Slashdot Mirror

Fortunately they don't have access to your unencrypted passwords.. https://lastpass.com/support.php?cmd=showfaq&id=1096

"AES utilizing 256-bit keys.AES-256 is accepted by the US Government for protecting TOP SECRET data. AES is implemented in JavaScript for the LastPass.com website, and in C++ for speed in the Internet Explorer and Firefox plug-ins.
This is important because your sensitive data is always encrypted and decrypted locally on your computer before being synchronized. Your master password never leaves your computer and your key never leaves your computer. No one at LastPass (or anywhere else) can decrypt your data without you giving up your password (we will never ask you for it). Your key is created by taking a SHA-256 hash of your password. When you login, we make a hash of your username concatenated with your password, and that hash is what's sent to verify if you can download your encrypted data."

https://lastpass.com/

In the meantime, check out https://lastpass.com/ - you get to use a single password to protect all of your other passwords. You can generate random ones, store the passwords in the cloud, so are accessible by you, anywhere. I cannot do justice here to the security and features offered.

Essentially you visit a site, and LastPass fills in the username/password for you.

Manage your online passwords with LastPass and generate an OTP to put in a safe deposit box and give the key to your attorney.

Cut out the safe deposit box for one less level of trust-noone and lower cost. Add safe deposit boxes in a chain to drive everybody crazy and increase the difficulty of compromise.

Wuala - http://wuala.com/

Like Dropbox, but with actual security - i.e, client side encryption. You can also share information with groups of others etc.

LastPass - http://lastpass.com/

Solves all password problems, and all you have to make sure is that the master password is accessible after your death. Like, in your will.

I found that lastpass works well for me. I use the same method you mentioned, memorizing a strong master password and then using the built-in password generator. It encrypts everything with your master password before uploading it to lastpass's servers. All encryption/decryption happens on your local machine, so lastpass.com cannot decrypt your passwords. The benefit to using lastpass is that you can use it on just about any browser on just about any operating system. It automatically syncs your passwords (in their encrypted form), so you can add a password on one computer and have it show up on another when you log into lastpass. I find this extremely useful, especially since my university requires me to change my password every 90 days! :( If you decide to switch, lastpass supports importing your passwords from a variety of other password managers, including 1Password.

Use a password manager like LastPass or KeePass, or, as I do, keep an encrypted file of your sites+logins+passwords.

You really need to manage your passwords. Reusing the same pass in multiple places is just a problem waiting to happen.

thought about getting Enterprise protection.

What, like LastPass?

oops, that is, they describe the password reset feature on their website http://helpdesk.lastpass.com/account-recovery/ and it's not a simple "confirm your identity and we'll e-mail you a new password" system

From their password recovery page (I checked since I was curious after you raised the point):

LastPass has added support for an optional way to store a disabled One Time Password (OTP) locally on your computer in case you forget your Master Password. This feature allows account recovery for those who want it without revealing your password to LastPass.

You can choose not to save this disabled One Time Password by launching Preferences from the LastPass icon menu, and selecting the Advanced tab. If you decide to disable the local OTP, your only recourse if your password hint doesn't help is to delete your account and start over. If you disable the preference after creating one, it causes the One Time Password to be deleted off LastPass' servers.

This makes it sound like they save the One Time Password on their server, and it decrypts a file stored only on your local PC that either contains your master password, or possibly as hash of it (I'm guessing at the implementation here). Or possibly it saves a keyfile to your PC that decrypts a separate (and separately encrypted) copy of your data.

What does seem clear is that you are correct in so far as they CANNOT decrypt your stored passwords themselves. If you don't have that One Time Password file on your PC, there is no recovering your account.

And here is the actual text, for those of you trying to avoid irony in your diet.

Update 2, 2:15pm EST:

Record traffic, plus a rush of people to make password changes is more than we can currently handle.

We're switching tactics -- if you've made the password change already we'll handle you normally.

If you haven't the vast majority of you will be logged in using 'offline' mode so you can still use LastPass like normal and get back to your day, only syncing of new password should suffer (and you'll see the bar).

As load lowers we'll increase the percentage of people being sent through email validation / password changing.

For people experience problems please email us at support@lastpass.com -- we have seen a few reports of bogus data post change, we think this is due to you downloading a stale copy and if you go to LastPass Icon -> Clear Local Cache and try again it should work.

You can access your data via LastPass in offline mode or by downloading LastPass Pocket : https://lastpass.com/misc_download.php (choose your OS)

They just got slasdotted, efuct, dugg, and twitter bombed all at once. Read more.

