Risks of Password Managers

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on.

My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. In my way of thinking, that reduces the risks of a password manager considerably. Yes, there are losses in convenience.

Posted on June 19, 2019 at 1:26 PM • 42 Comments

Comments

LomaxJune 19, 2019 2:58 PM

The post would be more useful if it contained a link to the article mentioned, like it is almost always done here.

Thank you @"Who?" for the link.

More on topic, Bruce's advice makes a lot of sense. Cloud and mobile are too dangerous to trust with such extreme information.

SocraticGadflyJune 19, 2019 3:02 PM

Here's another part of the solution: NEVER let any business store a credit card's info for you, or anything like that.

And another part of the solution? Don't have 60 different things that need online passwords.

MauroJune 19, 2019 3:25 PM

I like clipperz.is approach:
- cloud storage for the encrypted archive
- local decryption in the browser

MeJune 19, 2019 4:15 PM

Or you can split all credentials in separate password vaults by topic/usage, using dedicated storage devices and even using a different software. Not applicable for every user out there though...

WinterJune 19, 2019 4:18 PM

One way to protect your passwords in a password manager from loss is to periodically download all passwords into a separate encrypted volume or file.

Obviously, you then should not forget the password of the backup.

The article repeatedly warns against compromised hardware/systems. But as I understand it, nothing can save you if you use a password on a compromised system.

HugoJune 19, 2019 4:33 PM

@Mauro that's what most password managers do, question is always "how good is that encryption".

SkippyJune 19, 2019 5:24 PM

I see no mention of the following method of securely storing passwords:
OS: Linux Mint
Using a password protected LibreOffice Calc spreadsheet (Linux open-source equivalent to MS Excel) on a full disk encryption drive to save my passwords.

I do keep backups, but not in the cloud. And I don't save passwords on my phone.

Anyone think this is a bad idea? No sarcasm intended here :)

Niko June 19, 2019 6:17 PM

I use a command line password manager , I can run it on my remote server which the passwords available over ssh connection. That way I can also access them from my phone too.

BillboJune 19, 2019 9:07 PM

Skippy: I use a text file which I edit with vim and encrypt with gpg (AES256) on a Linux system. Vim is configured to encrypt/decrypt the file when I view or edit it. I backup the file as part of my normal backups as well as stashing it in a few other places.

So you have two levels of encryption, while I only have one. On the other hand, I have no idea which encryption algorithm LibreOffice uses in Calc. It's hard to say if that is helping you or not. I decided on this setup as gpg can be installed on just about any system and can be setup pretty quickly to use for symmetric encryption. While I don't normally use a phone to access the file, I have done so in an emergency with one of my stashed copies.

Overall, I can't say your setup is worse/better than mine. Our setups are very similar in my opinion. We have similar downsides: poor ease of use, no integrated random password generation, no checking for password reuse.

MikeJune 19, 2019 10:21 PM

I'm always amazed when otherwise smart people seem to lose their common sense and think that putting passwords into a cloud provider is somehow a good idea.

Mace MonetaJune 19, 2019 10:28 PM

I do store my password manager files in the cloud - but the cloud is our personal Nextcloud on our home server accessible only via VPN (currently Wireguard). Keepass Tusk on Chrome(book) and Keepass2Android on Android both support WebDAV, making use with Nextcloud easy. That way we get both the convenience and the security.

No One / Ex CathedraJune 19, 2019 10:29 PM

Mr. Schneier makes measured, thoughtful recommendations, and it is always good to hear what an expert does for himself or herself in things having to do with information security. I like it when he shares what he does for the security of his own info.

The whole concept of cloud storage is utter madness to me, from a security perspective. I would not store anything on the cloud that needs to be kept confidential--that is, unless you are an expert.

I only store passwords for two sites, both of which have no important info of mine on them. I never repeat passwords/phrases, nor do I repeat parts of them.

I use a TRNG (true random number generator) to make my passphrases, using all the characters possible, and all of them are very long. I peck them in anew every single time. I store them on paper in a book in obscured form (substitution), which would stop my little sister. The book is kept in a safe.

I always use multi-factor authentication.

I try to stay off the internet for anything personal. The internet is just a gigantic collection platform, and if you want to have confidentiality about anything, you better do your homework--learn about encryption and air-gapping.

