"They also said they couldn't get my exploit to work, but I checked my apache access logs and they were using a Mac. Naturally, calc.exe will not appear on a Mac."
Its a pretty bad trait we should do something about that and just continue striving for peer reviewable code and implementations.
With that said, I definitely agree on things that aren't security related.
The Mac client is very nice to use. The Windows client works well but isn't as nice looking. The browser extension is awesome- AND you can put MFA keys in there as well.
EDIT: And I forgot to mention the main reason I chose 1Password so long ago. Their iOS app is awesome and their mobile Safari integration works quite well.
It would be very nice if they did support Linux and people have been asking for it, but there is a passable workaround- and frankly one I'm willing to work with because it works so great everywhere else.
When I tried it out I wanted 1password family so I could share some accounts with my partner. 1password 4 doesn't support their cloud datastore; the version that does will not run on Wine.
However, I could use the webapp on linux. It was a bit annoying but I could have dealt with it. The other complaint I had was the UX for Android. Having to switch my keyboard every time I wanted to enter a password was very annoying. Hopefully that gets better with the recently announced Autofill API for Android O.
1. Giving code running in your browser access to your password database carries some risks. Browsers have a massive attack surface.
2. Autofill extensions use heuristics to map secrets to forms, and sometimes put secrets into fields they shouldn't.
3. Autofill extensions cause your browser to prompt for your master passphrase. Other extensions may be able to emulate this behavior or otherwise intercept your passphrase.
Anyone who isn't using a password manager should do so. A password manager with autofill is a huge step forward from nothing. But disabling autofill offers some further benefit.
1Password's extension does not prompt for my master passphrase, I have to click on it to enter it (if I haven't already). It also to don't try to fill forms on page load, I have to instruct it to do so. By default it will usually submit a form upon fill but I often turn off that setting.
As for browser vulnerabilities, I'm not familiar with any information about extensions being particularly vulnerable to browser exploits, it seems like when browsers get "pwned," anything in userland (if not the whole system) is up for grabs so avoiding the password manager's browser extension doesn't gain you anything. I'm not saying there's no risk, just that trade-off is worth it. Agilebits argues that using the extension is safer because it avoids keystroke loggers and clipboard sniffers 
LastPass also unfortunately has in-pane banner pop-ups which I do not trust at all. Blind and automatic autofill is dangerous. I'm not sure if you can enable that.
Another feature I like is the detection of compromised sites and password rotation reminders.
Now imagine you stepped away from your machine while still logged in.
Autofill is convenient, but there are negative consequences.
The issue with 1Password is that it's not accessible in Linux and no U2F (yubikey etc) support AFAIK...
Its not great and it crashes some, but it does work.
same with things like yubikey
It seems like it would be better to just fake a keyboard output instead? then you could have something that could work on all platforms in all situations
Hardware faking of the keyboard would work fine though
Passforios is being actively developed and is shaping up well.
PasswordSafe's safe is an open source file structure and thus there are many different ways to access it with different features for each. I have PasswordSafe on both my Windows PC and android phone and I'm using PasswordSafe professionally for my organization's passwords and found that there are reliable Mac options so those with Macs can access the safe.
And for all the users of password managers which use a browser extension or a cloud synced database, KeepPassXC is a good alternative, because it won't come close to touching your browser or any remote server. It is cross platform so you have no excuse. It also has a mobile app which is not made by the same developers but a different company so I would be wary of the app.
>Why KeePassXC instead of KeePassX?
>KeePassX is an amazing password manager, but hasn't seen much active development for quite a while. Many good pull requests were never merged and the original project is missing some features which users can expect from a modern password manager. Hence, we decided to fork KeePassX to continue its development and provide you with everything you love about KeePassX plus many new features and bugfixes.
Chrome 57.0.2987.110 (64-bit)
Built: Thu Mar 09 2017 12:40:16 GMT-0500 (EST)
Binary Component: true (Native Messaging version 4.1.34, built Jan 11 2017 01:45:24)
1. Mac/Window/Linux support
2. Ability to control accounts from an admin account. PW/2FA reset, export/wipe of accounts etc.
3. Reasonably secure
4. Not too terrible to use for Engineers/non-techies alike.
It encrypts your passwords with your GPG key and stores them in a git repository. You can of course easily extend this to do a lot of different things.
I also wrote this tool for automating password rotation:
One of the claimed features is "multiple stores: Combine several work teams and your private store!"
Keyringer: encrypted and distributed secret sharing software
eg I know some phone/sms services that only let one account manage a phone number or something.
Also, sometimes account licences are absurdly expensive.