Lastpass released this information yesterday and they did not state that they were hacked as the submitter does nor do they state that they were probably hacked as the article does. They stated that there was a mismatch in the amount of traffic between some of the servers and that whenever this occurs, they do an investigation, which usually turns out to be nothing. They felt it was probably nothing, but since they were unable to (so far) determine exactly what accounted for the difference in data transfers, they wanted to take the safe road and enforce a password change on all accounts.

ORIGINAL LASTPASS STATEMENT FROM MAY 4TH
(source: http://blog.lastpass.com/2011/05/lastpass-security-notification.html)

We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.

We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.

If you have a strong, non-dictionary based password or pass phrase, this shouldn't impact you - the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that's immune to brute forcing.

To counter that potential threat, we're going to force everyone to change their master passwords. Additionally, we're going to want an indication that you're you, by either ensuring that you're coming from an IP block you've used before or by validating your email address. The reason is that if an attacker had your master password through a brute force method, LastPass still wouldn't give access to this theoretical attacker because they wouldn't have access to your email account or your IP.

We realize this may be an overreaction and we apologize for the disruption this will cause, but we'd rather be paranoid and slightly inconvenience you than to be even more sorry later.

We're also taking this as an opportunity to roll out something we've been planning for a while: PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. We'll be rolling out a second implementation of it with the client too. In more basic terms, this further mitigates the risk if we ever see something suspicious like this in the future. As we continue to grow we'll continue to find ways to reduce how large a target we are.

For those of you who are curious: we don't have very much data indicating what potentially happened and what attack vector could have been used and are continuing to investigate it. We had our asterisk phone server more open to UDP than it needed to be which was an issue our auditing found but we couldn't find any indications on the box itself of tampering, the database didn't show any changes escalating anyone to premium or administrators, and none of the log files give us much to go on.

We don't have a lot that indicates an i

Note: This is taken from http://blog.lastpass.com/2011/05/lastpass-security-notification.html

***f****f****f******f******f**f**f*f*******f******f*f**f******f******f********
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.

We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.

If you have a strong, non-dictionary based password or pass phrase, this shouldn't impact you - the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that's immune to brute forcing.

To counter that potential threat, we're going to force everyone to change their master passwords. Additionally, we're going to want an indication that you're you, by either ensuring that you're coming from an IP block you've used before or by validating your email address. The reason is that if an attacker had your master password through a brute force method, LastPass still wouldn't give access to this theoretical attacker because they wouldn't have access to your email account or your IP.

We realize this may be an overreaction and we apologize for the disruption this will cause, but we'd rather be paranoid and slightly inconvenience you than to be even more sorry later.

We're also taking this as an opportunity to roll out something we've been planning for a while: PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. We'll be rolling out a second implementation of it with the client too. In more basic terms, this further mitigates the risk if we ever see something suspicious like this in the future. As we continue to grow we'll continue to find ways to reduce how large a target we are.

For those of you who are curious: we don't have very much data indicating what potentially happened and what attack vector could have been used and are continuing to investigate it. We had our asterisk phone server more open to UDP than it needed to be which was an issue our auditing found but we couldn't find any indications on the box itself of tampering, the database didn't show any changes escalating anyone to premium or administrators, and none of the log files give us much to go on.

We don't have a lot that indicates an issue occurred but it's prudent to assume where there's smoke there could be fire. We're rebuilding the boxes in question and have shut down and moved services from them in the meantime. The source code running the website and plugins has been verified against our source code repositories, and we have further determined from offline snapshots and cryptographic hashes in the repository that there was no tampering with the repository itself.

Again, we apologize for the inconvenience caused and will continue to take every precaution in protecting user data.

The LastPass Team.

UPDATE 1: We're overloaded handling support and

With so simple it's stupid services like LastPass, I really don't understand how people still can't use unique passwords. For christ's sake, using LastPass is EASIER than using 1 common password, because it auto logs in. I really don't get people. Then again, with so simple it's obvious backup services like Carbonite, you'd think everyone would be backing up, too. Fat chance there.

I've got and have been running for quite some time, an "SSO" of sorts, that meets and exceeds all of your requirements...

1: It has the ability to have two factor authentication. In fact, there's several methods of 2 factor authentication, and I think some can be chained (but not sure about that last point). It doesn't support SecurID tokens, but it supports other similar tokens, and has planned support for others. I believe SMS and similar ideas have been floated, but its a small company, running on almost no income, so I'm not sure about that.

2: It ensures that the site that is asking for information is genuine, as a matter of how its implemented. A user would have to go out of their way, to put their information in, and bypass this protection.

