Living With Passwords: Personal Password Management

Confraria InfoSec Living With Passwords:

Personal Password Management23/02/2011

SAPO Websecurity Team

Summary

2

• Mo;va;on

• Today’s scenario

• Alterna;ves-‐ Non-‐electronic-‐ Limited-‐ Password Managers

• Two-‐Factor Authen;ca;on-‐ SoHware Tokens-‐ Hardware Tokens

• Trends

Summary:


Motivation > Lots of accounts compromised

3


Motivation > People Reuse Passwords

4

• Password Sharing: 73% of users share passwords that are used for online banking with at least one non-‐financial website.• Username / Password Sharing: 42% of users share both their username and password with at least one non-‐financial website

in Reusing Login Creden.als, Security Advisor, February 2010, Trusteer Inc.Study on 4M PCs


Today

5

• Weak password and reused in different sites

• Strong password but reused in different sites

• Weak password but different from other sites

• Strong password for criFcal sites, Weak password for other sites

• Strong or weak password and basic derivaFons on other sites

Typical choice of passwords on the Web:

SAPO Websecurity Team Confraria InfoSec

Today

6

Can we memorize hundreds of strong passwords?


Today

7

No way!


Today

8

So what can we do?


Alternatives to memorizing multiple passwords?

9

• Non-‐electronic-‐ Post-‐it-‐ Password Cards

• Limited adopFon-‐ OpenID / OAuth (Facebook, TwiQer, Google, SAPO)-‐ Smart card

• Password Managers:-‐ Local (examples):

‣ PGP File on Disk‣ Mac Keychain‣ Password Safe

-‐ Stateless (examples):‣ SuperGenPass

-‐ Remote (examples):‣ LastPass‣ 1Password + Dropbox

SAPO Websecurity Team 10

Post-‐it

• More secure than memorizing weak passwords

• Not prac;cal at all• Difficult to check and type passwords when

there’re people around

User can write passwords on a piece of paper, prefixed and sufixed with random chars, and keep it in his/her wallet

Pros:

Cons:

Alternatives > Post-it

“Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.”

in Schneier on Security, Bruce Schneier, Jun 2005

123456


Password Cards

Pros:

Cons:

• More secure than post-‐it if stolen

• Not prac;cal• Might be difficult to use because of

password policies• User s;ll needs to memorize some

informa;on for each site

User keeps the password card in his/her wallet and all he/she does it remember a combina;on of a symbol and a color per site... and direc;on and length!

Alternatives > Password Cards


OpenID

Pros:

Cons:

• Users don’t need to remember mul;ple passwords

• Sites don’t know users’ passwords• Users can change provider and s;ll

maintain digital iden;ty• Allows mul;ple authen;ca;on

mechanisms

• Limited to the subset of sites that support OpenID

• If the provider is down you can’t authen;cate*

Open standard that describes how users can be authen;cated in a decentralized manner, allowing users to consolidate their digital iden;;es

Alternatives > OpenID


OAuth basedUse popular sites (Facebook, TwiQer, SAPO) as authen;cators to other sites, just like OpenID.

Alternatives > OAuth based

Similar Pros&Cons of OpenID


Smart Cards

Pros:

Cons:

• Good security offered• Even beQer when used as

3-‐factor authen;ca;on

• Not very prac;cal• Only a very limited number of sites

support SSL Client cer;ficates• May provide a false sense of security

Some sites allow you to use SSL Client cer;ficates as a mean of authen;ca;on. Cer;ficates can be stored in a Smart Card.

Alternatives > Smart Cards


Password Managers

Pros:

Cons:

• easy to use• prac;cal• enable you to use strong and

different passwords across sites

• If a hacker breaks your password manager, ALL your passwords are compromised!

Use a password manager to manage all your passwords instead of trying to memorize them all

Alternatives > Password Managers

• Local• Stateless• Remote

Types (we will provide examples of each):


PGP Encrypted File on Disk

Pros:

Cons:

• It seems preQy secure

• Not for everyone• Hard to maintain• If you need a password and you

don’t have your computer with you..

Not really a password manager, but the user can keep all his/hers passwords in one file that is encrypted with PGP.

