The threat scenario described by the article: If someone within LastPass wanted to gain access to your passwords (e.g. rogue employees, or via court order) there is a way that the extension could be made to upload your vault key back to LP if you click on certain things within the extension, namely some parts of the preferences, or something like that. Any such change would be publicly detectable, but could theoretically be targeted to avoid widespread notice. So in other words, the vault itself is not fundamentally flawed, but the design of the current extension doesn't proactively firewall against LastPass turning into a bad actor.
My $.02: Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.
As a long-time LastPass user I appreciate this kind of analysis, but this is just not something I have enough cycles in the day to let bother me. BTW the last time I opened my preferences was 3 years ago. LastPass is quite open to scrutiny and what's important is how responsive they are to new findings -- very responsive, from everything I've ever seen. Including many findings from the author of the article.
By far the biggest problem with LastPass is that it sometimes just doesn't apply (or misapplies) the password or username to the appropriate form entries, and I have to go find it and copy it. Occasionally it also misses the saving of a new password (that it generated) and I have to put it in the vault by hand. I suspect this is a really hard problem given the massive variety of forms out there, but would be curious to hear if other password managers never have these issues.
The user experience declined slightly after lastpass got acquired.
For a year or two, lastpass for Firefox didn't have the copy option for usernames and passwords. I had to edit, show password, then copy.
The autofill problem became pronounced after the acquisition as well probably through no fault of the new owner. Many sites like Google and Microsoft have switched to a multi-step login process where username is entered first and password is entered on a different page
Also a proof of sites abusing autofill & hidden forms to steal passwords probably influenced the current situation.
Two years ago I submitted a ticket asking them to add the "copy password" option to SSH key type entries. A simple and obvious feature. They said they'd look in to it, then nothing. Meanwhile in that time all I've seen them change has been the animations in the menu.
It was because of changes to Firefox's extension system. That said, communication about this was suboptimal. I would have liked for the UI to inform me of the binary option to get back that functionality.
I have LastPass with binary component installed and copying passwords doesn't work on Ubuntu 16.04 LTS with LP support confirming the issue without ETA.
Lastpass icon changes to show you have an entry. Click the icon, click "Show matched sites." Hover over the entry and you'll see three buttons: Copy username, Copy Password and More options.
I'm assuming these buttons don't work for you. Right-click instead on the entry and you should see a menu with the following items: Autofill, Copy username, Copy password, Copy URL, Go to URL, Edit, Delete.
Try the copy password entry. Hope it works for you.
LogMeIn is where products I genuinely loved go to die.
Years ago it was Hamachi (the LAN-over-internet software). Then it was LastPass and via it XMarks (itself acquired by LastPass shortly before). XMarks suffered much more grievously than LastPass — I suffered data losses on multiple occasions before finally throwing in the towel.
I found my perfect ux with password-store, xmonad, and xmonad-contrib's pass prompt module. It takes a bit of time setting up but it pays for itself. I don't store any passwords in my browser and filling in passwords is super quick with fuzzy completion.
password-store uses git+gnupg so backing them up is a matter of distributing the git repo. My git repo lives on each of my laptops and I have a 'central' host of it...so it's backed up via distribution.
For getting passwords to my phone I use a homemade Android app + small web app that sends them to my phone encrypted on-demand from my laptop or desktop. There are Android apps for using password-store but you have to put your GnuPG keys on your phone for that and I prefer not to do that.
Yup, it's just git. Passwords are files in a git tree so you usually do not run into any conflicts unless you manage to change the same password on both ends, which also should be easy to resolve.
I'm pretty sure this is fixed in the latest version. I can copy the user/pass directly from the extension menu. It also works fine on Microsoft and Google.
Also switched to Bitwarden the other day and it's far superior. None of the irritating bugs Lastpass extensions/integrations had, works perfectly on Firefox, Android, 'web' etc. In general it feels a lot less clunky and it's Firefox addon for instance has many more quality of life features.
The things that Bitwarden lacks for me is a global hot key to search my vault and the ability to only have the app running my menu bar so I don’t have to see it in my alt-tab options. Haven’t looked into Bitwarden enough to see if there is an API to write an Alfred workflow or something to search the vault.
My one issue is that their desktop app takes a long time (several seconds) to open on my Mac, possibly because it uses Electron. And, I wish they had a bookmarklet like LastPass does, for rare situations where I can't use an extension.
But overall, yeah, it has been better than LastPass.
>By far the biggest problem with LastPass is that it sometimes just doesn't apply (or misapplies) the password or username to the appropriate form entries, and I have to go find it and copy it. Occasionally it also misses the saving of a new password (that it generated) and I have to put it in the vault by hand. I suspect this is a really hard problem given the massive variety of forms out there, but would be curious to hear if other password managers never have these issues.
Agreed, ambiguously named form input fields cause all kinds of havok, I helped our UX team track down one in our application because it was breaking my lastpass =)
For the second issue, I've just adjusted my workflow to accommodate LastPass's peculiarities. I just click "Generate Secure Password", copy it to the clipboard and fill the form myself. Then I have a copy of the password on the clipboard should LP miss adding the site properly.
While it's a slight pain to work around that particular issue, it's far better than what I used to do with regards to password reuse.
LastPass recently made a change to how they save generated passwords, it'll prompt you right after filling it instead of waiting for the login to succeed.
If you're within the same session, the Generate Password popup likely has a down-arrow next to it that will show you a list of recently generated passwords. This has been useful occasionally.
> LastPass is quite open to scrutiny and what's important is how responsive they are to new findings -- very responsive, from everything I've ever seen. Including many findings from the author of the article.
