The authors talk a lot about how you can get everything if you compromise the client machine, but of course if you compromise the client you can compromise everything.
Just install a keylogger to get all typed passwords, send the decrypted hard drive image over the network and run it in a VM proxying network traffic via the compromised machine, no need for any targeted attack.
The fact that they focus on that rather than on an actual interesting attack makes me believe that there is no real vulnerability whatsoever.
"We also found how it is possible to abuse account recovery to ultimately obtain the encryption key for the vault" is really scary, but if it were accurate they would be talking solely about that, so maybe it's just a phishing attack.
It will be news if there's an account recovery mechanism that can be exploited by a total stranger without access to your copy of Chrome/FF.
You would expect that 2FA could be bypassed for the locally cached password database, since AFAIK there is no such thing as requiring an OTP to decrypt the ciphertext that you have, only to prove to a server that you know the TOTP secret.
Lastpass discloses that you can turn off 2FA for new logins by proving ownership of an email address. You can set a separate email address for this purpose, and I believe also turn it off.
It occurs to me as I write this that for most people compromising an email account would be just as disastrous, given how many services rely on a simple email for password recovery/resets.
I think the difference between someone who uses a password-manager user, and the vast majority of people who don't, is that those who don't have HUNDREDS of points of failure that contain the keys to the kingdom, some completely insecure.
Not that it doesn't have its own vulnerabilities. But perhaps those are more bugs (e.g. not enforcing sandboxes properly) than architectural weaknesses.
Keep your important passwords encrypted with GPG on flash card, with backup on an another flash card. Regular GPG works flawlessly in terminal. Small shell script, which will ask for password and site name to display site password(s), will do the job on any Linux-compatible smartphone.
Instead, I just use KeePass, which I protect with an offline SSH key as well as a strong password. In order to compromise my passwords, you'd need my KeePass database, access to one of my devices (laptop, desktop, but not phone), and my password.
However, this means you can potentially recover vaults from unattended / stolen / lost / unwiped hard drives, phones etc.
This guy's research, and most research regarding password managers is way overblown. Every lp product has a big popup that says "WHAT YOU ARE DOING IS INSECURE" when you click "Remember Password". Having secure defaults are something they are very mindful of.
All password managers are toast if you have someone else on your box. It's baked in to the threat model.
Alerts confirming things happen all the time and so users have been trained to click yes to make things work. I'd suspect only 20% might actually read that sentence and even less will understand what it means and why.
Instead that login screen should change and have large, clear text and iconography that violates expectations and thus forces users to read. Having buttons that explain like "make less secure" makes it more likely to be understood than "yes" "no."
Can you explain how this is correct? Because i use only webclient thinking that the plugins may be more vulnerable because other plugins may read what lp plug in does.
Criticism to using the webapp is generally JS crypto being broken. Code delivered every time coupled with the browser not being good place for crypto (any code can eat any other code..).
Extensions, being a separate program that lives mostly apart from the web pages your browser visits is slightly a more trustworthy environment
The insecurity comes from someone already having physical control of your machine, and if you had alowed saving of your master password (which Lastpass and anyone sane encourages against).
Some people have poor memory and need a way to organise things. Not everyone uses lastpass just for security.
LastPass Enterprise has a policy to disable it, which is recommended there.
While it's not obvious from the blackhat blurb, it's stated by the author in their more detailed blog post 
Additionally, this behavior is something that LastPass advises against:
"Are you sure you want to have LastPass remember your password? This will significantly decrease the security of your LastPass account!"
I don't think this makes any progress on any of the real nightmare scenarios, like a bulk breach of LastPass servers plus some critical mistake allowing the master passwords to be cracked en-mass in less than a multi-decade timespan, or even a vulnerability allowing somebody capable of intercepting the traffic between a device and the LastPass server to get master password or cleartext vault data.
Like this: https://apple.stackexchange.com/questions/56130/how-to-retri...
So yes, if you gain root access on someone's machine, you can do nasty stuff. That is not really news.
That seems a rather important detail. Thanks for the link.
> That seems a rather important detail.
It's also against LastPass's best practices. When you click that button (Remember my password) you get this:
"Are you sure you want to have LastPass remember your password? This will significantly decrease the security of your LastPass account!"
I have a long master passphrase - too long to type on a touchscreen keyboard in any convenient amount of time and where there's a non-trivial risk that somebody peering over my shoulder (think - using it on the bus) could spy it. So in that case I resort to using the fingerprint-unlock feature (which I assume is the security equivalent of 'save master passphrase' or at least token).