There's some services that even though we have (say) 50 licenced users, they also want us to have licences for each admin. We're not spending $50k/year just so we can each login once or twice a year to fix/configure something for someone.
Initialize new password storage and use gpg-id for encryption. Multiple gpg-ids may be specified, in order to encrypt each password with multiple ids. This command must be run first before a password store can be used. If the specified gpg-id is different from the key used in any existing files, these files will be reencrypted to use the new id. Note that use of gpg-agent(1) is recommended so that the batch decryption does not require as much user intervention. If --path or -p is specified, along with an argument, a specific gpg-id or set of gpg-ids is assigned for that specific sub folder of the password store. If only one gpg-id is given, and it is an empty string, then the current .gpg-id file for the specified sub-folder (or root if unspecified) is removed.
EDIT: Better formatting
Edit: See sister comment by runejuhl.
And the author responds well on external feedback/contributions.
It does support KDBX4.
If bundling your devDependencies at compile time counts as "0 dependencies", nothing has any dependencies. In this case, the whole thing's built on electron - all of chrome's rendering engine is quite the dependency. The uncompressed Windows version is 137 MB on disk. Fatter than most any app should be.
Once it's implemented I may reconsider, but for now at least, I'd shy away from it.
Edit: Looks like it's close
Are these a huge improvement from what was offered previously?
ChaCha20 over the existing AES-CBC... not as much, I feel more comfortable in that it's harder to screw up the implementation of it, but that's about it. CBC mode especially can have unexpected side effects unless used very carefully, ChaCha20 or any other strong stream cipher, even AES in CTR mode is somewhat easier to understand the side effects of.
So overall, not concretely in terms of known vulnerabilities, but in terms of predicted risks, I'd say certainly. Before this change I was erring on the side of known algorithms with solutions like LastPass at least using standardized PBKDF2. With this change, KeePass went behind or middle of the pack, cryptographically compared to competition, to the frontrunner.
I do security for a living. This technique is mocked by other so-called experts, but who's laughing today? I fully understand the security model I'm using. Lastpass users--and developers--clearly did not. Other password manager users should stifle the urge to laugh if they haven't fully reviewed their entire stack.
Further, I've used variations of the same password for the past two decades for >90% of my accounts, e.g., the ones where my threat model is "do not give a fuck." When I sign up, I mentally consider whether I give a fuck the account is compromised. If I do, new random password for the list. If I don't, use the 20-year-old password.
Misinformation like, "Always use a reputable cloud password manager, like LastPass?" Along with a trusty antivirus, am I right?
To be further contrarian, if the common man is going to use a password manager, use Chrome's built-in auto-fill, without antivirus or other 3rd-party bolt-ons, be they LastPass, KeepPass, 1password etc. You know who Tavis works for, right? Chrome's application security is best of breed, and its password manager does what it's designed for, at least.
If you are going to memorize passwords, feel free to memorize ASCII gibberish if that's what you are into. Or memorize random phrases, since many (most?) humans find those easier to remember.
94^12 ~= 4.76e23 > 7776^6 ~= 2.21e23.
And typing 12 characters from muscle memory is faster than learning and typing "limbdumaslaterjuramondohalf", which is what diceware^6 just gave me.
The supposed mnemonic value of diceware is illusory. If it convinces people to use stronger passwords and it works for you, great.
As I need to enter on a regular basis. In practice, no more than half a dozen. Usually I have 3 or 4 in use. Might be work, personal, and a couple for crypto.
> How long does it take you to learn a new/changed one?
Depending on the length, 5-10 minutes of continuous training to be confident if it's one I'm going to put into immediate use.
The point is to go straight to pure muscle memory without using a mnemonic crutch. Ultimately for a password that you're typing on a multiple-times daily basis, you're going to be relying on muscle memory anyway. If you're trying to remember what came after the correct horse battery, or if the correct came first or last, you've already lost. "limbdumaslaterjuramondo" gets me no closer to login if my password is "limbdumaslaterjuramondohalf" if I've forgotten nonsensical "half" than "+D%W}B_]7|~y" gets me to login if my password is "+D%W}B_]7|~yd" and I've forgotten "d".
You're going to be typing the password with your fingers, so learn the password by typing it with your fingers until it's automatic, not by conjuring a sequence of unconnected mental images. It actually saves time.
As far as I'm concerned, I've tested some diceware passwords for some months, and I would say they served me all right. I "name" my passwords by their initials (first letter of each word), so there's no risk of missing a word or swapping some.
But, I still contend it basically knocks down a straw man with bullshit. Yes, they correctly point out that if you're using a mnemonic method, a long passphrase is better than a short password. I'm pretty sure the PGP folks pointed that out at least a decade or two ago.