No One / Ex CathedraJune 19, 2019 10:53 PM

@ Mike

I am amazed by it too. It's like a contest in which you try to expand the attack surface as much as possible while still believing in what you are doing.
Crazytown.

I'll put a file in the cloud. Sure.

A one-time-pad encrypted ciphertext with a Carter-Wegman MAC...

aserraricJune 20, 2019 12:43 AM

I feel my password manager of choice is always woefully under/unrepresented on these comparisions. Bitwarden is fully open source, can be self-hosted and encrypts data both at rest and during transport, so that neither cleartext nor the decrypted master key ever leaves the device. Yes, this means there is no recovery if you forget your master passphrase, but it also means the service provider has no chance of seeing your data. If someone infiltrates your device, all bets are off of course, but that is true for all of them.

DevinJune 20, 2019 12:56 AM

Skippy:

You've reinvented the password manager. Now, if the spreadsheet is a better way for you to keep organized, that's fine.

There are two points of failure I can see that you're more vulnerable to than I (a religious password manager user) am.
1. I hope your backups are good, and offsite. With a password manager, I have a single high-value file that is separately encrypted, which I can then take extra care in backing up (so, for instance, I email it to myself and a relative occasionally and keep a current version on dropbox. Maybe you don't trust dropbox or gmail or my dad, but since all they have is an encrypted file I'm not too worried.)

Ask yourself what happens if your house burns to the ground, or gets hit by lightning, or every drive on the premises gets destroyed in some other way. You might want to encrypt that spreadsheet and send it to your mom, or your old college buddy, or whatever.

2. Depending on the details of the FDE setup, your password file is decrypted/accessible while you're not using it (just something else on the same disk/partition). This is an advantage of a well-designed password manager: it should keep itself locked down when not in use.

I don't think either of those is a killer, just things to be aware of.

DavidJune 20, 2019 3:07 AM

Using a spreadsheet has extrra dangers as office suites tend to make time backups, stored on disk and only (hopefully) deleted when the file is closed. Is this backup encrypted?
The hard part of password manager design is trying to make sure that freed memory does not contain your passwords and making sure that they never go to disk cache - truly erasing SSD disks is hard

CateJune 20, 2019 3:12 AM

@Mike: It is handy, instead of remembering many website password. For sure I do not store email and bank credential on the cloud, but..

I need to manage a lot of airlines and hotels. I will never remember all password, and I'll not reuse them. Especially for hotels, I do not trust they security.

I need them on work computers (work travels), but also on my personal computer and phone (for booking and check-in details).

These are important data, but also not stored (by airlines) securely. We all know that with booking code, one could cancel flight and get the very small refunds (at minima, the taxes and fees), but anyway I want the part I control to have a stronger password. And I could not afford to connect to airport WiFi (terrible security, and ToS) to get my checkin data.

But also many online newsites. I like to register (and maybe pay a subscription not to have ads). I would like to share it on all my computers (and ev. also at work, if the site maybe relevant).

Note: using a single computer is also not safe, one often forget backups, so being digitally look out, and I will not cross the border with a computer with a lot of credentials.

[I'm a technical person (and informed about security thread and when to do upgrades), so "cloud" for me is to my personal server, but most people must relay on "the clouds".

Sam LordJune 20, 2019 3:24 AM

My preferred suite of tools is:

* KeePassXC for desktop (work laptop, home laptop, PC)
* KeePass browser extension
* KeePassDX for mobile
* SyncThing on all devices for P2P encrypted sync

My password vault never enters the cloud, but whenever I update it, the change permeates through my devices (typically from whichever device I am on to my phone, and then when my other devices are on, my phone will then update those).

One advantage I can't stress enough is that passwords are not always entered into websites. The browser extension should be a feature, not the entire application.

Maxwell's DaemonJune 20, 2019 4:15 AM

Password Safe in use here since Bruce first mentioned it ages ago with encrypted copies of the password file tucked all over the place, multiples of local/remote (and Cloud). I even squirrel away older files for historical/archival purposes. This way, I am not sharing the encryption key(s) with anyone else.

Givon ZirkindJune 20, 2019 4:50 AM

@Billbo You do know, encrypting something twice, does not enhance encryption. Ex. Serial Ceasar encryption reduces to one equation for a solution.