I am aware that this might open me up to other attacks - an adversary dusting my fingerprints off my tablet, etc. Curious though as to whether this is an attack vector for the same or a similar type of process to what the authors are describing (haven't read their blog post, just the Black Hat description).
So at the very least you still have your passwords kept in a relatively secure keychain manager and not inside the app stored in plain text of some sort.
(Fwiw - I use LP, no master password saved, no iOS finger print access)
The rationale I use personally is that the master password might be stored in a retrievable format on my phone, but the phone itself is encrypted (iOS 8). And the convenience factor is strong enough (it's really convenient!) that I'm not discouraged from using strong passwords like I otherwise might be.
Unless someone sneakily borrows my phone and fingers while I'm sleeping, I don't think I'm at much risk.
It could, however, mean that your master password is in a cleartext or Apple-recoverable iTunes (local) or iCloud backup of your phone.
If an attacker is already physically in my office then I've got bigger problems.
I'm using Linux and my /home directory is encrypted. My laptop automatically logs out after a pretty short inactivity (2 minutes, unless I'm using certain apps like VLC in which case, it logs out after half an hour) essentially locking the access to my /home directory.
With that being said, having to type in my master password over and over again seems like a bit of an overkill.
This was also somewhat reassuring:
"As always, we made a responsible disclosure to LastPass. I want to stress how easy it was to work with the security team. The where very responsive and worked on fixing the issues we reported immediately. They also followed up with us from time to time and asked for our thoughts on every fix. It was a real pleasure to work with team!"
I can maybe move the keychain to an encfs encrypted folder in Dropbox. Then, I won't be able to use 1Password mobile app. And for the plugin, perhaps I can disable the plugin and copy-paste the password directly from the app.
Would love to get others' feedback. UPDATE: It appears I can combine sync through encfs folder and manual sync through phone to achieve sync on all devices.
I do not use the browser plugin (personal preference).
I don't think this is a reason to not use LastPass.
I doubt any password manager vendor has the resources necessary to truly protect their users. At least, if you are not paying top dollar for security, don't expect much.
To have a secure master password, you do not want to be using it to login to their website, because now you are blindly hoping they aren't having it logged somewhere or retained in memory that can be dumped.
I've been happy with it. The mobile app works well and it is very convenient. I just can't help but to have this nagging feeling since all their salts were exposed, I am really no (or not very much) "safer" than if I let Chrome remember them. If someone gets on my machine and knows what they're doing it is probably all over anyway, right? (And no, I dont let LastPass remember master PW, and I do use a system-level password so you cant easily see them in chrome://settings/passwords unless you have that to...) So the question is who do you trust more to protect the credentials that are synced to the cloud: Google or Lastpass? I don't know the best answer, all things considered (local and on the network). I would guess Google is a much harder target than LastPass.
1) LastPass has a history of taking ownership of vulnerabilities and taking appropriate measures. They do this publicly and provide a level of detail that demonstrates their expertise.
2) They're working under the same constraints as Google with the same caliber of engineering strength.
3) Most importantly, their business depends on delivering a secure product. It's in their best interest to continue providing a secure product.
If your're only considering vulnerabilities that pertain to that, I would think native Chrome has an inherent security advantage over a Chrome plugin. I am happy to be wrong about this, though.
Edit/Addition: While I give them props for the full disclosure about the salts being exposed, we don't have any evidence that this has ever happened to Google, so setting everything else aside, we already know for certain LastPass has been exploited in a way we don't have any evidence that Google has. That's not intended to be a slight on LastPass or praise for Google, just that, "it is what it is."
Edit: added link
Basically, even though they are claiming not to send your password to the server, if you open their security check:
> Once the master password is entered on the security check page, it decrypts your data (login and passwords) and send the length and character to our server for analysis then send you the result.
So, practically, they're not sending your passwords per se, but they are sending the length and characters used?
At least they apparently need access to a local machine. Would be a lot more concerned if a random hacker on the internet could break into anyone's vault. Still obviously not great though!
In addition to everyone in the building, the individuals in your IT department have access to your work machine, and can install key loggers easily. It may even be SOP at some places.
> "Turning on 2FA did not worked most of the times"
If you have a security issue here we'd appreciate a report at https://lastpass.com/security/ that said every report of this has always been a case of someone not reading the manual or FAQs so please checkout https://lastpass.com/support.php?cmd=showfaq&id=2775 first.
> "Sorry but I will never give trust to a password manager written in PHP"
If your coworkers aren't using something they're likely reusing company passwords, which is one of the key reasons to force using the extensions.