3: It has the ability to backup your data, tokens, and similar. You can also store a one time password for a single simple recovery. As a consequence of being able to backup your data, it allows relatively easy migration between other similar providers.

4: It has exceptional password and data storage. Everything is encrypted. They can't even see the hash, or unencrypted data. All they see is the encrypted data. A consequence of this, is they cannot recover your data, and the onus is on you (see point 3), to backup and ensure you can recover your own password. It's as good as TrueCrypt's mechanism (from what I read).

5: Okay, they fail here. I don't believe there is any vetting of their security system, but since most of it is client side, technically anyone can analyse it. You'll see exactly what is sent to and from them, using each of the mechanisms you use. Their weakest mechanism is the website which could be prone to a man in the middle attack. They aren't FIPS compliant, though from what I've read, this is a good thing, as a lot of the FIPS standards are lower than they could be. As for the data center, well you know exactly what they store (if you want) so you know all data in that data centre is relatively useless. Except if they took it over and re-wrote their code, then got us to use it. Basically, only the most insane (or government run) attack on the data center might work.

6: They use SSL (and more, as above) with their authentication process, and they use the regular authentication process of the other providers, which could mean SSL. Also, if one site is broken, and you're maintaining good practices (which they give you a tool to audit yourself with), then that won't affect the other sites.

7: Not sure about this one.

8: They don't have this, but its addressed through other mechanisms, and as you've seen, they got this angle covered.

9: They can store your password with (possibly) unlimited length, but they are bound by the password length of the other services.

10: There aren't third party logins, so one site cannot access another site (without some other mechanism). So the default state is turned off.

11: It allows multiple accounts/personalities, so when you go to a site with multiple accounts, it prompts you with which one you want to login with.

Additionally, it's decentralized, I'm in complete control of it (well, reasonably in control of it), it can store offline passwords, it can store other information and they have so far rapidly responded to problems/help. I lodged a problem the other day, and it was fixed today. I was quite impressed.

It's not an SSO per se, it's LastPass. It's essentially SSO, without giving them too much control, allows me to maintain large complex passwords (extreme entropy, 20+ characters long, upper case, lower case, extended characters, etc). It also has an audit tool to give you an idea on your security strength.

Quite frankly, when I searched around for this (there's several other providers, and OSS solutions), I found this was the best service, and have been continually amazed with it. It changed my security immensely!

Seriously, this SSO idea above, is fucking retarded in comparison.

Good password/account management starts at home (or more so, client side)!

What alternative do you propose?

LastPass

Should had been the government. Anyway, I reminded myself that (I thought) some browsers offered this functionality of their own to. And if you trust your government to hold your keys why not your browser vendor?

http://lastpass.com/

Maybe Opera wasn't stupid enough to do it online:
http://www.opera.com/link/
Maybe Apple Safari with MobileMe doesn't either.
Chrome?

Oh well, atleast there was a solution for people who really want to.

Not a problem actually:

http://www.lastpass.com/ does ALL this.

PCs, Browsers, OSs, Phones, hell they even do One Time passwords if you like!

Very good software!

I just use different passwords everywhere, and track 'em in a database here. Most sites let you stay logged in, plus the browser remembers a lot of them, so it's really very little trouble. And the benefit - that a hack on one site doesn't compromise any other... that's worth a lot. Especially if you're doing *any* financial stuff on the net.

I used to to the same thing. I combined it with "tiered" passwords, ie a financial password, a super strong password, a medium level password, and a throwaway that my friends and family know. For other sites, I basically lived by the "Password Reset" feature and the browser's password manager.

Then I started listening to Security Now, and Steve Gibson just kept going on and on about how awesome LastPass is, so after hearing it for a few weeks I decided to check it out. I fiddled with it for a few hours and started converting pretty much everything over to it. It's fully encrypted (ie. lose your master password without designating a "Master" computer to hold on to a decryption key, and you're screwed) and has plugins for every major browser, works on Mac/Windows/Linux, and they've got iPhone, Android, and Blackberry apps. It's very slick, and of course, since password storage is centralized, you don't have to worry about syncing a USB stick or whatever. That was the only thing that kept me from implementing KeePass or Roboform.

I suggest you try it. I probably couldn't live without it now.

Wow, leaving aside the stupidity and inconvenience of using maps as passwords (sure, there's enough entropy, but shoulder-looking kills it, and it would take much longer to enter a password than with a text-based one), the entire article seems to centre around the concept that this will solve the "multiple passwords" problem.

"Online passwords are tedious, and it seems like too many websites require one" ... "I hate creating a new password for every website where I keep even a scrap of personal information". Seems like the two issues are entirely orthogonal. How is this going to help you with that problem? Either you're going to have to remember dozens of map locations for dozens of websites (same as passwords now), or you're going to have just one location for all sites, and be vulnerable to the same problem as having one password.

