According to ChatGPT (I know it might not be accurate, and it is modeled on data up to 2021), out of the 4 popular cloud service providers (Box, Dropbox, Google Drive and OneDrive), only Dropbox was reported to be hacked and that was back in 2012. So while they might be under constant attack, they have not actually been penetrated like LastPass had, and LastPass has been hacked multiple times now.
In addition, if a hacker did gain access to files stored in a cloud service provider, they still need to filter for the valuable data. They do not need to do that with a cloud password manager. Every gob of data is extremely important to the person that gave it to the cloud password manager to protect. There isn’t a random temp file or system files that were synced by accident. I can make this even more difficult for the hacker if I rename the password database file to something like “todo2023.txt”, and place it with a bunch of other text files, obfuscating it and make it harder to find this valuable data. I can also make multiple dummy databases so I can have them waste computing time to decrypt them and come up with nothing valuable at all. None of this is provided by any cloud password provider to my knowledge.
Why isn’t there an app to let us sync our password databases locally? I’m old enough to have had Palm Pilots, and those things synced locally (and predated LastPass). If I can get my smartphone to sync my password database locally, I won’t have to hand it off to anybody (not a cloud password manager or a cloud service provider). Isn’t that the best option? I know this isn’t for everybody (ex: a person that uses other computers that he doesn’t own and can’t use their smartphone to access the web), but I think a good portion of (former) customers of LastPass should investigate this instead of jumping to the next cloud password manager and waiting for it to be hacked.
Entropy is a measurement aside from passwords. It’s the measure of “disorderliness” or randomness. Repeating “cat” is still pretty structured, so it’s got a low entropy. The question is whether an attacker is likely to try cat and then catcat and then catcatcat … or whether there is a stopping point at a certain length or not. No way to know for sure. The risk is that your password is structured in a way that it is likely to be guessed by the attackers password cracking tool.
Steve commented on SN today that calculating entropy is complicated. Is there a preferred online calculator we can trust?
The one I found is Password Entropy Calculator
P.S. Thank you @big_D and @PHolder for doing all of us such a great service fielding many of these posts.
Entropy is not the be all and end all… at least not in its standard definition. Basically what you want is a password that is unpredictable enough to require the attacker to resort to brute force (so not in any dictionary or algorithmic search pattern.) The best way to resort to this is to make sure you have lower case, upper case, digits and punctuation characters in a unpredictable mix. For more information, I’d suggest starting on one of Steve’s pages: GRC's | Password Haystacks: How Well Hidden is Your Needle?
This adjacently related article just popped up on ArsTechnica:
Steve’s Password Haystack calculator is a great tool but I’m wanting some trusted calculator to associate these entropy numbers being discussed. Entropy of 50 seems okay, 40 not so good. But where or how do we find out what are trusted entropy value is?
I think you’re possibly focusing on the wrong thing. As I said before, you just need to make your password not be in a dictionary, and then length will be sufficient. For example, while I don’t recommend it, you could only us alphabetic characters in a password, and if you did, there are still 26+26=52 different characters that COULD be possible for every character in a password string… So if you then used a pass phrase which is 40 or more characters, 52^40 = 4.366 × 10^68 . Now even the fastest systems in the world are not going to reach “testing” 10^50 passwords per second, but assuming they could it would still be 10^68 / 10^50 = 10^(68-50) = 10^18 seconds, or ≈ 2.3 × age of the universe ( ≈ 13.8 Gyr ) (according to Wolfram Alpha)
So I propose to you, make a phrase no one else knows that you remember and use that as a password. Something like:
"My BATHroom's paint is HIDEOUSLY applied, and I hate it WITH A PASSION!!!"
123456789012345678901234567890123456789012345678901234567890123456789012345
1 2 3 4 5 6 7
which is apparently 75 characters or so long, and yet is pretty memorable, with a little effort.
Syncthing does this, although I don’t think it is particularly power efficient on your mobile devices. I really feel like this gets quickly into the territory of “should you ever do your own encryption” territory. Yes, you could layer a few technologies to have a locally synced password database. But those technologies weren’t created for that purpose and may be quite brittle.
I use Bitwarden’s passphrase generator for passwords I think I might need to type manually, or have someone read to me. It is similar to the xkcd version. Shouldn’t it be good for the near future?
I can choose how many words to include, a character to separate them, and get a random digit thrown in there. My back of the napkin calculation shows that each dictionary word adds about 12.9 bits of entropy, while the random number adds about 3.3 bits (ignoring the separating character and that the number is in a random location, which could both strengthen it), giving me somewhere around 80 bits of entropy. This is 30 bits above the 50-bit example given in this week’s episode, or requiring 200 gpus about a billion years to crack.
Thanks for pointing out Syncthing. I did some quick reading and there are people that got it to work after some trial and error, but I can see why people would prefer using a cloud password manager rather than setting this up. However, it really isn’t doing your own encryption, it is about not putting the biggest possible target on your back. We should always use a password manager, just one that doesn’t sync to the cloud. The tech columnist from the New York Times said as much in his article on the LastPass breach:
I take a hybrid approach. I use a password manager that does not store my data in its cloud. Instead, I keep my own copy of my vault on my computer and in a cloud drive that I control myself. You could do this by using a cloud service such as iCloud or Dropbox. Those methods aren’t foolproof, either, but they are less likely than a company’s database to be targeted by hackers.