Keepassx is cross platform, and supports keyfiles, which could be installed on removable media.
Based on a paper I saw a few months ago, Password Safe's crypto looked to be better implemented.
Everything in GPG-encrypted files, in a git repo that I sync with my server. The GPG key is kept unlocked for an hour or so with gpg-agent, meaning I only type my key password a few times a day.
All passwords copied and pasted from the shell, though I use Conkeror so there's no reason I couldn't write a little bit of integration to have the passwords pasted directly into the web forms.
(defun cc () "Secrets File" (interactive) (find-file "/home/ajross/.cc.gpg"))
Password Safe has (or had) Bruce Schneier's recommendation, for what that's worth. I think he helped design the original version, years ago.
However, I think the key question is, what are you protecting? I doubt Schneier would recommend Password Safe, for example, for nuclear launch codes, but maybe your email password (depending on what's in your email).
It's not as secure as a pure-usb connection, but might be worth considering.
It allows you to send your password from your android device to any computer with a browser. It encrypts the password end to end with a public key generated in the browser and distributed to the device via qr code.
According to this paper Password Safe is the best. But really bad it is mainly for Windows and only expensive 3rd party OS X client. So I'm stuck with KeepassX (btw. 2.0 beta 2 was recently released)
Personally, I use a password manager that doesn't directly integrate with any browsers or plugins. While the crypto protecting most vault files is imperfect, there are mitigations that can lower that risk. I can't mitigate risks from third party plugins.
1password's browser integration can save you from phishing, because it can tell g00gle.com from google.com every time and not offer to fill in your google.com login, whereas if you're used to just copying from your password manager, you have to make sure not to mess that up.
Lack of convenience means manual work, which means chance for error. This is the same reason we recommend coding using trustworthy high-level crypto constructs instead of implementing it yourself; it's more convenient and harder to mess up.
1) Automatically Log out when all browsers are closed and Chrome has been closed for (mins)
2) Automatically Log out after idle (mins)
LastPass is so much of a win for the average user that even with this feature enabled, you are still better off than using the same username/password for every website which is the norm. This thread will be full of people recommending alternatives and there will be solid choices. I will keep using and recommending LastPass.
Though, IMO, a password manager which uploads all your password onto a central location with thousands upon thousands of other peoples password is just a really damn stupid idea to begin with.. Even if it's encrypted or whatever.
Well, I guess, it's time to reinstall keepass2 again.
One of the few unique passwords I remember myself is that of Dropbox, so I'm always able to access my passwords this way from anywhere that has a web browser.
I don't know if this would have helped your particular situation (not sure if you can export from this stripped down interface), but it gives me peace of mind that if the software itself ceased to function, my passwords would still be accessible.
But nowadays this is pretty tough in general.
Make a bookmark out of that (all on one line, newlines added to not kill page formatting), toss it in your browser's bookmarks bar, and click to convert. It's crazy awesome.
> We also found how it is possible to abuse account recovery to ultimately obtain the encryption key for the vault.
If a 3rd party can help recover your information, your information is not secure because account recovery can typically be bypassed by social engineering.
Someone posted the blog outlying more details:
>With all this information, we where finally able to obtain master passwords in cleartext. Woo hoo! Our attack only covers users that click the “Store my password” option though so, don’t store your master password!
So it's hackable, but only if you're an idiot who stores your master password or sets your password reminder to contain your password.
Seems my bet with my friend wages on. I'll probably be out $20 by the years' end.
If I were your friend, I would tell you that this is still dubious owing to the fact that without it, many people might use very weak passwords that never change. You gotta weigh that and the vulnerability it presents for large-scale remote attacks/leaks, against the likelihood of these guys getting local access to your machine (i think?) for this exploit.
Storing multiple passwords within a single master password means your security is only ever as strong as your master password is safe. Literally "putting all your eggs into one basket". Same with centralized email. One should separate accounts by email such that if a single email is compromised - not every account is compromised.
My argument (and practice) is to have individual emails for individual accounts. Using a dice selection method  they'll be as secure as any individual master password. The issue is burden of memory.
The argument in favor of password managers is that they relieve the user of burden of memory by exchanging a small chunk of security for a large chunk of convenience. Which is why I use a password manager.
The actual bet however is that somewhere in the implementation of password managers there will be found something that is so insecure it allows someone to "seize the basket" and more or less make the trade-off go from a "small chunk of security" to "all security". Specifically, any PM that doesn't require the device being compromised; though physical access is fine. (Physical access allows memory attacks but the device itself is not yet compromised.)
I hope that helped give my position some more nuance.