That is nice, but it is not sufficient mitigation for the issue to be dismissed.
There are more concerns in this article than the title issue, and it seems that in the past, LastPass has made some questionable design decisions that did turn out to have problems that needed to be fixed. I hope and assume that, prior to adopting these design choices, LastPass analyzed the risk and concluded that it had avoided creating any vulnerabilities, but nevertheless, there were some that it had overlooked.
If you continue in this manner, you are increasing the risk of creating a zero-day vulnerability that gets exploited, and I would guess that a central repository of passwords would be a particularly attractive target for bad actors. I would much prefer a security company to stay away from questionable design choices, rather than have rather complex and more-or-less tendentious arguments that the way they are doing it is safe, especially when there have been cases in the past where their arguments were not sound.
> This is just not something I have enough cycles in the day to let bother me.
Another reason to prefer KISS. If the vendor had refrained from making questionable choices that require complex analysis (such as the decision to fall back to server-provided pages for parts of the browser extension functionality), trying to figure out whether it matters to you would be less of a problem -- to the point, maybe, where you don't fall back on an "I can't be bothered" attitude.
This logic sounds like "I've heard that if your car falls in a river, wearing a seat belt makes it harder for you to get out. I don't have time to worry about whether that's a real problem, so I just don't wear my seat belt. Too much complexity."
I use a few different versions of keepass on two laptops and an android, and they all share a keyfile through dropbox. I get most of the same functionality that my wife does through LastPass. It's convenient enough that I don't see any reason to migrate to LastPass, despite their much more polished user experience.
KeePass is more secure than LastPass, not less. I've tried a couple different password managers, but always come back to KeePassXC with a simple auto-type workflow. My reasons:
A. The auto-fill extensions don't work on enough sites to make it annoying (maybe ~20%). Auto-type is a more consistent workflow for me.
B. Lastpass (and friends) browser extension doesn't do anything for desktop apps, SSH sessions, or anything outside the browser. You have to copy and paste one at a time.
C. I like all my passwords to be a particular format because it frequently happens that I have to type them in manually (Phone, vCenter console, BIOS, etc.) and I just like that to be easy. (I use 5 groups of 4 lower case separated by periods, with one number and one upper case letter in the last group. Still very strong but also manageable to type into an iPhone).
D. I like to record more than just passwords (the email I used, answers to security questions (always random, but legit looking), bank and credit card details, stuff like that). The KeePass UI for keeping those kinds of notes is just so much cleaner, simpler, and better than anything else.
E. KeePassXC has first class support for Yubikeys.
This strategy makes you more susceptible to phishing, which is a much more common attack and requires vigilance to avoid. I think the reduced phishing vulnerability for browser extensions is worth it.
>This strategy makes you more susceptible to phishing
One mitigation is to use Firefox account containers.
If I navigate to what claims to be Bank of America, but the tab doesn't open in my "Banking" container, that's a huge red flag.
Also, as another poster mentioned, Lastpass sometimes fails to autofill. Unless a manager can achieve 100% error free operation (unlikely), even autofill managers will also have a risk of phishing.
I don't think there's one correct answer. For me, as an expert who's confident about my security posture (2FA, verbal passwords for vendors that can reset 2FA, backup codes stored securely offsite), I value the simplicity of Keepass.
I use KeePass too, great little program. It isn't as "mobile" but I don't really see the benefits of online solutions. It certainly isn't added security.
The website from the service in question also suffers from severe JS-errors on their page (FF 66).
KeePass here too. On Android, it is absolutely terrible paired with Dropbox. I'm not sure who to blame, but the database will not stay up-to-date and I have to click and re-open my key file _every_time_. On a fresh install, it stays good for several months, then it will get out of sync and I'm not sure how to get it back to in sync.
The Android (and iPhone) apps have always been more trouble than their worth, IMO.
I always manage my passwords on my computers, and type in on phones as needed. Simpler and just works.
To easy the pain of typing passwords, I always follow a consistent format that's easier. Example:
7,#/T8z%FS%zht6S
ctaq.zwjd.qnbu.ut1A
The first one is terrible to type on a little Android keyboard whereas the second is a breeze, and still perfectly respectable as far as password strength goes.
Fair enough. I just noticed down below someone was using keepass2android or similar. I'm using keepassdroid, and I noticed they have an issues page. Filed one. I might investigate bitwarden if I get bored[1]. Thanks btw, it really did not occur to me actually that there would be other versions.
[1]something that will not likely happen between family, work, and chores around having a large property
> My $.02: Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.
I respectfully disagree that apps are the same as webpages. The big difference is that apps are signed, so if things are done properly, you only have to trust the devs of the app and whoever operate their CI.
Web pages on the other hand have no such security (yet), which means you also need to trust the cloud provider, the CDN, the fact that the website was not hacked, the ops team of the password manager, and probably anyone who is able to make a valid SSL certificate and might do MITM...
Disclosure: I work for a company that makes a cloud-based password manager.
> Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.
This seems to me like a great argument to avoid all cloud based providers and their mobie apps. Especially when opensource, time tested, self-hosted solutions exist.
You seem to be more concerned about UX than security. Compromising security for better comfort is not a very good strategy.
> You seem to be more concerned about UX than security. Compromising security for better comfort is not a very good strategy.
From my practical observation: People will go to great length to avoid dealing with a crappy UX. That can include falling back to "YOLO, I'll just use the same password everywhere" if the password management process is sufficiently atrocious. So I'd say good UX is part of the security concept, bad UX will compromise it.