Petre Peter June 20, 2019 7:52 AM

Once I write down passwords on paper, I consider them compromised. Password managers are definitely the way to go provided they offer encryption. Remembering passwords is like asking me to remember the cuts on every key I have.

kronosJune 20, 2019 8:26 AM

A friend relies on writing his passwords on a small piece of paper and carrying it with him in his wallet. I was trying to explain the downside of this but he argued that unless his wallet was lost or stolen the password list was secure. I pointed out that I could retrieve the piece of paper, make a copy/photograph, and put it back and he would not even be aware his list was compromised.

The article is a good overview of using and securing passwords in the digital age we find ourselves living in. I wish it were required reading at my employer to prevent some of the security 'goofs' I see frequently.

VinnyGJune 20, 2019 8:39 AM

Using PasswordSafe from an Imation/Ironkey F100 fingerprint-secured flash drive. When I used this set-up at work I would disconnect the F100 whenever I left my desk (to require re-authorization.) Now that I'm retired and at home, I leave it plugged in. I allow PWS to generate my pw, then occasionally tweak the result (probably not improving anything, but it's an amusing exercise...) I don't use my phone for anything that would require a password...

denselyJune 20, 2019 9:26 AM

I stopped allowing browsers and Apple Keychain to store anything for me when I realized that I didn't know how they worked, or where and how they stored my secrets. A password store that serves passwords whenever I'm logged in to a device or whenever I'm logged in to a vendor's single sign on service doesn't do what I want. My first replacement was like Billbo's solution, locally stored encrypted text files that I merged by hand to keep the stores on different devices in sync. This was cumbersome and vulnerable to shoulder surfing, so after a while I converted to using a commercial password manager.

SofakinbdJune 20, 2019 11:32 AM

This seems like a good time to point out that having a your password manager developer use a sustainable business model is important too.

There are places to save money, and there are places to spend appropriately. Password management, and a password manager, seems like one of those things to spend on appropriately. If you are going to take the time to setup and store 1,000+ logins, software licenses, and secure documents then paying for timely updates and developers who stay current on the latest research seems prudent. It is why I support 1Password.

I realize others have suggested other apps, but this my reasoning. For the average user, my mother for instance, it is the best available for our particular uses. $5 a month is quite acceptable to ensure development for a long time into the future. 1Password happens to a pretty powerful little database program too.

- Sofa

wa7eX5soJune 20, 2019 1:03 PM

I use KeePassDroid from my Android phone and manually back it up to Google Cloud under an obfuscated filename. The database 1.5 million rounds of AES versus the default 6000. Android security is terrible, but I am careful about apps I install and use NetGuard to firewall off 95% of the pre-installed bloatware. My Google drive is secured with a hardware key and a long password. My KeePass master password is long, high entropy and has never been put on paper. There is a PIN on my SIM card.

I would rather cut my phone out of the equation entirely, or at least have a separate air-gapped handheld device for password management. I sleep soundly nonetheless. I think hackers would prefer softer targets.

Why the paranoia about cloud backups? I could put my ciphertext here in the comments, it wouldn't matter.

TovaritchJune 20, 2019 2:02 PM

Repeatedly entering passphrases for the purpose of authentication to online services is a write-only operation; it is also the only password-related action that requires a network connection. Making up passwords does not. Given that, I can imagine a separate, non-internet-connected device whose sole purpose would be to store passwords in encrypted form and deliver them into the networked machine(s). That could be a tiny computer (e.g. Arduino) programmed to act as a USB keyboard to the networked machine. The networked machine has no access to the list of passwords. The tiny password computer requires local human input (which site?) and local confirmation to deliver a password. Its password vault could of course be backed up with any number of methods already discussed.

Kent BorgJune 20, 2019 6:38 PM

Skippy: Your approach is good if you keep that computer secure. Which is hard.

One, use it for nearly nothing but this one purpose.

Two, keep it in your physical possession (electively) always.

The further you stray from these two restrictions, the riskier you are.

For most people I recommend pen and paper, *manual* backup to a second paper copy. Guard the two copies carefully.

-kb

MalgondJune 21, 2019 5:11 AM

@Skippy: using encrypted spreadsheet might be not very secure, the office apps are not scrutinized as well as password managers with regard how they handle data. The contents of a spreadsheet may land in various places like temporary backups, scratchpad, clipboard, swap etc. Your scheme is actually a home-made password manager, why not use a real proven one?

