It suggests (relatively) strong passwords, it discourages password re-use, it surfaces when you use passwords that have been found in a data breach, and it allows you to access these passwords across devices.
I have no idea about the cryptographic strength of Chromes's offerings, but the fact that it is the leading browser worldwide means that it's going to be dead-simple for most people to adopt, even those who are decidedly non-technical.
(Personally, I use Bitwarden and 1Password, but I'm a software engineer. I would not expect my elderly family members to do the same, especially because both involve installing and maintaining browser extensions that can be finicky when Chrome updates.)
I've used 1Password for several years now. A couple years after I started using it, I upgraded to the family plan and got my wife into it. Granted, she's not elderly, but she's not exactly confident about technology. I was able to get her pretty comfortable with it in about two weeks. Now, we can easily share credentials with each other for things like Netflix or certain accounts we've set up for our kids by just putting them in our shared vault.
Im sure if I was trying to get my grandma to use it, she wouldn't get it, but in my experience 1Password at least is accessible to the non-techies among us.
If the user is logged into the PC, everything is available to extract, nothing is really preventing any extraction besides the windows user account
References are many:
https://kylemistele.medium.com/stealing-saved-browser-passwo...
https://isc.sans.edu/diary/Use+Your+Browser+Internal+Passwor...
https://www.cyberark.com/resources/threat-research-blog/extr...
https://www.bleepingcomputer.com/news/security/redline-malwa...
you wont just lose your email and bookmarks but all your passwords... Also its a much bigger surface area target, and the auto syncing to new machines you sign into is a concern. I dont want passwords to be "accidentally synced" to any machine my family signs into. I want them to knowingly sync their passwords to them. be MINDFUL of what they're doing. no thank you.
As the default administrator/CTO of the family I'd rather suggest bitwarden and safer practices.
I don't really see why a "family-friendly" version cares about the underlying tech or filesize of the CLI clients, but maybe grandma or kids these days do get upset when when the run a program that is 8.0 × 10^-5 of their 1tb hd.
It “just worked” on any device that could sync the vault. Now they’re a pay-to-play service without that feature.
She's now a Bitwarden user. Mind properly blown. Next she'll be using it to use generated passwords. Amazing. Bonus points if she starts using 2FA for her private accounts. From what I've seen she doesn't and she uses a small set of easily guessable passwords all over the place. But at least they now come from a password manager. But it's not really a scalable solution because I don't have the time or patience to coach all of our people. And yes, we do have a security policy that spells all of this out. I wrote it. It helps but people default to doing the wrong things.
Ultimately, that's why we need to get rid of passwords. There's a group of users for whom all this security stuff is just way too difficult. We need to make it simpler for them to stay secure, not harder. Forcing them to remember lots of different passwords backfired and necessitated password managers. Password less logins are now a thing with several companies. It takes a bit of ingenuity to make that work but it usually boils down to multi device/factor authentication with some ultimate fallback.
I would have assumed this was an insecure way to store passwords also, but I was using lastpass for the last 2 years, so I'm in no place to talk.
Oh, so you showed her how to encrypt and decrypt plain text files with readily available tools? Because honestly that's the only thing wrong with her solution.
They'll have an answer for every critique, but they're usually weak responses that assume tech literate users.
Sure, it's perhaps dangerous to give Google all that power, but I quite literally would trust this more than any third-party password manager that does any type of off-your-computer storage.
A real password manager (like Bitwarden) would be integrated into the mobile OS, and automatically prompt to fill passwords. It also doesn't provide any functionality to generate secure, unique passwords for each site, so it encourages insecure reuse of passwords. Further, it can't notify the user when a password has been compromised and should be changed.
Different people have different threat models, and improving usability of good tools can improve security more than perfect tools would.
When I first read about the command line Bitwarden client I just laughed at its absurdity. I'm tempted to write my own Bitwarden compatibility library and maybe a command line or GUI that doesn't require an outdated copy of Chrome to run, but doing security software right takes time and research I don't want to commit right now.
