The document discusses the challenges of password management, highlighting the common practice of password reuse and the risks associated with it. It presents various alternatives for managing passwords, such as non-electronic methods, password managers, and two-factor authentication options. Additionally, it emphasizes the importance of using strong, unique passwords for different sites while also addressing the security implications of each method.

1. Confraria InfoSec
Living With Passwords:
Personal Password Management
23/02/2011

2. Summary
Summary: •
Mo;va;on
•
Today’s
scenario
•
Alterna;ves
-­‐
Non-­‐electronic
-­‐
Limited
-­‐
Password
Managers
•
Two-­‐Factor
Authen;ca;on
-­‐
SoHware
Tokens
-­‐
Hardware
Tokens
•
Trends
SAPO
Websecurity
Team 2

3. Motivation > Lots of accounts compromised
SAPO
Websecurity
Team 3

4. Motivation > People Reuse Passwords
•
Password
Sharing:
73%
of
users
share
passwords
that
are
used
for
online
banking
with
at
least
one
non-­‐financial
website.
•
Username
/
Password
Sharing:
42%
of
users
share
both
their
username
and
password
with
at
least
one
non-­‐financial
website
Study
on
4M
PCs in
Reusing
Login
Creden.als,
Security
Advisor,
February
2010,
Trusteer
Inc.
SAPO
Websecurity
Team 4

5. Today
Typical
choice
of
passwords
on
the
Web:
• Weak
password
and
reused
in
different
sites
• Strong
password
but
reused
in
different
sites
• Weak
password
but
different
from
other
sites
• Strong
password
for
criFcal
sites,
Weak
password
for
other
sites
• Strong
or
weak
password
and
basic
derivaFons
on
other
sites
SAPO
Websecurity
Team 5

6. Today
Can
we
memorize
hundreds
of
strong
passwords?
SAPO
Websecurity
Team Confraria
InfoSec 6

7. Today
No
way!
SAPO
Websecurity
Team Confraria
InfoSec 7

8. Today
So
what
can
we
do?
SAPO
Websecurity
Team Confraria
InfoSec 8

9. Alternatives to memorizing multiple passwords?
• Non-­‐electronic
-­‐ Post-­‐it
-­‐ Password
Cards
• Limited
adopFon
-­‐ OpenID
/
OAuth
(Facebook,
TwiQer,
Google,
SAPO)
-­‐ Smart
card
• Password
Managers:
-­‐ Local
(examples):
‣ PGP
File
on
Disk
‣ Mac
Keychain
‣ Password
Safe
-­‐ Stateless
(examples):
‣ SuperGenPass
-­‐ Remote
(examples):
‣ LastPass
‣ 1Password
+
Dropbox
SAPO
Websecurity
Team 9

10. Alternatives > Post-it
Post-­‐it
User
can
write
passwords
on
a
piece
of
paper,
prefixed
and
sufixed
with
random
chars,
and
keep
it
in
his/her
wallet
Pros:
• More
secure
than
memorizing
weak
passwords
12345
6
Cons:
• Not
prac;cal
at
all
• Difficult
to
check
and
type
passwords
when
there’re
people
around
“Simply, people can no longer remember passwords good enough to reliably defend against dictionary
attacks, and are much more secure if they choose a password too complicated to remember and then
write it down. We're all good at securing small pieces of paper. I recommend that people write their
passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper:
in their wallet.”
in
Schneier
on
Security,
Bruce
Schneier,
Jun
2005
SAPO
Websecurity
Team 10

11. Alternatives > Password Cards
Password
Cards
User
keeps
the
password
card
in
his/her
wallet
and
all
he/she
does
it
remember
a
combina;on
of
a
symbol
and
a
color
per
site...
and
direc;on
and
length!
Pros:
• More
secure
than
post-­‐it
if
stolen
Cons:
• Not
prac;cal
• Might
be
difficult
to
use
because
of
password
policies
• User
s;ll
needs
to
memorize
some
informa;on
for
each
site
SAPO
Websecurity
Team 11

12. Alternatives > OpenID
OpenID
Open
standard
that
describes
how
users
can
be
authen;cated
in
a
decentralized
manner,
allowing
users
to
consolidate
their
digital
iden;;es
Pros:
• Users
don’t
need
to
remember
mul;ple
passwords
• Sites
don’t
know
users’
passwords
• Users
can
change
provider
and
s;ll
maintain
digital
iden;ty
• Allows
mul;ple
authen;ca;on
mechanisms
Cons:
• Limited
to
the
subset
of
sites
that
support
OpenID
• If
the
provider
is
down
you
can’t
authen;cate*
SAPO
Websecurity
Team 12