@Bilbo: vi(m)/gpg was a schema I had used before for some stuff, but it is quite tricky not to leave unencrypted copies somewhere. You need to decrypt to a file in a temporary place while you edit it, then encrypt the modified version you write out; so it is exposed somewhere in the filesystem while you edit it, and when you delete the cleartext copy the data stays on disk. Over time, I have tried different schemes for the temporary copy, like using an encrypted volume that will be unmouted or even destroyed after the edit, or a memory-based filesystem, but you need a careful setup and also have encrypted swap for good measure.

Recently I have switched to sqlcipher (an encrypting version of sqlite database) to keep some passwords and related stuff. The downside is you need to type SQL commands to retrieve/manipulate your data - it is not a problem for me, but it is definitely not for everybody. But it also allows me to keep some other data besides passwords, do some automation, consistency checks and statistics (via SQL triggers, constraints and views) and generally keep my data structured better than in any password manager that has fixed scheme for its entries. I imagine I could evolve it someday into some app that will use sqlcipher as the backend and call it a password manager, but it is a low priority for me. I keep copies of the encrypted database in many places. I am considering storing an unencrypted copy somewhere as well, in case my memory fails me, but I still cannot decide where I would store it to be secure enough and if this trade-off is worth doing anyway.

I am still looking for a password manager that will have all the features I need and have a command-line interface (possibly in addition to a GUI).

I only keep the not-so-important passwords in my home-brew "manager". I do online shopping a lot and most sites require registration, so I have to keep many unique passwords - and emails as well, so I can easily block them if they start spamming or leak the emails.

@All: Regarding storing anything in the cloud - just encrypt it beforehand. I use cloud as one form of offsite backup for important stuff.

Peter A.June 21, 2019 11:44 AM

As for random password generation for all homebrew solutions on Linux or similar:

$ dd if=/dev/random bs=1 count=N | base64

Use N=6,9,12 etc. for 8, 12, 16-character passwords, depending on what length you prefer or what a particular site's limits are.

JoeJune 21, 2019 2:02 PM

I personally use different password managers for different tasks\areas, but my master passwords and Bank Accounts are stored in my offline password wallet from Mooltipass.

Jesse ThompsonJune 21, 2019 4:59 PM

I have never heard a more migraine-inducing list of complicated ways to have zero convenience and only debatable security than the suggestions throughout this thread.

Here is my method, hella simple and with 99% of the convenience that everyone here calls folly.

1: I created a single 6-character password (out of an alphabet of 95 so log2(956) ≈ 40 bits of entropy)

2: I use a standard password manager also available on my phone, that backs up to the cloud, and generate full new 8-12 character passwords for every site.

3: but the passwords I actually *use* on those sites are the manager-generated password suffixed with the shared suffix password I created offline and then memorized.

Master password to manager itself is it's own 80-bit entropy passphrase, and I back up the encrypted password safe offline once a month.

So steal a copy of my encrypted password safe, you've got an 80-bit brute forcing to do to decrypt that.

Find a flaw in it's encryption OR compromise the password manager company itself, and you've got a *portion* of all of my passwords but you're still 40 bits of brute forcing away from having any of my real passwords, plus you have no offline hashes to brute force against that with so good luck firing off half a trillion covert web requests.

All of this cutting off your nose to spite your face and smartphone hate isn't impressing anybody. Wrong kind of #YOLO.

Clive RobinsonJune 22, 2019 1:16 AM

@ Jesse Thompson,

I have never heard a more migraine-inducing list of complicated ways to have zero convenience and only debatable security than the suggestions throughout this thread.

The problem with your system is it does not work well with collusion in those you have little or no control over.

You send your plaintext passwords to two or more sites via you hope a secure connection. Via cookies or what ever the services you use can easily work out you are the same person. Thus if they collude your memorized prefix becomes known by simple comparison.

As "supposed" secure connections are not as secure as you might like (don't use GoDaddy sites for instance) it's possible for others to get two or more of your plain text passwords.

Thus your system quickly breaks down to being just,

2: I use a standard password manager also available on my phone, that backs up to the cloud, and generate full new 8-12 character passwords for every site.

Now personally I don't care if that is secure or not, nor do I suspect do you, as more likely than not like most users neither your life nor your liberty depend on it currently. But for those who's life or liberty may be under threat now or in the future, it's probably not secure for the usuall host of reasons.