For me, the UX of maintaining an improved security posture is quite an important part of these products success, I get improved security and the product doesn’t make me think. The only way it could be better for me as a long term LastPass customer is if I had a good/safe tool to synchronise with the macOS keychain for improved redundancy and providing myself a future “exit strategy”, I rarely have to think about my use now that its integrated into the native iOS password prompt.
> You seem to be more concerned about UX than security. Compromising security for better comfort is not a very good strategy.
People are reusing passwords and writing passwords down on post-its specifically because they haven't found sufficiently UI friendly options of password management. Regardless if that is out of ignorance of available options, UI not being friendly enough for them, or some other technical hinderance.
A compromise isn't weighing between an ideal scenario and your current situation. A compromise is finding an optimum between value extremes in acceptable real world scenarios. An ideal security extreme is a disconnected system, but that's never something you can compromise towards since the comfort/usability reaches 0.
You're trying to move security up by getting users away from pass reusage and post-its. In this case added comfort happens to also be increased security.
> Compromising security for better comfort is not a very good strategy.
This approach is exactly why the vast populace has essentially no security. I'd be glad if my parents were to switch to last-pass, as it is so much better then weak password re-use schemes.
I'd say that compromising security for comfort is a given, its guaranteed to happen. The best strategy here is to make sure that users will have the most security after the compromise.
The open-source, "time tested," self-hosted solutions do not check that the website you're trying to paste a password onto is the website you should be pasting the password onto. That is a real and serious security risk, and the fact that the open-source solutions don't attempt to solve it does not mean it should not be solved.
I think a lot of people feel uncomfortable giving a proprietary product access to their passwords, and feel more comfortable doing the copy-and-paste themselves. But compromising security for better comfort is not a very good strategy.
>The open-source, "time tested," self-hosted solutions do not check that the website you're trying to paste a password onto is the website you should be pasting the password onto
Keepass has a third party Firefox extension that does this. Bitwarden is open source and has their own extension that does the same.
The main annoyance I've had is that for some sites it tries to save 2FA one-time passwords as the new password. Accidentally click "ok" and you have to go through password recovery.
Lastpass' password history saved my wife from losing multiple accounts. (Chrome's password autofill was overwriting Lastpass and thus messing up certain sites)
> My $.02: Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.
I think this is a good argument against cloud-based or auto-updating password managers in general.
With respect to the password-creation problem, I find the entropy of the passwords LP creates too low in any case, so I create them from /dev/urandom + base64. I've never had LP fail to recognise these hand-generated passwords.
> I find the entropy of the passwords LP creates too low
What do you mean? How are you measuring that? How do you think that would make a password of the same length and character set less secure in a practical way?
You can change the password length to whatever you want... and your link says it uses window.crypto functionality which appears to be supported in every single browser including back to IE11. [1]
So it seems like LastPass-generated passwords are fine?
Probably. But in the link I posted, did you notice the qualifier "as secure as your browser's implementation of the Web Cryptography API"? Also, AIUI, Webkit implements no PRNG so some Webkit-based browsers might have stupid implementations of the SubtleCrypto object.
The thing is, there is a chain of things you have to trust wrt the LP generator: Has the OS implemented the backend API correctly? Were there issues in the browser build that mess up the entropy derived from the OS seed? Has the Javascript done anything stupid?
In comparison, I have complete confidence in the entropy of the passwords I generate via CLI.
Wrt. password length: yes you can change it. But the dialog is a bit of inconvenience that tilts away from the hassle of switching to my terminal and typing "suggest-password". And I have something of a moral objection to password generators that default to insufficient entropy.
Regarding your issue with LastPass, I use Dashlane and those issues used to plague me when I first started using it (~2 years ago). I recently noticed though that it's gotten way better.
I recently made the switch from LP to bitwarden and have been incredibly happy about it. I can self host everything + the autofill and UI polish (browser extensions, mobile app, CLI) is much better. AND it's FLOSS ((A)GPLv3).
Even including the self hosting setup, my all-in migration time was <30 minutes.
I looked through a ton of other options like keepass and the author's own PfP. But mobile, web, and yubikey support are all very important requirements for me.
In the comments on the article, someone asks about Bitwarden. The author mentions there's a possible vulnerability, but in depth research isn't worth it, because he doesn't get paid for reporting vulnerabilities. This scares me about all these 'better than Lastpass' open source alternatives. First, they tend to get less attention from the infosec community. Secondly, I need to make sure to properly secure the server I'm running it on myself, of which I'm not 100% sure I can do myself, nor most developers I've worked with, let alone any person not working in IT.
Audits can be hit and miss, I’ve seen high quality code review companies just miss major and obvious mistakes in the security by simply not tracing the execution logic step by step in critical code sections and instead just scan the code for common known mistakes based on code fragment matching.
The same could be said for proprietary applications, which may never see third party audits because 'meh, customers have no access to our source and IP protection or something'
They're 'paying' you by being part of a movement to improve society for everyone; which includes free use of their software.
Sure, you can't eat that, but man does not live on bread alone.
You'd tell a neighbour if they'd accidentally left their car door open, wouldn't you? Most people would even shut the door if they weren't around. Same principle.
> Most people would even shut the door if they weren't around. Same principle.
This is a poor example because finding bugs requires a lot more effort than giving a door a push (which I find a little spurious - I wouldn't touch my neighbours' car).
There is in practice an almost infinite amount of things you can donate time to and all else being equal (for example, they're all password managers) I doubt you'll convince most people by telling them they should do it because "it makes things better for everyone", they could be making everything better for everyone and still getting paid - that's the superior option. Even if I think you are correct.