Alternatives > Password Managers > Local > PGP File


MacOSX Keychain

Pros:

Cons:

• Integrated with the opera;ng system, thus easy and prac;cal to use

• Secure• You can unlock your keychain with a

smart card

• If you need a password and you don’t have your computer with you..

• Only MacOSX is supported

OS-‐wise password manager. Can sync keychain’s data with other computers.

Alternatives > Password Managers > Local > MacOSX Keychain


Password Safe

Pros:

Cons:

• Secure• GUI to manage passwords

• If you need a password and you don’t have your computer with you..

• Only MS-‐Windows is supported

Similar to PGP Encrypted File in terms of func;onality but has a GUI.

Alternatives > Password Managers > Local > Password Safe


SuperGenPass

Pros:

Cons:

• Simple Idea, simple to use• Very Prac;cal, easy to use when you don’t

have access to your computer

• Prone to XSS aQacks!

SuperGenPass is a simple bookmarklet that computes your site’s password.No one knows your passwords. Site’s password =10x MD5(yourMasterSecret:domainURL).

Alternatives > Password Managers > Stateless > SuperGenPass


Alternatives > Password Managers > Remote

Remote Password Managers


• Server is not aware of your encryp;on key

• Data is stored on server in encrypted form and encrypted/decrypted locally (using JS or browser extension)

• Device synchroniza;on

• Mul;plahorm support

• Import and export func;onality

• Mul;-‐factor authen;ca;on (OTPs, Yubikey, Grid, among others)

• Phishing mi;ga;on

LastPass Features:

Alternatives > Password Managers > Remote > LastPass


Login

Alternatives > Password Managers > Remote > LastPass > Usage


Saving a site



Site login



Looking deeper:

• The login process;

• Adding a site;

• Risks related to implementaFon;

• Major threats;

• Advantages.



Looking deeper -‐ The login process

Alternatives > Password Managers > Remote > LastPass > Details


Looking deeper -‐ The login process

Parameter Value Opera[on

username [email protected] user

hash 0f4ca0edff9ac0436c9c161565c7bff0654aa67e412578e5294a245d971d91cb SHA256(master_key + password)

encrypted_username, requesthash

Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSNmiTNzk= B64(AES256_ECB(master_key, PKCS7(user)))

lostpwotphash dafb156eb7e0c3aa23a47c90a70350b54ce649c9a9e6ee6670f64110dc783778 SHA256(user + recovery_key)

u e548f6d1a533d298102519aed86ef186b3d3b9f4b0d3c7c1c20cc8072771ce3d SHA256(user)

• user = “[email protected]”• password = “pwd123456”• master_key = SHA256(user + password)• rand_n = RAND(128b)• recovery_key = SHA256(user + rand_n)• encrypted_master_key = AES256_ECB(recovery_key, master_key)


mailto:[email protected]





Looking deeper -‐ Adding a site



Looking deeper -‐ Adding a site

Parameter Value Opera[on

url 68747470733a2f2f747769747465722e636f6d2f HEX(“hfps://twifer.com/”)

name iiFFsmFqWzhZEzz4WdqFsQ== B64(AES256_ECB(master_key, PKCS7(“twifer.com”)))

username VXu4hWF75MFuA1XiaAUp/g== B64(AES256_ECB(master_key, PKCS7(“someaccount”)))

password 8ISq2uZ6HHHkgaPNPzTDDs2sqi+erKc65snJce/0V2s=

B64(AES256_ECB(master_key, PKCS7(“NS3ptHQcvwEkCX6NK9uJeKOstLWbN4Mf”)))

requesthash Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSNmiTNzk= B64(AES256_ECB(master_key, PKCS7(user)))

• user = “[email protected]”• password = “pwd123456”• master_key = SHA256(user + password)


https://twitter.com

https://twitter.com




Looking deeper -‐ Risks related to implementa[on

• The URL is stored in plaintext;

• Form field names are stored in plaintext;

• AES is being used in ECB mode. The same input always generates the same output...

• Key derivaFon should be improved (e.g. using PBKDF2)“That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.”

• Beware of the “create an OTP for recovery opFon”;

• Third-‐party security assessment sFll pending.



Looking deeper -‐ Major threats

• Master password thea;

• Trojan installed in host may compromise all passwords at once.