Just one of which is software defects enabling end run attacks via the OS or other apps to the UI of the password manager running on your phone.

My advice to people and has been for a quater century or so is to use an authentication method that does not involve communications except through the individual themselves. That is you put the person in the authentication chain to act as a mediated air gap. This has become increasingly important, especially on consumer devices where the security end point is before the communications end point.

It was one of the reasons people thought up the token systems that kind of work as a "One time password" system. Even though the designer's got things wrong in many ways and the tokens are inappropriate for by far the majority of users these days.

I guess the "head" ache you undergo to protect information such as passwords is at the end of the day dependent on how much you value keeping your head on your shoulders, or avoiding having the proverbial $5 Wrench bounced off of it.

VinnyGJune 23, 2019 11:10 AM

@Sofakinbd re: 1Password - You make a valid point. However, if you are actually paying monthly, I would recommend against that practice in favor of an annual payment. Fewer transactions, less exposure. Also less risk to fnid an alternative in a hurry of the vendor goes under...

VinnyGJune 23, 2019 11:19 AM

I'm mentioning this practice just for the sake of discussion. I do not currently use it, although I did employ a close variant for my passphrase a few years ago when I was actively using Truecrypt. It is better suited to formulating a master password/phrase than for a large number of application-specific items. Pick a phrase in a favorite book. Select the nth characters from that phrase to form the password. When a change is desired, either change the value of n or use a different phrase from a different book, and rotate the books. While I suppose this is in some respects "security by obscurity" I think it is a good compromise between true (psuedo) randomness and ease of recall.

DannyJune 23, 2019 8:56 PM

Keepass hasn't failed me yet. I've been using it for more than 14 years and I see no reason to ditch it.

Brad B.June 23, 2019 10:42 PM

I used to be a hardcore Chrome pusher -- until I recently lost confidence in Big Tech. It wasn't due to data collection or advertising or even tracking. What made me migrate away from them after using them since 2004 was censorship. After the revelation that Facebook stored users passwords in plaintext without hashing was a really big red flag for me. They basically helped invent Open Compute and made PHP so efficient that it works for them -- but then didn't hash passwords? There was only one reason why and that was so they could read them and use them one day.

That's when I migrated everything to KeePassXC and away from Chrome password manager. As I migrated every password, I reset it to a 16-28 character random password so no website would ever be able to log into any other services with my stored password with them. All my really sensitive accounts -- former Gmail, Dropbox, Evernote, Amazon, Facebook accounts all got two-factored with the Authy app on my phone so if my Mac and Keepass file and password is stolen there is still some protection as the attacker would need my phone as well.

May got help us all.

Jane DoeJune 25, 2019 2:06 PM

I have an approach that allows me to utlize the cloud for password database storage while minimizing the impact should a breach occur.

I use a password and a keyfile to access my password database. I store my password database with one cloud service, and my keyfile with another. This way I can access my database from any device connected to those services. If either service is compromised, all they get is garbage.

LeslieJuly 16, 2019 6:17 PM

There is another 'non-recording' password manager called gnu-pw-mgr.

"This program addresses the recording problem by not recording passwords. They get re-computed every time, based on two separate factors each of which is unlikely to come into the hands of miscreants. The first factor is a series of one or more password "seeds" or "salts". You specify a tag for it and the seed itself is a block of text that contains at least 64 characters. The second factor is a transformation of the web site address. That transformation should be easy to remember, fairly easy to type, include odd capitalization, use multiple unusual punctuation characters, have a secret word or two and never, ever be written down.
"The text, the URL transform and the tag get hashed together to construct the password. Since different web sites have different password requirements and allowances, the result is trimmed and tweaked until it meets the requirements. It is always possible that new requirements might pop up, and the password polishing code has been written to be extensible.
"Using this program not only makes it simple to have different passwords for different web sites, it actually makes it inconvenient to use the same password. It does not support the same password, so you would have to remember the jumble of letters and numbers for any alternate web site. You won't do that.
" 'gnu-pw-mgr' works by storing the seed in a private configuration file and obtaining the password identifier either from the command line or by reading it from standard input. This configuration file must be secured from reading and writing by other users, but obtaining access will not reveal passwords. The key to this is the password identifier. It is the second factor in the authentication (password re-creation) that is never recorded."

(excerpted from the gnu-pw-mgr man file.)

What are your thoughts on such tools?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.