I also remember going from my self hosted Bitwarden instance to Vaultwarden and seeing he memory requirement drop several gigabytes. I like Bitwarden's browser integrations for the most part but the nice GUI comes at a big performance cost.
Perhaps my 900 secrets are too much for a password manager to handle but I don't think whatever computation the program does on the encrypted secrets warrants this much overhead.
I also don't love keepass getting access to my entire dropbox. But the easy solution is just to make another dropbox account with just the keepass file, and share it with my main dropbox, it'll sync the edits but force insulate the keepass permissions to a single file
I do the same with org-mode sync, might as well
Seems like a low risk unless your threat model includes nation state which performs a targeted attack against you.
I've set up a 1password family and set up accounts/vaults on everyone's computers/phones/tablets, yet they still find it too troublesome to use rather than simply writing passwords down in plaintext on their notes apps or just on sticky notes attached to their computers etc...
If anyone has had success encouraging family to use a password manager I would love to hear any tips, as I've sat my family down every holiday season to reset everyone's forgotten passwords and walk them through everything, practice creating/saving/using passwords and within a day it's all forgotten again. Like backups, I feel like no one takes it seriously until something truly horrible happens.
The problems my mom experienced setting up 1Password, some I had never encountered. There are at least a handful of things going on that can cause problems, including web browser, internet connection, 1P browser extension, 1P desktop app, OS (at this point my mom has become unfamiliar with all desktop OSes since she has primarily used her smartphone for over 6 years and rarely if ever uses a desktop OS). There are enough opportunities for issues to occur that are trivial for me to troubleshoot, but are non-starters for my mom. And I suspect that my mom's experience is very common :(
The ux is terrible, and on Mac there are at least three different UIs you can open (browser, click on toolbar icon and "full" UI.) On Linux I think there are at least two variants, maybe more, dont remember.
Just make one and make it simple and usable. By simple I don't mean Google/apple-style "hide everything because people are stupid". I mean simple, consistent, reliable, usable and powerful.
BR
A lot of this is probably OS & browser vendor limitations, but it ends up with 1p being a power user only piece of software.
For the ones who have held out, I gave up and just bought them all one of those "Password Journal" things from Barnes and Noble. Having unique passwords for every site is more important than having an electronic vault, so, baby steps.
I think that almost all the friction with respect to password managers relates to autofill, how to make it work, and in particular, how to recognize when and why it's not working.
For non-technical people, this is an intractable problem. It's too much even for a lot of technical people.
It's also why I doubt password managers in their present form will ever get widespread adoption. Their best features are just too finicky. Not due to any fault on the part of the authors -- it's just that the web is a mess, things change, and this kind of thing will always break from time to time.
So, my advice is to distill password management down to its simplest essence and just teach that to non-technical people in the hopes that it will more-or-less resemble the notepad/spreadsheet method, except with a password now.
They’ve decided passkeys are the way to go so they don’t support TOTP or that stuff natively.
1Password handles TOTP quite well.
It took 4–5 years, but my wife is now a 1Password advocate and tells people that it’s the best way to protect themselves. Sort of like a feature of our banking apps‡, she has been convinced by the fact that the 1Password URL matching provides strong anti-phishing protection.
For the most part, my family has found it easier to remember that they only have to know one password than to put up with my complaining that they’re not using 1Password and I can’t help them because they’re not…
‡ The feature for the bank was the "spending notifications". Almost ten years ago I installed the "spending tracker" app from the bank, and about a month or two after, I got a notification of a 0.01 charge from a company we have no business with. After I tapped through, I noticed that it was on my wife’s credit card, so I notified her that her card had been skimmed and she needed to contact the company. We knew before the bank knew because of their feature. She installed the app the next day.
My dad does not give a flying fuck however many times you tell him and just writes it down in a notebook. He just doesn’t care despite much of the family wealth residing mostly in his accounts.