I appreciate that they have a good way of contacting them with security issues, and if I found any by accident or used to tool daily myself I might report stuff. However, I will not dedicate time hacking something I do not use myself, to report stuff for free.
If you can pass your password database via something like dropbox (or your own nextcloud), then KeePass has had audits, for example by the European Commission's EU Free and Open Source Software Auditing project. And you don't have to trust your server that does the syncing.
The semi-recent ability for it to work with android's built in password filling has been really nice for me. It now works properly with firefox android out of the box, selecting the correct username/password based on the url. Previously the best way was to use the keyboard that it comes with and select the password yourself. Now it works everywhere.
> I need to make sure to properly secure the server I'm running it on myself
I think, for practically everyone, it is far more likely that shared infrastructure (like LP or hosted bitwarden) would be centrally compromised. For example, this post mentioned compromising a safety check for all lastpass users by finding a single vulnerability on a single lastpass domain.
Unless you go to extreme lengths with your personal opsec, a targeted attack by a skilled attacker is pretty much sure to be able to compromise you.
(In fairness, I don't actually know if self hosted bitwarden is enough for all classes of attacks or if I should also compile the clients myself in order to remove any references to the main bitwarden domain)
> I think, for practically everyone, it is far more likely that shared infrastructure (like LP or hosted bitwarden) would be centrally compromised.
I believe the opposite to be true. Any use of Shodan or any vulnerability scan of the public internet provides strong evidence that centralized, funded and focused services do security better than 99% of orgs and individuals.
You can’t run infrastructure and app security better than a specialist SaaS company. You don’t have the same time and money.
Yes, the blast radius is smaller for self-hosting, but that’s small comfort when you are still inside the blast radius.
Attackers will spend resources proportional to the expected reward. Alone I am a low value target, but using a standardized solution makes me part of a huge reward pool. As such my strategy is to require manual work by the attacker to compromise me.
Combining a few of the shelf components (dropbox + keepass in my case) should be easy enough to not screw up so badly it isn't worth putting your eggs in a different basket as everyone else.
In terms of intentions, Bitwarden is very open and attempts to do everything right while putting itself under scrutiny. I suspect that as the company gains more and more users they will grow into the top choice, ie, when they get the cash to hire 1-2 more developers (or even afford a high-paying bug bounty system, )
For example, I chimed in on github semi recently about there being a lack of automated tests and within a week somebody claimed to have decided to prioritize it. With other companies, 1) we wouldn't have known, and 2) we wouldn't ever know if it was fixed
TLDR, long term looks great for bitwarden, short term makes me a tiny bit nervous though
Edit: looks like they added 3 test files that I could find, which isn't terribly comprehensive but I assume there are more I missed on the other repos...
Switched to it somewhat over a year ago from LastPass after I read up on LastPass’ ‘security’. The only thing I dislike about Bitwarden is that on their iOS app it sometimes takes a while (>30s) to load the search function. I love that their chrome extension has a dark mode!
Bitwarden is using Microsoft technologies. If running a MSSQL server is too much for you, you can use alternative servers which are fully compatible with the official clients:
I did. Linked me to the article saying to hand edit my CSV file to figure out which fields are too big and delete the data. This is a years long outstanding issue.
I second it. I also switched from LastPass to Bitwarden. The main reason was now my data which are online is more valuable than it used to be a few years ago and I don't want to be the scapegoat of their failure in case if it happens.
Another reason, It has a polished app and works flawlessly on all the platforms and I can host it myself.
How did you perform the switch? I reviewed lastpass export function and it outputs an entirely non compliant csv file. It's probably impossible to parse...
Password managers like LastPass and 1Password have a significant advantage over offline database tools like KeePass: You can easily share individual passwords with your co-workers in a somewhat secure way.
KeePass for instance lacks the ability to do just that. You can either a) share the entire database or b) use multiple databases with different passwords. However, a) is not secure as your co-workers get access to passwords they do not need and b) is very inconvenient.
LastPass (or 1Password, Bitwarden) makes sharing individual passwords within your team very easy, convenient and secure enough. You can create shared folders and define permissions to access those by certain members of your team, and most importantly, deny access to other members. Is there any offline based password manager that allows you to do that (and is usable by the average Joe)?
1Password does not support sharing (or transferring) of single passwords. You can for example not create an account for a user and send him the credentials through 1Password.
How well does KeePass support having multiple open databases? And ideally one would also want something like GPG where every sysadmin has his own password to the same shared file, which I do not think it supports.
In my experience, Keepass works great with 2 databases open.
On my work computer, I have my own personal DB and my Work DB open at all time.
I mainly use the passwords for the web, and the Kee extension in Firefox and Chrome finds the right password without any problem, from both DB.
I have my personal ssh keys stored in my DB as well, and Putty can access them without problem.
I can't speak for shared DB though, as I've never used it in that way.
My spouse and I share our streaming media accounts, for example. We also share passwords for the account on the utility company website, the phone company, and the internet company, some are under my name, some his, but they are really joint bills.
The other case I've run into is at work, when the company has an account with an outside vendor rather than individual users.
- You have a social media account that a group of people should be able to access. (Facebook does this "right," in that pages don't have their own login credentials, and you go through your personal Facebook account to access the page. But I kind of wouldn't want to use my personal Facebook account for work, anyway. Twitter, Instagram, Reddit, etc. treat each account as its own log-in-able entity.)