13. Alternatives > OAuth based
OAuth
based
Use
popular
sites
(Facebook,
TwiQer,
SAPO)
as
authen;cators
to
other
sites,
just
like
OpenID.
Similar
Pros&Cons
of
OpenID
SAPO
Websecurity
Team 13

14. Alternatives > Smart Cards
Smart
Cards
Some
sites
allow
you
to
use
SSL
Client
cer;ficates
as
a
mean
of
authen;ca;on.
Cer;ficates
can
be
stored
in
a
Smart
Card.
Pros:
• Good
security
offered
• Even
beQer
when
used
as
3-­‐factor
authen;ca;on
Cons:
• Not
very
prac;cal
• Only
a
very
limited
number
of
sites
support
SSL
Client
cer;ficates
• May
provide
a
false
sense
of
security
SAPO
Websecurity
Team 14

15. Alternatives > Password Managers
Password
Managers
Use
a
password
manager
to
manage
all
your
passwords
instead
of
trying
to
memorize
them
all
Types
(we
will
provide
examples
of
each):
•
Local
•
Stateless
•
Remote
Pros:
• easy
to
use
• prac;cal
• enable
you
to
use
strong
and
different
passwords
across
sites
Cons:
• If
a
hacker
breaks
your
password
manager,
ALL
your
passwords
are
compromised!
SAPO
Websecurity
Team 15

16. Alternatives > Password Managers > Local > PGP File
PGP
Encrypted
File
on
Disk
Not
really
a
password
manager,
but
the
user
can
keep
all
his/hers
passwords
in
one
file
that
is
encrypted
with
PGP.
Pros:
• It
seems
preQy
secure
Cons:
• Not
for
everyone
• Hard
to
maintain
• If
you
need
a
password
and
you
don’t
have
your
computer
with
you..
SAPO
Websecurity
Team 16

17. Alternatives > Password Managers > Local > MacOSX Keychain
MacOSX
Keychain
OS-­‐wise
password
manager.
Can
sync
keychain’s
data
with
other
computers.
Pros:
• Integrated
with
the
opera;ng
system,
thus
easy
and
prac;cal
to
use
• Secure
• You
can
unlock
your
keychain
with
a
smart
card
Cons:
• If
you
need
a
password
and
you
don’t
have
your
computer
with
you..
• Only
MacOSX
is
supported
SAPO
Websecurity
Team 17

18. Alternatives > Password Managers > Local > Password Safe
Password
Safe
Similar
to
PGP
Encrypted
File
in
terms
of
func;onality
but
has
a
GUI.
Pros:
• Secure
• GUI
to
manage
passwords
Cons:
• If
you
need
a
password
and
you
don’t
have
your
computer
with
you..
• Only
MS-­‐Windows
is
supported
SAPO
Websecurity
Team 18

19. Alternatives > Password Managers > Stateless > SuperGenPass
SuperGenPass
SuperGenPass
is
a
simple
bookmarklet
that
computes
your
site’s
password.
No
one
knows
your
passwords.
Site’s
password
=10x
MD5(yourMasterSecret:domainURL).
Pros:
• Simple
Idea,
simple
to
use
• Very
Prac;cal,
easy
to
use
when
you
don’t
have
access
to
your
computer
Cons:
• Prone
to
XSS
aQacks!
SAPO
Websecurity
Team 19

20. Alternatives > Password Managers > Remote
Remote
Password
Managers
SAPO
Websecurity
Team 20

21. Alternatives > Password Managers > Remote > LastPass
LastPass
Features:
• Server
is
not
aware
of
your
encryp;on
key
• Data
is
stored
on
server
in
encrypted
form
and
encrypted/decrypted
locally
(using
JS
or
browser
extension)
• Device
synchroniza;on
• Mul;plahorm
support
• Import
and
export
func;onality
• Mul;-­‐factor
authen;ca;on
(OTPs,
Yubikey,
Grid,
among
others)
• Phishing
mi;ga;on
SAPO
Websecurity
Team 21

22. Alternatives > Password Managers > Remote > LastPass > Usage
Login
SAPO
Websecurity
Team 22

23. Alternatives > Password Managers > Remote > LastPass > Usage
Saving
a
site
SAPO
Websecurity
Team 23

24. Alternatives > Password Managers > Remote > LastPass > Usage
Saving
a
site
SAPO
Websecurity
Team 24

25. Alternatives > Password Managers > Remote > LastPass > Usage
Site
login
SAPO
Websecurity
Team 25

26. Alternatives > Password Managers > Remote > LastPass
Looking
deeper:
• The
login
process;
• Adding
a
site;
• Risks
related
to
implementaFon;
• Major
threats;
• Advantages.
SAPO
Websecurity
Team 26

27. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-­‐
The
login
process
SAPO
Websecurity
Team 27

28. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-­‐
The
login
process
Parameter Value Opera[on
username hypnotoad@sapo.pt user
0f4ca0edff9ac0436c9c161565c7bff0654aa67
hash e412578e5294a245d971d91cb SHA256(master_key + password)
encrypted_username,
Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSN
B64(AES256_ECB(master_key,
PKCS7(user)))
miTNzk=
requesthash
dafb156eb7e0c3aa23a47c90a70350b54ce64
lostpwotphash 9c9a9e6ee6670f64110dc783778 SHA256(user
+
recovery_key)
e548f6d1a533d298102519aed86ef186b3d3b
u 9f4b0d3c7c1c20cc8072771ce3d
SHA256(user)
• user
=
“hypnotoad@sapo.pt”
• password
=
“pwd123456”
• master_key
=
SHA256(user
+
password)
• rand_n
=
RAND(128b)
• recovery_key
=
SHA256(user
+
rand_n)
• encrypted_master_key
=
AES256_ECB(recovery_key,
master_key)
SAPO
Websecurity
Team 28

29. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-­‐
Adding
a
site
SAPO
Websecurity
Team 29

30. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-­‐
Adding
a
site
Parameter Value Opera[on
url 68747470733a2f2f747769747465722e636f6d2f HEX(“hfps://twifer.com/”)
name iiFFsmFqWzhZEzz4WdqFsQ== B64(AES256_ECB(master_key,
PKCS7
(“twifer.com”)))
username VXu4hWF75MFuA1XiaAUp/g== B64(AES256_ECB(master_key,
PKCS7
(“someaccount”)))
8ISq2uZ6HHHkgaPNPzTDDs2sqi+erKc65snJce/ B64(AES256_ECB(master_key,
PKCS7
password 0V2s=
(“NS3ptHQcvwEkCX6NK9uJeKOstLWbN4Mf”)))
Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSNmiT
requesthash Nzk= B64(AES256_ECB(master_key,
PKCS7(user)))
• user
=
“hypnotoad@sapo.pt”
• password
=
“pwd123456”
• master_key
=
SHA256(user
+
password)
SAPO
Websecurity
Team 30

31. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-­‐
Risks
related
to
implementa[on
• The
URL
is
stored
in
plaintext;
• Form
field
names
are
stored
in
plaintext;
• AES
is
being
used
in
ECB
mode.
The
same
input
always
generates
the
same
output...
• Key
derivaFon
should
be
improved
(e.g.
using
PBKDF2)
“That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if
there are numbers and special characters in the password or the password is longer and much less time if the password is
all one case, subject to a dictionary attack, or is partially known.”
• Beware
of
the
“create
an
OTP
for
recovery
opFon”;
• Third-­‐party
security
assessment
sFll
pending.
SAPO
Websecurity
Team 31

32. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-­‐
Major
threats
• Master
password
thea;
• Trojan
installed
in
host
may
compromise
all
passwords
at
once.
SAPO
Websecurity
Team 32

33. Alternatives > Password Managers > Remote > LastPass
Pros:
Prac[cal
• One
password
to
remember;
• Integrated
with
the
browser;
• Synchronizes
credenFals
across
devices.
Open
• Client-­‐side
source
code
is
available.
Secure
• Very
effecFve
in
Gawker-­‐style
aeacks
(password
containment);
• Can
be
paired
with
addiFonal
authenFcaFon
factors;
• Passwords
are
stored
in
encrypted
form,
both
locally
and
remotely.
SAPO
Websecurity
Team 33

34. Two-Factor Authentication
Two-­‐Factor
Authen[ca[on
SAPO
Websecurity
Team Confraria
InfoSec 34

35. Two-Factor Auth > Examples
Some
Examples
•
Smart
cards
•
SoHware
OTP
Tokens:
-­‐
Google
Authen;cator
-­‐
Verisign
VIP
•
Hardware
OTP
Tokens:
-­‐
Yubikey
-­‐
CryptoCard
-­‐
RSA
SecureID
Pros:
• More
secure
than
single-­‐
factor:)
Cons:
• Not
very
prac;cal
• May
provide
a
false
sense
of
security
• Typically
a
closed
market
(vendors
rip
you
off!)
SAPO
Websecurity
Team 35

36. Two-Factor Auth > Google Authenticator
Google
Authen[cator
Supports
HOTP
(event-­‐based)
and
TOTP
(;me-­‐based)
codes.
Key
provisioning
via
scanning
a
QR
code.
Pros:
• Free!
:)
• No
need
to
carry
extra
devices
• You
can
use
it
in
your
own
systems
(using
a
PAM
Module
or
integra;ng
it
with
RADIUS)
Cons:
• Concerns
related
to
security
of
the
device
• Your
baQery
may
die
when
you
most
need
an
OTP
• You
lose
some
;me
to
generate
an
OTP
SAPO
Websecurity
Team 36