At the end of the day, if you're not using, recalling, and exercising a strong secret, you will forget it. That's how memory works. With Diceware you have three things to learn; your silly mnemonic, what it translates to, and how to type it quickly. True, you might (just might) forget the muscle memory of exactly how to type it before you forget the entire mnemonic, and then be able to recover the password from your memory of the mnemonic cues. That seems intuitive, at least, but misleadingly so.
But my years of experience has taught me that muscle memory is the most durable memory. There's nothing inherent in "correct horse battery" that's going to give you "staple" once you've forgotten it; it's gone. It was random, after all. If you're not exercising and remembering your secret, then you have to have a backup to fall upon--written down or stored somewhere? If your goal is muscle memory with minimum pain, fewer, maximally-random higher-entropy keystrokes is better.
I don't think most people sit down at their desk all day uninterrupted without leaving. I lock my terminal when I leave my keyboard and type a password to unlock when I return. I enter a password whenever I unlock an encrypted volume (e.g., to get other passwords).
You can use biometrics or tokens, but purely memorized passwords can have unique utility. In America, for instance, you generally can't be rubber-hosed to give up a memorized passphrase, and it's not generally a crime to do so. You can be compelled in a variety of settings to provide a physical token, including biometrics, or disclose their existence. There can be civil coercive techniques to pursuade you to give up a password, but at a bare minimum, in a criminal situation or where the 5th amendment applies under my current understanding you cannot be forced to give a password from memory.
Of course if you're the surveillance target of a nation-state then potentially they can do what they need to do to covertly intercept your passphrase through physical access, evil maid etc., but that's a different ballgame.
Now, it could be argued that these images/backstories could be made up for random ASCII chars too, but to me it's just easier to do so with words.
Regarding screenlocks, I tend to use relatively mediocre passwords (nothing stupid, though), since screenlocking is only useful against very casual attackers -- someone skilled and motivated will just get in if they have physical access to the box. But I agree that it's where muscle memory would work best.
The only non-unique keys I use, are also nonrandom, and used for accounts with no security consequences. Like this one.
See https://blog.lastpass.com/2017/03/plans-to-retire-the-lastpa... for details.
In fact, for the average person, I am not sure a post-it note full of passwords in their home is a bigger risk than an online password manager. Sure, if someone breaks into their house they are screwed, and that is a relatively easy attack. But on the other hand, any bulk breach leaves them unaffected. A notebook full of plain text passwords in a drawer in your home and a shared memorized prefix that must be combined with the passwords on the list to get the full password seems strictly more secure than a password manager (although slightly less convenient).
This actually sounds pretty good; I might start recommending this to non-technical friends and family.
EDIT: phone auto-completed "non-technical" to "non-profit technical"
I've just been researching it and most of the recent vulnerabilities (before this one) have been either minor in severity or "working as intended" (like saving your master password and using PIN unlock, which they warn you is insecure, and relies on device encryption to protect your master password).
Today's issue is by far the most serious in at least the last year.
A big part of that decision was that they have been reviewed/audited and there were a couple vulnerabilities found, but they were all minor, which indicates to me the system is pretty secure. The nature of the bugs was also comforting in that they seemed like small oversights, compared to a lot of the LastPass bugs which seem like "holy shit how did you let this happen".
Only issues I have right now are:
- No app-fill on Android.
- No auto-fill (have to manually click the icon and select an account).
- When using Firefox the extension periodically logs out for no apparent reason.
- There's no address/wallet stuff so I actually have to pull out my credit cards.
Other than that it works pretty well.
- We also fixed the issue you are referring to on Firefox last week. Make sure you are using 1.10.1
- There are plans for additional "wallet" features in the future.
To be clear though, app-fill and auto-fill were referring to different things. What I meant by lack of "auto-fill" was that when I visit a website on desktop, my details aren't instantly filled when the page loads. I have to manually click the extension icon in my browser and select the account I want.
- Firefox extension
- Password generator
But I'll keep an eye on it. LastPass is far from perfect.
- Firefox: https://addons.mozilla.org/en-US/firefox/addon/bitwarden-pas...
- Generator: http://imgur.com/3q4w9Mn.png
Every member of Google's Project Zero team is individually more capable and productive than entire teams of consultants at the best security firms.
I wish that we had more opportunities available for researchers to do the work that Tavis is doing. He is very very good and highly productive, but he's not somehow orders of magnitude better at his research than others. The thing that makes him unique is that Google is paying him a full-time salary just to find bugs and post them publicly. He doesn't have to worry about only targeting stuff in bug bounty scope or working on executive-targeted write-ups and consultation reports to make ends meet.