- You have an AWS account where you want to avoid a single point of failure for the root credentials. Yes, each person should use their own IAM creds for day-to-day use, but if person X is unavailable person Y should be able to get to things. (And for casual projects, "learn about IAM" is a significant burden over "learn how to upload pages to S3" for limited benefit.)
- You have a web hosting account from someone who's not AWS who gives you a single username and password. Or a DNS registrar account (most registrars I've seen don't let you split up access). Or whatever.
- You have a shared email account for replying to things as a team, or even for just archiving emails. Again, some systems do this "right" - if you're using Exchange, you can allow one user to access another user's inbox. But most people aren't on Exchange, they're on something like Gmail.
- You have an account for some service where you shouldn't be sharing passwords according to the service, but doing so is strictly in the service provider's benefit, not yours. Netflix is the canonical example.
I have 2FA on my shared AWS account - my project partner and I both scanned the QR code at the same time. (You should be backing up your QR codes anyway in case you lose/break your primary phone; scanning it simultaneously with a secondary phone is a great approach for this.)
Even if this weren't possible, it would still be better to use 1FA than to arbitrarily pick one person to have root account access and lock the other person out simply because you "should" have 2FA.
I also started using pass when migrating. I've been nothing but happy with it.
It's fast, easy to host either at home, or through Bitbucket or Github, and has clients (which IMO could all be better) for just about everything i need.
pass is amazing, as it makes synchronization incredibly easy in comparison to keepass. It even has a decent Android app. My biggest issue is that using it isn't nearly as convenient on Windows as on Linux, although WSL makes it quite simple.
I don't get the hate. I've been a LastPass user for 5 years and it works for me most of the time. I've dabbled in 1Password, Chrome native password management, Firefox native, random Hacker News password manager recommendations. LastPass...still the best off...AND I got my brother and dad to use them and get excited about password safety.
What's so terrible about people using better and better passwords? It's not perfect but I am so much happier with my dad using LastPass versus the shitty password strategy he had before...it was post-it note password management.
Yeah, I also think it's interesting. I have been using LastPass forever and use 1password for work, and LastPass seems a lot easier to use for me. Both are better than using "password" as your password.
I will admit that I don't store my Google password in any password manager. That is the root of trust for everything, so I remember the password and use 2FA. The other accounts aren't as important.
LastPass on Windows doesn't stand out as being as shockingly ugly or ill-conceived as it does on macOS or iOS. It just sort of blends in with a lot of the undesigned applications that make up the Windows ecosystem.
That doesn't mean it isn't ugly. People deserve better.
I live in fear of forgetting my Google password (although I have several locations where my backup codes are stored) so I broke it into several parts and stored them with innocuous sounding names like "sister's birthday" and "plumber's contact info", but using a poem I know well as the phrase key. The times I've needed to refresh my memory it was very easy for me to retrieve it.
> What's so terrible about people using better and better passwords?
This is a complete red herring - it's an argument for using password managers in general, not LastPass in particular. The issues here are whether it is being done in a way that unnecessarily compromises those better passwords.
There's nothing wrong with the idea of password managers, even physical ones might work for some people, but LastPass is just such a lazy, ugly, clunky implementation of one.
One organization I worked with accidentally created a password manager and it looked better than LastPass. Since it grew to become a huge security risk it got migrated to LastPass, which was barely useable and, at that time, got hacked, so that's a plus, and then migrated to 1Password the instant they added group vaults.
1password works perfectly well as a browser extension on both my Arch and GalliumOS machines. There is also a CLI that spits out JSON, and you can find (or code) a wrapper around it (or use jq to display the JSON nicely). Client on windows at work works fine too. Don't really understand where you're getting at with your criticism.
Have you tried 1Password lately? They used to be trash, but I use them on mac, windows and android and it is far superior to last pass in almost every regard now.
You used to be able to go to a username or password field, hit the down arrow, and it'd let you select through your various accounts. I hate touching my mouse and loved that interaction. Really wish that came back.
I hope they took it away for a good reason, like a security vulnerability.
It's shocking how badly designed and slow it is. They somehow manage to hide everything you'd use frequently under 10 clicks or taps, and by default organise things info irrelevant categories which you can only stop by removing each one individually.
I use KeepassXC which I sync to my home NAS from two computers and my phone. Keepass DX is the best Android app I've found and it supports opening the database with your fingerprint.
I don't see the fuzz here if needing to have a browser extension. When a site asks me to login every now and then, I'm ok with opening the app and copying the password.
Yes, KeepassXC rules them all :). I use KeepassXC on Linux and Windows, macPass on a mac (has same db format, but macOS Aqua interface) and MiniKeePass on a iPhone. I use two keepass databases (as data loss prevention). For Linux and Windows db is stored on a Dropbox. On a mac and iPhone on a iCloud. I merge them once a while.
However for many years I used just a single db for every device and didn't had a single problem with it. Started to used two, after I switched from Dropbox to iCloud on a mac and iPhone.
Same here. I've been a LastPass user for years before switching to KeepassXC. Actually, one of the things that made me switch is the browser extension. As a web developer, I had a hard time keeping all my sessions open (I had a rather strict policy at the time) between my browser sessions.
So I switched to KeepassXC, which allows me to have a cross-platform app, and the database is stored inside my Google Drive. I also use a security file that's kept out of the Google Drive as another security layer.
Oh, and the auto-type feature of KeepassXC is amazing. Some sites have a weird username/password combo scheme, so I can program KeepassXC to enter the correct keystrokes for a given website. Works perfectly.