Prac[cal• One password to remember;

• Integrated with the browser;• Synchronizes credenFals across devices.

Open• Client-‐side source code is available.

Secure• Very effecFve in Gawker-‐style aeacks (password containment);

• Can be paired with addiFonal authenFcaFon factors;• Passwords are stored in encrypted form, both locally and remotely.


Pros:

SAPO Websecurity Team Confraria InfoSec 34

Two-‐Factor Authen[ca[on

Two-Factor Authentication


Some Examples

Pros:

Cons:

• More secure than single-‐factor:)

• Not very prac;cal• May provide a false sense of security• Typically a closed market (vendors

rip you off!)

• Smart cards• SoHware OTP Tokens:

-‐ Google Authen;cator-‐ Verisign VIP

• Hardware OTP Tokens:-‐ Yubikey-‐ CryptoCard-‐ RSA SecureID

Two-Factor Auth > Examples


Google Authen[cator

Pros:

Cons:

• Free! :)• No need to carry extra devices• You can use it in your own systems (using a PAM

Module or integra;ng it with RADIUS)

• Concerns related to security of the device• Your baQery may die when you most need an OTP• You lose some ;me to generate an OTP

Two-Factor Auth > Google Authenticator

Supports HOTP (event-‐based) and TOTP (;me-‐based) codes. Key provisioning via scanning a QR code.


Two-Factor Auth > Yubikey > What is it?

37

• The Yubikey is a small USB token which acts as a regular keyboard. It can generate StaFc Passwords and One Time Passwords.

What is it?


• The Yubikey can be provisioned with a staFc password with up to 64 chars. This password can be used with applicaFons/services that do not support OTPs. You should use an addiFonal password!

Sta[c Passwords

One Time Passwords

• Two different One Time Password standards are supported: event-‐based HOTP and Yubikey-‐style OTPs.

• HOTP is a beeer known standard, but it is more limited due to usability concerns (smaller OTP, sync issues, etc.).

• The Yubikey OTP standard leverages the fact that the Yubikey inputs the OTPs for you.

Two slots• Short-‐press for slot 1; Long-‐press for slot 2 (3 secs);

Drivers• Any OS with USB-‐keyboard support. It even works during boot (useful for,

e.g., whole-‐disk encrypFon soluFons such as PGP-‐WDE and TrueCrypt).

Two-Factor Auth > Yubikey > How does it work?


Yubico OpenID (hfp://openid.yubico.com)

Two-Factor Auth > Yubikey > Where does it work?

http://www.lastpass.com



Lastpass (hfp://www.lastpass.com)





Laptop (hfp://127.0.0.1)

One Time Password Sta;c Password





Inner workings

Two-Factor Auth > Yubikey > Details


Protocol afacks• Generated OTPs consist of unique 128 bit blocks encrypted with a shared

AES key between Token and Server. Protocol security depends on the security strength of the AES algorithm.

Two-Factor Auth > Yubikey > Security Threats


Server afacks

• An authenFcaFon server stores symmetric keys for all Token and is a single point of failure. This can be miFgated with tamper-‐proof HSMs and user passwords;

• A DoS aeack on the server will result in users not being able to log in.



User afacks• Social engineering;

• Phishing;• “Borrowing” the Token.



Host afacks• Soaware key extracFon (very hard to exploit);

• Man-‐in-‐the-‐browser.



• Hardware key extracFon and Token duplicaFon.Hardware afacks



Prac[cal• No drivers necessary

• Types the key for you

Open• Open standard and infrastructure

• Soaware released under permissive license• Extensible (PIN opFon)

• No license required per token

Secure• Provides an addiFonal authenFcaFon factor

• OTP generaFon requires manual intervenFon

Affordable• Around 10€ if purchased in larger quanFFes

Two-Factor Auth > Yubikey > Advantages

SAPO Websecurity Team Confraria InfoSec 49

Trends

Future


Trends

Two-‐factor Authen[ca[on is geong Popular:


Trends

NFC starts to be a hype:In “How Apple and Google will kill the password”, Computerworld, Jan 2011:


The End

52

Ques[ons?

Nuno Loureiro <[email protected]> João Poupino <[email protected]>





Living With Passwords: Personal Password Management

Technology

Transcript of Living With Passwords: Personal Password Management