I have been listening to other security podcasts this week and most of the hosts have switched over from LastPass to Bitwarden. They are getting a lot of love from a lot of people. But that also mean they’re getting a lot of attention from hackers. I’m sure most people are fine to switch over to them. I just don’t want to deal with the eventual nightmare of having to change all my passwords again because they get bought out by a big company and stop caring about their security.
I am currently using Strongbox (I said it, didn’t quite want to say it as hiding what I use may on a very very small chance protect my security better, but I figure it is better to share it with the community rather than keeping it hidden which makes it harder for people to look for other options) and it is working great so far. It syncs perfectly between my computer and my phone via the cloud, but I will continue exploring options to sync my password database locally (Strongbox has some too and I will test them out).
Cool! I guess you could try a self hosted nextcloud on your lan as well, but that may be slow depending on the size of the vault.
All in all, my interpretation of these past episodes is this.
Security is a layered approach, involving various tradeoffs.
Given enough time and energy spent battering your systems, in the long-run it is probable that the security will fail. It was LP this time, but who knows who it will be 10 years from now. Their apparent negligence surely hastened their fall.
The security model for services like LP and BW is to anticipate this eventual occurrence by staving it off as long as possible and making sure that your data is protected in that case.
Steve’s disillusion came because the second part of 3 wasn’t realized.
Remember what the biggest problem he had was: the iteration count was not updated over time to reflect the changing landscape. If you decide to roll your own sync solution, you then take on that responsibility of being up-to-date on the encryption end, as well as configuring everything to resist threats. You might gain advantages by flying under the radar. Who knows what is better?
I’m not saying you can’t or shouldn’t. I just know that I don’t trust myself (a hobbyist) to do this well. And the worst thing to take away, I think, is for regular people like my in-laws to abandon password managers and instead make “creative” passwords that are quite short for each website.
I do think this is where open source has an advantage. The Bitwarden community forums already have enthusiasts discussing alternative hashing functions. People can go in and look at defaults, as well as propose direct changes on GitHub. In the FOSS world, community is king, and they surely have that going.
With proprietary services is that community only markets the product, while in FOSS the community can also improve it directly.
Anyway, sorry for rambling. I hope you find a good solution!
The problem is, if you use an external cloud drive for syncing, you need to set it up on every device you use, which is an extra pain - and it means you have to set up the cloud drive, before you can access its password in the safe… Which means it might not be that safe, or you sit there, looking at it on one device in the safe and typing it into the new device. A pain.
There are also often rules about using non-approved software and services. At my company, if I put the password manager on the PC (or ran it from a USB stick, with zero install), it would be a sackable offence, likewise, if I added my personal cloud drive, it would be a sackable offence. Opening my password safe in the browser is allowed (as are browser add-ons).
Also, if one device become infected with a virus, it can spread over the cloud drive, so if you have it on all devices, just for the safe, you can infect them all (or at least the ones with the same OS).
I rather take the pain of setting up a cloud drive software on every device I will ever use going forward, which takes at most 10 minutes for each device, than to to reset all of my passwords. I am not stressed at all setting up a cloud drive software, but there is a certain amount of stress with resetting a password. You have to make sure you save it to your vault. You need to test it by logging back in. You need to deal with the nonsense that some websites have where they accept “@%$#()” but not “+=”, or you click “submit” to change the password and nothing happens and you have to log out and back in to do it all over again. I have unfortunately been getting re-familiarize with all this thanks to LastPass.
This is the part where I know your pain from the previous companies that I worked for. Maybe the LastPass breach will make them change their minds. Although I know that won’t be the case, at least for 3 - 5 years. Some companies just take a very long time to adjust their security policies. Although if they let you use browser add-ons, something like Keepass Tusk might work (although I only found it quickly via Google and it hasn’t been updated in 5 years so I wouldn’t recommend it).
It sounds like you’re one of many that will be better served by Bitwarden. Just make sure you increase your iteration count as per SN905 (and I was already dishearten by the fact that BW is already behind in their default iteration count vs. the recommended iteration count from OWASP).
I’m running multiple OSes, so the spread isn’t the biggest concern. It is the corruption of the database file. But most cloud drives have virus scans and version history and will let you get back to an un-infected version. This in part is why I’m okay with using the cloud to sync the password database (for now).
LastPass never updated my iteration count, so it seems like I never had any advantage with a well known, well trusted security solution that any paying customer would expect. I might as well rely on flying under the radar.
In addition, AES-KDF doesn’t protect against GPU/ASICs cracking, yet LastPass (and BW) still uses it and it is the only option offered. I’m really not seeing any benefits here…
It depends, I don’t know enough of BW’s open source work to say for sure. Some projects take a really long time to merge the community’s PR into their main branch and people end up abandoning them. Let’s see how long it takes BW to merge the one to allow using Scrypt for the KDF algorithm. Although this should have been done years ago when GPU/ASIC mining became popular.