Just a little PSA, 1Password7 let's you run entirely on local vault files. I have a NAS at home (Synology, but you could use whatever) to sync that vault file between it and all my devices, mobile included, only on wifi. I subscribe to 1Password's monthly model with the cloud services, but I just don't use any of them, and they have settings on every client which let you choose the default vault for saving, and I just use the local one. Best in class apps, local password storage only. Best of both worlds, unless there is some angle I'm missing.
> I subscribe to 1Password's monthly model with the cloud services, but I just don't use any of them, and they have settings on every client which let you choose the default vault for saving, and I just use the local one.
For those who wonder why one might subscribe to the cloud service when one is only going to use local vaults, rather than buying a license for the non-cloud version, the non-cloud version requires separate licenses for your Macs and for your Windows PCs, and major upgrades cost a substantial fraction of the initial price.
With the cloud service one purchase covers all your devices and all major upgrades for as long as your subscription is active.
I think it worked out when I did the math almost a year ago that if you have both Macs and PCs, then the cloud came out cheaper if you assumed a major upgrade every couple of years.
I've only ever used Apple's iCloud Keychain [0]. It has always worked great, and seems to have good security in order to enable; it asks for the local login password that you signed onto one of your other devices with, but it feels scarily easy to see ALL your passwords in plaintext with just a single Face ID authentication.
I'd be more comfortable with bio-authenticating per password (though that might use more battery) and preferably asking for the password/code if you look up more than 5 passwords too quickly, but I'd rather have to trust a big company than a smaller third-party that gets acquired and sold around.
What are the advantages of LastPass and other password managers over iCloud Keychain?
I too was a happy user of iCloud keychain for many years. Except one day, I made a new password on my Mac, but even after a few hours it hadn't sync'd to my iPhone.
I followed some instructions and toggled iCloud keychain sync on my iPhone (just turned it off and on) and it proceeded to erase about 250 of my 300 saved passwords. Wasn't able to get to my other devices fast enough to turn off the networking - they had all already been deleted from my Mac, iPad, etc as well.
Spent an entire weekend resetting passwords - never again. I am now a happy Bitwarden user. Even if it eats all my passwords one day, at least it's trivial to export them all to CSV.
>preferably asking for the password/code if you look up more than 5 passwords too quickly
Great, so rather than being able to access all your passwords, the attacker can only access your two personal email, company sso (including email), and two bank accounts. The rest can be obtained with password resets.
If only there would be a browser extension for anything other than safari on OS X. Manually copying passwords (and then saving in chrome) gets real annoying
I don't use Keychain to manage most of my passwords (because I have Windows devices), but when I click a password field, the space above the keyboard says "Passwords". If I click on that, it lets me choose between LastPass or Keychain.
I use keychain for convenience, but I also don’t enable touchID or faceID for this very reason. Too easy for someone to gain access to all of your credentials. With touchID, anytime you’re unconscious, anyone can get access to all of your stuff.
KeepassX works well as the actual database of credentials.
I don’t understand the question. I don’t want anyone to be able to get access to my credentials while I’m unconscious or incapacitated, so I don’t use touchID or faceID.
All the hate towards LastPass... but man, there are so many great tools with LastPass that the other services simply don't have yet.
Given I haven't looked into it in a year or so... but the Dead Man's Switch alone makes it worthwhile for me. My lawyer has this, and 30 days after I kick it he can go in and delete all my accounts.
Sharing passwords with a team, it's really helpful. Being able to share access, but not the password itself... really nice feature.
The password audit, showing me how old my passwords are, or which ones are weak... it's nice to have a sanity check on all this stuff.
Anyway, been on LastPass for a decade or so... tried a few others, always find myself back with LastPass since the others don't quite have all the features I want.
> Sharing passwords with a team, it's really helpful. Being able to share access, but not the password itself... really nice feature.
1Password offers this as well. Not allowing the end user to reveal passwords it isn't an ideal solution. The password can easily be obtained by anyone who is capable of using the browser's developer tools. Simply inspect the input element after it has been filled and the browser will give the secret away. The only way to be sure someone doesn't have access to an account after you've shared credentials with them (even "hidden" credentials) is to change the credentials for that account.
> The password audit, showing me how old my passwords are, or which ones are weak... it's nice to have a sanity check on all this stuff.
1Password also offers these sorts of checks.
> Given I haven't looked into it in a year or so... but the Dead Man's Switch alone makes it worthwhile for me. My lawyer has this, and 30 days after I kick it he can go in and delete all my accounts.
This, admittedly, we haven't found a good secure way to implement yet. Our current recommendation is to share your Emergency Kit with your lawyer, or whoever needs access, perhaps in a sealed envelope marked to only be opened upon your death.
You'd know, is there a tool that would let me migrate all my passwords from LastPass to 1Password? I think I have like 3k passwords and the thought of manually building that DB up again is daunting.
I know it's probably simplistic, but I'm horrified by the shift in the password vault market from local control and security to this cloud-based model. Even my choice, 1Password, has gotten on board - though it's still possible to store locally and avoid their sync, thank goodness.
I use gopass. It's like an extension of pass. The difference is that it has support for multiple stores. And you can add different people to the stores and synchronize each store with git. I wrote a tutorial and a cheatsheet (mostly for me)
Nice reference! On Linux I have a keybinding which opens a terminal with a fzf listing of my password entries. when I select the name I want, it types the password with xdotool into whatever is focused. I bet it's just as fast if not faster than the browser password managers' autofill.