Basically, he gets paid to spend all day, every day, finding bugs and documenting them for people to see. We need more people in those sorts of positions, but only Google is really able to bankroll it.
I agree that security consulting results should be more open, but incentives are not really aligned for that to be the case.
1. They have a phenomenal intuition for where developers get lazy, tired or simply incompetent in security-sensitive code,
2. They have, in aggregate, a vast knowledge and understanding of past vulnerabilities and how those might be repeated elsewhere or imperfectly patched,
3. They practice a lot and they read a lot (i.e. relevant research, etc). It might be more accurate to say that they have a lot of practice because of their work, not that they actively practice outside of work.
4. They are good at the general process of security research - long hours of mostly dull, complex research interspersed with brief eureka moments and bouts of euphoria.
They're an extraordinary team, for sure.
"Microsoft treat vulnerability researchers with great hostility," he says.
If I keep a local encrypted password file and copy it around by hand, I may have some vulnerabilities, but it's not worth a hacker's time to steal only my accounts, and I can probably protect my credentials from casual malice. On the other hand, if I put my passwords on the same service as hundreds of thousands of other people, that's a huge jackpot that attracts significant hacking interest, and the service only has to screw up once. The risk doesn't seem worth the convenience.
Also, I believe that a hacker who gained access to LastPass's database would merely get a bunch of encrypted passwords. LastPass doesn't know your master vault password, which is needed to unlock your vault and use the passwords that are stored there. So, they are a big target, but primarily for attacks like this where an individual page might be able to hijack the plugin for users visiting the site, and not because some could hack LastPass and get everyone's passwords.
Both use an AES-256 encrypted database encrypted using a master password which is first hashed using a modern/slow hashing algorithm.
Obviously it is imperfect that the LastPass plugin has bugs in it; and I won't defend that. But I will say that the convenience is worth the risk most of the time, but LastPass needs to be better than this if they want to maintain people's respect and trust.
If you intend to keep your encrypted password database completely offline (e.g. USB keys) then, sure, it is more secure but very few users are willing to take on such inconvenience.
Password Managers in general have resulted in less password reuse, longer passwords, and more random passwords. Last Pass in particular offers "one click" password rotation on dozens of popular services.
> (Please note, issue 1188 which affects LastPass on firefox is not fixed, and still works)
is that true? how do you know?
Any lastpass RPC was able to be called, which does mean that it compromised the passwords. Now, the worse part is that any code (any .bat file, which on windows is similar to a bash script) could be run on the host computer, which means they can effectively take over the host computer.
Unfortunately, your comment history has plenty of uncivil and unsubstantive comments. It also has some really good ones, so we aren't banning you, but if you keep doing this, we'll have to, so please fix it.
We detached this subthread from https://news.ycombinator.com/item?id=13927087 and marked it off-topic.
I should have used a gentler tone. Sorry for rankling.
Additionally, in general and as is the case here, the bugs aren't in some nice kid's hobby project. It's not like he's pointing out that grandma's blog has XSS vulnerabilities. These are security products, which often seem like snake oil instead. If anything we need more stigma against people and products who claim strong security but turn out to be shams, providing only security theater.
Some things just need much more expertise to do than others. You wouldn't want a hobbyist designing your local nuclear reactor, nor performing your heart surgery. Similar standards should be in place for computer security. Accepting security systems that were hacked together like another CMS will lead to our digital lives being on a foundation of straw.
The first thing I think people should realize is that there are vulnerabilities in every software, and addressing that fact goes a long way. I doubt that they weren't following standards, and they do have a good track record of security although they get flak for being a extension based password manager (which is a very bad idea, something I've come to realize not long ago. I think it was at the time of lastpass's last vulnerability)
If you don't mind, I'm interested in know what you'd consider products with 'strong security'?
Yes there are vulnerabilities in every software. Even if your code is perfect the compiler will generate bugged code. Even if you fix that, the CPU still has bugs. These are certainly hard problems. However there's a difference between a subtle bug caused by a typo and complete lack of understanding of fundamentals. 
As for what products I consider having strong security, the crypto part of the Go standard library is good. Among large projects Chrome is good. Neither of them are perfect.
 I especially like the case of CryptoCat, a chat program that generated random crypto keys by concatenating strings of digits. https://tobtu.com/decryptocat.php
I have seen many security bugs reported by Tavis show up here on HN. I haven't seen Tavis behave poorly in either explaining these issues or reviewing the fixes. On the contrary, his comments in the issue discussions have almost always given a benefit of doubt to the product and its developers when it comes to the way they have handled the security issues.
Given what he does, the quality of his discoveries are really the only important thing. Do you really think that "form over function" is important in the context of what he does?