needs login password to show passwords. Metadata (URLs, account names) is visible though.
  4. ★★★☆ Device theft
    Encrypted using your login password.
  5. ★★☆☆ Malicious software
    Password file encrypted.
  6. ★★★☆ Software vulnerability
    Closed source.
  7. ★★☆☆ Data loss
    Storage on their cloud, which is unlikely to disappear soon. Exports are possible, but require effort.
  8. ★★★☆ Server compromise
    Closed source. Stored end-to-end encrypted.

Memorization plus pen and paper

Pen and paper

And now for the simplest password manager: pen and paper. If you want access anywhere, this requires taking a notebook with you. Let's assume we're trading off some usability by memorizing some passwords, and having fewer of them and shorter ones.

Features

  1. s

  2. ★★★★ Platforms
    It works anywhere.

  3. ☆☆☆☆ Synchronization
    N Ease of use
    Copying passwords is cumbersome.
    Price
    You'd want to treat yourself to a nice notebook, right?

Security

  1. ★★☆☆ Service isolation
    Fewer unique passwords.
  2. ★★☆☆ Bruteforce attacks
    Easier passwords.
  3. ★☆☆☆ Snooping
    It's relatively easy to snoop on the notebook.
  4. ★☆☆☆ Device theft
    Passwords are not stored on any computer, but now we need to account for theft of the notebook.
  5. ★★★★ Malicious software
  6. ★★★★ Software vulnerability
  7. ★☆☆☆ Data loss
    One physical copy. Making copies is hard.
  8. ★★★★ Server compromise

As you can see the risk profile is quite different from the more high-tech solutions.


Conclusion

Here's the combination of the above tables.

Feature1PasswordLastpassEnpassKeePasspassiCloudPen and paper
Platforms★★☆☆★★★★★★★★★★☆☆★☆☆☆★☆☆☆★★★★
Synchronization★★★☆★☆☆☆★★★☆★☆☆☆★★★☆★☆☆☆☆☆☆☆
Ease of use★★★☆★★☆☆★★★☆★☆☆☆★☆☆☆★★★☆★☆☆☆
Price★☆☆☆★★☆☆★★★☆★★★★★★★★★★★★★★★☆
Service isolation★★★★★★★★★★★★★★★★★★★★★★★★★★☆☆
Bruteforce attacks★★★★★★★★★★★★★★★★★★★★★★★★★★☆☆
Snooping★★★☆★★☆☆★★★☆★★★☆★★★☆★★★☆★☆☆☆
Device theft★★★☆★★☆☆★★★☆★★★★★★★★★★★☆★☆☆☆
Malicious software★★☆☆★☆☆☆★★☆☆★☆☆☆★★☆☆★★☆☆★★★★
Software vulnerability★★★☆★☆☆☆★★☆☆★★☆☆★★★☆★★★☆★★★★
Data loss★★★☆★★☆☆★★★☆★★★☆★★★☆★★☆☆★☆☆☆
Server compromise★★★☆★☆☆☆★★☆☆★★☆☆★★★★★★★☆★★★★

Some observations:

  • 1Password and Enpass are comparable. 1Password is easier to use and offers more features, Enpass supports more platforms and is cheaper.
  • I wouldn't recommend Lastpass.
  • As far as the open source apps go: they're less easy to use, especially on iOS. I'd choose pass over KeePass for flexibility.
  • If you just use Apple platforms, don't want to pay for anything, and aren't too concerned about data loss – for example if you have password reset available through your email for all your accounts – iCloud is a good option.
  • Pen and paper: it works, but isn't really the way to go – unless you're really concerned about software vulnerabilities and are willing to make a lot of physical copies that others won't be able to find.

Ultimately, you have to decide for yourself which features and security concerns weigh more heavily than others. Personally, I've gone with Enpass for most of my accounts since I like the price better than 1Password, and I'm happy with it so far. For some passwords that need a bit more protection (e.g. Bitcoin wallets), I'll stick with my home-brew solution together with pen and paper.

Thanks for reading! Let me know what you think, and which password manager you're using. Also, if you have any other suggestions for password managers for me to look at, I'd love to hear about it.

Sort:  

Great post!
It's important to spread security consciousness

Thanks for sharing these options with us @fevr!

I've used and sometimes still use LastPass, and I found it quite easy to use, but now that I know that it is vulnerable to a variety of attacks and hacks, I'm gonna be switching to something more secure.

I'd have to say that the most secure option on here is possibly the memorization plus pen and paper option. Now the question is, can I memorize a long string of characters? And how good is my recall?

Thanks again fevr. Look forward to seeing more posts from you.

Meh, my tables have gone a bit wonky compared to the preview. Anyone know how to fix that?

Very nice and useful post!
For me the determining factor in the end is cross-platform compatibility, and since I use Linux desktop, Linux phone, Windows desktop and Android, there's not much choice. I really hope the world becomes more cross-platform and less walled gardens.

I memorize all my passwords and so can you. With memory techniques you can remember very secure and long passwords. Today I posted about a new free ebook from a memory coach friend of mine. Follow me for more about memory and get the book as long as it is free: https://steemit.com/security/@flauwy/new-ebook-free-for-limited-time-the-hack-proof-password-system

Congratulations @fevr! You have received a personal award!

Happy Birthday - 1 Year on Steemit Happy Birthday - 1 Year on Steemit
Click on the badge to view your own Board of Honor on SteemitBoard.

For more information about this award, click here

By upvoting this notification, you can help all Steemit users. Learn how here!

Nice security based post

Congratulations @fevr! You have received a personal award!

2 Years on Steemit
Click on the badge to view your Board of Honor.

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

I like your analysis but It should be updated because there are also Bitwarden and Password Safe to be considered. I was an early adopter of KeePass but I switched to Enpass. Now I am trying Password Safe and Bitwarden: both of them are open source and they support 2FA with Yubikey ( Master password is a single point of failure, the second factor reduce of 50% your risk )

Congratulations @fevr! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

Nice @fevr
Shot you an Upvote :)