Wonderful article. Even we were working on the similar issue. One way could be, instead of using Symmetric key (probably stored in the browser - hence not safe) to encrypt passwords before sending to LastPass server, they could have used Asymmetric crypto system. Solution similar to this can be very helpfull in this case : https://www.youtube.com/watch?v=Slhwunm4oT0&feature=youtu.be Notice the private key never leaves the mobile device and hence the client does not has to trust on LastPass browser client.
I'm also using bitwarden, but palent seemed skeptical about it in the comments. Here's a copy of the comment:
Reply from Wladimir Palant:
Unfortunately, I didn’t make notes last time I looked into this – the issues simply weren’t serious enough for reporting. And I only looked at a small portion of the codebase, so when I look at it now it will probably be some different code paths. So the getDomain() function I see under https://github.com/bitwarden/jslib/blob/dd46d5ecdd51f91dace5... is indeed using URL objects. It also knows that tld.js won’t handle IP addresses correctly, but it will only consider IPv4 addresses in dotted decimal notation and not IPv4 addresses in other notations or IPv6 addresses. All of that appears to be a minor risk but not an actual issue – assuming that URLs are already normalized when they get here (ok, let’s ignore the code prefixing URLs with http:// here).
The code at the bottom of this function is quite problematic however. Rather than ignoring non-HTTP URLs, this function will pass them to tld.js. But tld.js isn’t aware that non-HTTP URLs can have different semantics, so it will happily return “example.com” when it is fed something like “data://example.com,asdf/”. Oops, I think that one might even be exploitable…
I think I’m going to stop here. This needs a structured effort, not spending ten minutes every now and then. As I said, the codebase isn’t bad. But there are obvious issues that shouldn’t have been there. As always, spotting the issues is the easy part – proving that they are exploitable is far harder. I’m not going to spend time on that right now, so let’s just file these under “minor quality issues” rather than “security problems.”
I am a password store user, however it is a very nerdy solution. The use of git is it's biggest strength because you can host it yourself super easily, but your also stuck with git's awful ux.
Also the lack of file name encryption limits the options of using free git hosts - maybe that's for the best, but it clearly limits adoption even more.
The file names being stored in plaintext makes unwilling to recommend even private git servers - if your worried about leaking which porn or torrent sites you use.
I store everything in a Keepass. I maintain that keepass on a SpiderOak Hive that syncs between multiple machines, and mobile. The password for SpiderOak is not one I know - it's in my password safe and written on paper in a safety deposit box.
The password for my password safe is one three passwords I know: unlocking my root partition, my desktop account passwords, and this.
I have infinitely more faith in something whose encryption is zero knowledge with multiple tiers, as opposed to LastPass. I'll never understand the notion of password as a service being an acceptable risk.
I assume last pass will be hacked someday. And when it is that person will have my Reddit, Hacker news, amazon etc.. But not my email or financials. I store super important items to human memory only. For many accounts like my github they will have to defeat two factor authentication. I hope people keep polling password managers for exploits to make it more secure. I know it's not perfect. I understand the risk-reward.
I never got comfortable with lastpass or 1password, i usually find enpass in middle ground. They don't have recurring cost to maintain webserver and security.
For me ideal is keepass but once got db corruption when syncing with dropbox like service. Hence went with enpass which allows me to sync password across devices and encrypt with keyfile and master password like in keepass.
For me, cross platform, offline access, and good UI are paramount. LP checks all that but random scripts on a Linux command line doesn't even remotely cut it.
Firefox's password safe comes close it seems, but I haven't read too many opinions about it.
Isn't the goal of password managers like LastPass convenience at the cost of security? They might take security as seriously as they can, but it is ultimately less secure than memorizing dozens of unique passwords if you could.
Not only do humans demonstrably not do that, no: they cant memorize that much data. Secondly, a password manager does not have to upload your passwords anywhere directly, they can be protected with a master password or a different encryption mechanism (eg smartcard).
Since no company is totally secure, of course you should be concerned. I would never use a cloud based system even if it is more convenient. I'll stick with a local keepass backups thankyouverymuch. Though I suppose if I was a real target I would trust LastPass before my own security.
I never really trust a binary provided by someone which also talks to a server operated by the same entity. There is no way for me to audit an arbitrary binary (or application with source, in any reasonable way), particularly since it is regularly updated on both ends.
I use my own password manager and would not trust many proprietary third-party developers to get things right. Most of them have a long history of failures.
It's safer to self-host and store encrypted backups elsewhere for integrity. If you're not familiar with encryption or cryptanalysis, then you can use some open source encryption programs and a text file on an encrypted partition. That's a thousand times more secure than any proprietary online password manager.
For some passwords it is also more secure to keep them in plaintext on physically secured notes. It depends on the threat scenario.
I've never trusted password managers. I write the unique portions of my passwords in a notepad and combine those with a common but unwritten alphanumeric sequence to form my full passwords.
What if someone gets a series of leaked passwords from you, can they get back the alphanumeric sequence and brute force the unique portion? What happens if your notepad gets stolen, do you have backups?
The uniques are quite long so good luck trying to brute force them. As for it being stolen, it doesn't leave my house. I've never been robbed but if I was I doubt they'd steal a small worn notepad sitting in a desk drawer.
What about backups, do you just lose access to everything internet if the notebook is lost? What do you do when you need to access something when you're not at home?
I don't understand how people could use LastPass or any company that provide cloud password manager.
Any password uploaded to a server you don't control should be considered disclosed.
They can say what ever they want about their encryption pipeline, even release it as open source software, you can't be 100% certain that they run it unmodified.