The real annoyance is that we need a "password manager" in the first place
You wouldn't need to worry (too much - as long it's not a weak password) about password reuse if websites abided by security best-practices and wouldn't leak lists of weakly hashed password. salt + pepper + good amount of rounds proper hashing function: good luck
And to be fair the browser ones work great. Another one that works great is a paper notebook
And again, it all depends on your threat models. Using very complicated passwords and 2FAing your password manager will only ensure that you'll get locked out of your accounts sooner or later (unless you have a target painted on your back for some reason)
I hated it almost every part of it. If you are coming from Bitwarden, Dashlane, or Lastpass, the UI makes little sense. All three of those used Lastpass's initial UI. It's a better UX.
I couldn't get off of 1Password fast enough. Something about their desktop app it seemed overly heavy/slow.
But I do know that it has made all of the non-techies in my family using a password manager. They just use the suggested password generated by Apple when signing up on random sites as well.
(But only works on Apple's devices and browsers obviously)
I am personally not using it, but it does exist and seems to work from the times I've tried it.
Secure, UI that loads quickly without bugs, autofill that works.
Tried switching to 1Password and it duplicates every single password I imported from LastPass. Confirmed no duplicates exist in the CSV being imported.
Support is like talking to a chat bot. Don't seem to understand the issue I am reporting is the duplication and keep proposing solutions to alternate problems other then the one I have.
Just use Google/FireFox's build in options. Google's is more secure, but I understand a lot of people like FireFox for other reasons.
Can anyone verify the CLI depends on Electron? I took a quick look at the source and from what I can tell it does *not*, but I've never worked with Electron so I don't really know what to look for.
On this specific point: the use of Argon2id over Argon2d doesn’t need justification. Per https://www.rfc-editor.org/rfc/rfc9106.html#section-4, the first and second recommended options are Argon2id, and Argon2id is the recommended type basically unless you have a very good reason to choose a different type. (And as a fairly informed layman in cryptography, it’s very obvious to me that Argon2id is the correct choice for this sort of password safe.)
In particular I'm curious to what degree can the round count be reduced if I use a long pass phrase (say, 200+ characters long) instead of a password?
"encrypted with 256-bit AES with 100,000 rounds of PBKDF2-HMAC-SHA512 using the open-source encryption engine SQLCipher."
They don't supply cloud storage - you pick your own , e.g., iCloud, Dropbox, Google Drive, OneDrive, WebDAV. I use a local WebDAV server, myself.
The option of self-syncing or self-hosting seems important as well, so users can decide to trade off having a team of engineers keeping the server secure and up to date with being a less interesting target to compromise.
In terms of client-side compromise, I'm significantly more worried about OS/browser compromises, malicious app updates, or for those cases where there's no OS-mediated autofill API, clipboard sniffing.
In the end, I think password managers will always have issued and will have to settle for "good enough", or better than memorizing passwords. They're too big of a target for attacks and their surface area is too big, too. Password managers do more than storing login credentials, but for that key use case, adoption of Passwordless WebAuthn can't come soon enough.
Site has to be listed in the entry though.
>Unfortunately, their choice of parameters is on the low side:
>We use Argon2d, by default, with the following parameters: iterations = 3, memory = 32Mo, parallelization = 2 We also support PBKDF2-SHA2 with 200,000 iterations. Then, the data is (en|de)crypted using AES CBC-HMAC mode.
>AES CBC-HMAC isn't a thing, what they're doing is AES-256-CBC then HMAC-SHA256 (and not CBC-MAC), which is perfectly acceptable, albeit using the same key for AES and HMAC feels shaky: an authenticated mode should be used like AES-GCM, or another key derivation to produce two subkeys, instead of using the same key for two different purposes.