37. Two-Factor Auth > Yubikey > What is it?
What
is
it?
• The
Yubikey
is
a
small
USB
token
which
acts
as
a
regular
keyboard.
It
can
generate
StaFc
Passwords
and
One
Time
Passwords.
SAPO
Websecurity
Team 37

38. Two-Factor Auth > Yubikey > How does it work?
Sta[c
Passwords
• The
Yubikey
can
be
provisioned
with
a
staFc
password
with
up
to
64
chars.
This
password
can
be
used
with
applicaFons/services
that
do
not
support
OTPs.
You
should
use
an
addiFonal
password!
One
Time
Passwords
• Two
different
One
Time
Password
standards
are
supported:
event-­‐based
HOTP
and
Yubikey-­‐style
OTPs.
• HOTP
is
a
beeer
known
standard,
but
it
is
more
limited
due
to
usability
concerns
(smaller
OTP,
sync
issues,
etc.).
• The
Yubikey
OTP
standard
leverages
the
fact
that
the
Yubikey
inputs
the
OTPs
for
you.
Two
slots
• Short-­‐press
for
slot
1;
Long-­‐press
for
slot
2
(3
secs);
Drivers
• Any
OS
with
USB-­‐keyboard
support.
It
even
works
during
boot
(useful
for,
e.g.,
whole-­‐disk
encrypFon
soluFons
such
as
PGP-­‐WDE
and
TrueCrypt).
SAPO
Websecurity
Team 38

39. Two-Factor Auth > Yubikey > Where does it work?
Yubico
OpenID
(hfp://openid.yubico.com)
SAPO
Websecurity
Team 39

40. Two-Factor Auth > Yubikey > Where does it work?
Lastpass
(hfp://www.lastpass.com)
SAPO
Websecurity
Team 40

41. Two-Factor Auth > Yubikey > Where does it work?
Laptop
(hfp://127.0.0.1)
One
Time
Password Sta;c
Password
SAPO
Websecurity
Team 41

42. Two-Factor Auth > Yubikey > Details
Inner
workings
SAPO
Websecurity
Team 42

43. Two-Factor Auth > Yubikey > Security Threats
Protocol
afacks
• Generated
OTPs
consist
of
unique
128
bit
blocks
encrypted
with
a
shared
AES
key
between
Token
and
Server.
Protocol
security
depends
on
the
security
strength
of
the
AES
algorithm.
SAPO
Websecurity
Team 43

44. Two-Factor Auth > Yubikey > Security Threats
Server
afacks
• An
authenFcaFon
server
stores
symmetric
keys
for
all
Token
and
is
a
single
point
of
failure.
This
can
be
miFgated
with
tamper-­‐proof
HSMs
and
user
passwords;
• A
DoS
aeack
on
the
server
will
result
in
users
not
being
able
to
log
in.
SAPO
Websecurity
Team 44

45. Two-Factor Auth > Yubikey > Security Threats
User
afacks
• Social
engineering;
• Phishing;
• “Borrowing”
the
Token.
SAPO
Websecurity
Team 45

46. Two-Factor Auth > Yubikey > Security Threats
Host
afacks
• Soaware
key
extracFon
(very
hard
to
exploit);
• Man-­‐in-­‐the-­‐browser.
SAPO
Websecurity
Team 46

47. Two-Factor Auth > Yubikey > Security Threats
Hardware
afacks
• Hardware
key
extracFon
and
Token
duplicaFon.
SAPO
Websecurity
Team 47

48. Two-Factor Auth > Yubikey > Advantages
Prac[cal
• No
drivers
necessary
• Types
the
key
for
you
Open
• Open
standard
and
infrastructure
• Soaware
released
under
permissive
license
• Extensible
(PIN
opFon)
• No
license
required
per
token
Affordable
• Around
10€
if
purchased
in
larger
quanFFes
Secure
• Provides
an
addiFonal
authenFcaFon
factor
• OTP
generaFon
requires
manual
intervenFon
SAPO
Websecurity
Team 48

49. Future
Trends
SAPO
Websecurity
Team Confraria
InfoSec 49

50. Trends
Two-­‐factor
Authen[ca[on
is
geong
Popular:
SAPO
Websecurity
Team 50

51. Trends
NFC
starts
to
be
a
hype:
In
“How
Apple
and
Google
will
kill
the
password”,
Computerworld,
Jan
2011:
SAPO
Websecurity
Team 51

52. The End
Ques[ons?
Nuno
Loureiro
<nuno@co.sapo.pt> João
Poupino
<joao.poupino@co.sapo.pt>
SAPO
Websecurity
Team Confraria
InfoSec 52