You simply can't trust a company (that want to make profit at any cost, like all companies) with profitable data (like your login/password). One day someone will sell them.
This is why I don't use CPUs that other companies have built, and solder my CPUs myself from transistors I bought in Shenzhen while wearing a ski mask and sunglasses. You never know if Intel is secretly copying your data.
Paranoia is good but do you also never go in any vehicle? Surely you know people die in them all the time!
Everyone takes some risks and the vast majority of people I trust to take the most calculated ones use a password manager. Incidentally I do too. However I do not upload my bank passwords, and my Gmail / Facebook passwords there, so I did account for the absolute faint possibility of LastPass being compromised. I guess I just don't care about my Reddit or HN account that much!
I wouldn't trust any password service that uploads my data anywhere, with or without the key (though especially with the key like here). I wouldn't trust it if it uploaded the password data to Dropbox or any similar service under an account I own. Even if the data is encrypted, someone can get access to it and work on decrypting it offline. That's simply too big of a risk considering the power of state actors, although I assume state actors would just get the data directly from each website and not need my passwords. Still, can't assume anything about any adversary. Others could certainly be capable of cracking an encrypted file offline.
> Even if the data is encrypted, someone can get access to it and work on decrypting it offline.
That fear is irrational. While you go on to describe one reason for that, another is that cracking a solid encryption isn't something people can just do.
The vast computer power necessary to maybe crack something like a humble RSA1024 in 8 years can more easily make enough BitCoin to buy a small nation.
This is not an irrational fear given how Last Pass and many other password managers are designed. Last Pass (and others) derive encryption keys from their users passwords (via PBKDF-2).
Thus a (smart) attacker needn't guess the user's encryption key directly. They just need guess the user's password, "hash" it via PBDKF-2 with the proper params and see if it decrypts the data.
Using a sub $1,000 GPU and a table of common passwords obtained from popular website database leaks it's not that hard to crack the average joe's vault.
You are assuming Joe would use a "common" password to encrypt their highly sensitive password vault. Joe only has to remember one password since moving to a password manager. Even my mother uses a decent password for that. I'm not saying your situation isn't feasible but Joe has failed to use the product properly.
I think i saw that some of these managers have integrations with https://haveibeenpwned.com/ and that could extend to the vault password too. Maybe it already does.
Yes. Given how mass data leaks have shown just how bad people are at choosing passwords - I think it's a very safe assumption that a large proportion of Last Pass users have weak, easily guessable master passwords.
The ironic thing here is randomly generated passwords produced by a password manager are highly likely to be more secure than the password that protects the password vault itself.
> Yes. Given how mass data leaks have shown just how bad people are at choosing passwords - I think it's a very safe assumption that a large proportion of Last Pass users have weak, easily guessable master passwords.
Indeed. Which is in part why we developed the Secret Key. Even if someone chooses a relatively weak Master Password and all of the data were stolen from our servers cracking even just a single password of a single user via brute force would be implausible. The effort to reward ratio is very high (perhaps insurmountably so) on the effort side.
The entire point of PBKDF2 is that a sub-$1,000 GPU isn't helpful.
It's certainly straightforward to use PBKDF2 in a way that is resistant to common / leaked passwords: add a per-database salt, then you can't go through the table in advance. For each individual user you want to target, you have to start trying passwords.
But even if you don't, the whole point of a password manager is to allow the single master password/passphrase to be something complicated. The average breached password should not be relevant here, and a good password manager's UX should encourage/force you to use something more complicated.
1Password, for instance, requires that you provide a 25-character random string in addition to your passphrase; it's not enough to just have the passphrase. I believe they're both used as inputs to key derivation.
Your arguments are sound in theory. But not in practice (for LastPass, 1Password has a better design). For example LastPass was deriving their encryption key with only 5k rounds of PBKDF-2 iteration (but used ~100k rounds to create their authentication hash)[1].
In LastPass's case, assuming the attacker has obtained a copy of the encrypted data, a smart attacker can ignore the authentication hash and just try encryption keys directly.
5k rounds of PBDKF-2 on a sub-$1,000 GPU is quite tractable to crack.
Was it a trivial thing for LastPass to fix? Of course. But that's not the point - if an attacker got a copy of the data before you fixed it - it's too late.
With a salt and enough iterations of PBKDF-2, even easy passwords should be reasonably difficult to crack.
The problem of course is deciding what a reasonable number of iterations is, but given the time it takes to decrypt my password I'd say they use quite a lot.
"Should" is the key word there. When Last Pass was breached in 2015, they were using only 5k iterations of PBKDF-2 to create the encryption key (but it was changed to ~100k in Feb 2018) [1].
To the same effect that means you shouldn't trust anything going over any network ever. They can just as well decrypt your TLS connection offline as they can an encrypted data store. In which case, why do you not trust when you send your encrypted password over an encrypted connection, but not when your plaintext password gets sent over an encrypted connection?
My $.02: Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.
As a long-time LastPass user I appreciate this kind of analysis, but this is just not something I have enough cycles in the day to let bother me. BTW the last time I opened my preferences was 3 years ago. LastPass is quite open to scrutiny and what's important is how responsive they are to new findings -- very responsive, from everything I've ever seen. Including many findings from the author of the article.
By far the biggest problem with LastPass is that it sometimes just doesn't apply (or misapplies) the password or username to the appropriate form entries, and I have to go find it and copy it. Occasionally it also misses the saving of a new password (that it generated) and I have to put it in the vault by hand. I suspect this is a really hard problem given the massive variety of forms out there, but would be curious to hear if other password managers never have these issues.