>The intern who wrote their whitepaper had a confused understanding of how https works: OCSP doesn't replace trust stores, key exchanges are more complex than "the client encrypts a random number with the server’s public key and sends it to the server, the server decrypts this number, and both sides use this number to generate a symmetric key, used to encrypt and decrypt data.", …
>Worryingly, their "benchmark of attempts to decrypt AES files" is done on a "4 cores Xeon 1.87GHz", which doesn't make sense: cracking a password doesn't mean going through the whole keyspace of alphanumeric characters of a fixed length, and nobody uses CPU to crack passwords, let alone a 4 cores one. I would expect a firm in the business of protecting passwords to be up to date with the current state of the art of password cracking.
>They have a bug bounty with payouts up to USD 5,000 and no public reports. The gpg key that should be used to contact them is an RSA one of 1024 bits (worryingly small in 2023), and belongs to someone called "anish".
This is super concerning to me as a Dashlane consumer, so what are my options?It took me months to get my parents to figure out how to use it, and if I need to shift, it's gonna be even more difficult.
What part is concerning for you? I have not double checked the claims on the marketing content, but on the technical ones:
- Re: Argon2 parameters, what they don't say is that even with those parameters, this is still way better than most of the competition which uses PBKDF2 (it's equal to 1M6 pbkdf2-sha2 rounds - see https://infosec.exchange/@sc00bz/109611328606658997).
- Re CBC vs GCM: We do encrypt then Mac as we should. Also we don't use the same key directly for AES and MAC, we stretch the key to have a longer key - or we even directly use a long 64 bytes key in some cases - that we split for both purposes.
- You can get our GPG key here https://www.dashlane.com/security/researchers. It's owned by security@dashlane.com and is using ED25519. In don't know which key they checked, but I don't think it's ours :)
I hope this helps!
Anyone have a better idea?
I've previously disclosed cryptographic bugs to both LastPass and 1Password. I've written about my experiences: https://furry.engineer/@soatok/109560736140669727
The post I wrote about the intersection of Passwords and Cryptography was spun off as a prerequisite for a longer post I was writing about password management from the perspective of a cryptography engineer.
As part of that post, I planned to review Bitwarden (since it's open source and therefore I don't have to expend the additional mental cycles to reverse engineer it like I did LP/1P's offerings).
The challenges faced by browser extensions with other password DKFs is that, if you want performance, you don't want to write it in a scripting language. WebAssembly might work, but the ideal outcome is to be able to call `await crypto.subtle.Argon2id(/* args */)` and get your result.
The path forward, therefore, is to get Argon2id support into WebKit, Chrome, and Node.js.
Per their README it seems it’s implemented into “KeeWeb”.
KeeWeb is a free cross-platform password manager compatible with KeePass.
https://keeweb.info https://github.com/keeweb/keeweb
Anyone checked out KeeWeb?
Historically, scrypt, bcrypt and pbkdf2 have all three been widely used.
Argon2 is a bit of a PITA though because it needs to be re-hashed sometimes.
After the recent hack, I tried to get him to switch to keepass xc but that is proving to be too steep a hill to climb.
What is the best alternative to LastPass families? I don’t mind paying for a subscription etc .
When they are saying 100,000 rounds, they mean 100,000 rounds WITH the key right?
If you wanted to brute force this password, and there are no vulnerabilities in the hashing algo, then you need to try aaaa with 100,000 runs, and aaab with another 100,000 runs right? So if you use a long random key, it wouldn't matter if it was 1 cycle or 1 billion effectively, right?
Or am I missing something? I'm assuming there is a hash table exploit for PBKDF2 and that the number of rounds really does matter?
So off to lynx, there it rendered fine, so reading it now.
I think that's the right approach, but I'm not sure I like the hardware. Something I was thinking about was using a pi zero in a small box, that just does something like emulate a keyboard for password-pushing. Give it a small screen and small keyboard for UI.
This means I have to rely on SMB + VPN to get access to my up-to-date keepass database which is more trouble than I'd like.
I've been using Bitwarden for years but integrated 2FA support from Apple has moved me over. I really despised having to switch between apps (I don't use sms 2fa when I can).