My solution is to use SuperGenPass, so I have one master password, but it generates a different password for each site, without storing passwords anywhere. There's also LastPass, which I haven't used, but it looks like a nice strong client-side-encrypted cloud-stored password database.

Try using http://lastpass.com/ for Chrome passwords - it encrypts the passwords on disk (of course), has a lot more features, and is a cross-browser plugin for Firefox, IE, Safari as well as Chrome, on Windows/Mac/Linux etc. It also has paid-for versions for iPhone, Android, etc, and syncs the passwords to the cloud.

I prefer to remember one passphrase that unlocks them all.

I used to use Lastpass.
Its secure; your passwords are encrypted & decrypted client side, and you can use a unique terrible to remember password for each site.

The downside is that your master password must be very secure because it becomes the single attack surface, and without web access or your password dictionary file you loose access to your passwords.

I now use HMAC w/ SHA1 using a master passphrase as the 'key' and the domain name as the 'message' for my passphrase (truncated for limited length password fields).
I only have to remember one password, and every site gets a different secure password.
Since I can do this calculation via my computer, JS bookmarklet, on my phone, or even my TI calculator I'm never without my passwords even when I'm offline.

You could also look at LastPass - http://lastpass.com/ - which works very well across Windows/Mac/Linux, Firefox, Chrome, Safari, etc, and on many mobile phones as well. Quite well designed and mature, and can be used offline though it's a browser addon, and syncs your password data to/from the cloud automatically, but also supports export to various formats if the cloud goes away. Now has a feature to manage non-browser passwords as well.

I'm still confused as to whether you've looked into this or not. The answers to what I think you're asking is AES-256 and hash(pw+salt).

Again, if you know something not explained either in text or by studying the code feel free to let everyone else know :) Else I don't really understand what you're after.

https://lastpass.com/support_faqs.php#aes
https://lastpass.com/support_faqs.php#salt

(That the above is true can be verified by looking at the JS sent to the client. Whether the salt is random or not might be interesting to look at - was that your point?)

I'm still confused as to whether you've looked into this or not. The answers to what I think you're asking is AES-256 and hash(pw+salt).

Again, if you know something not explained either in text or by studying the code feel free to let everyone else know :) Else I don't really understand what you're after.

https://lastpass.com/support_faqs.php#aes
https://lastpass.com/support_faqs.php#salt

(That the above is true can be verified by looking at the JS sent to the client. Whether the salt is random or not might be interesting to look at - was that your point?)

To wit:

Correct. http://lastpass.com/ [lastpass.com] is one of very few cloud services that actually understands that for me to have trust in them they must design the infrastructure accordingly.

and

Feel free to study how it works before replying ;) They have all my passwords - encrypted. They cannot decrypt them.

My question:

Eliminating any and all information from lastpass.com or an associate, how do you know your position is grounded in fact?

Correct. http://lastpass.com/ is one of very few cloud services that actually understands that for me to have trust in them they must design the infrastructure accordingly.

There ought to be more than a few people at Slashdot working with cloud companies. I'd love to hear some explanations as to why they believe "oh don't worry, your data can only be seen by our admins and we trust them!" should satisfy the needs of a large corporation :)

Two gifts, first I give you LastPass, and second Yubico and their YubiKey product. LastPass coincidentally supports the Yubikey (if you pay the $12/year for the premium service).

Talking about passwords and LastPass is not in a Score 5 comment is insane.

Used several password solutions over the year like a password like SlashDotIsGod*****, where ***** is something unique about the site like first 5 chars of the web address. That way you don't have to remember really long unique passwords but still have a long unique password for every place.
After that I tried KeePass and others like it. The bad thing is that if I go away from my computer I have to sync it to a USB stick. And in some places you cant use it (like public libraries, iPhone).
So I found LastPass. And its insane how easy my life has become. It can auto fill (and auto login) on sites, it automatically recognize forms and logins. It works in multiple browsers, IE, FF, Chrome. And if you cant have a plugin you can access it by a webpage to receive the passwords.

It's extremely easy to use but still as powerful as any other solution. Even my mother, that cant remember from one day to another if instructed how to do things on a computer, can use it. Still I have it to generate 12-20 long passwords (depending on place) with numbers, special chars if needed.

I just sync the passwords to my KeePass once in the while to be on the safe side (never trust a single point of failure).

For a ton of more information visit lastpass.com

Agreed. 1Password, if you need Mac OSX only, is the bomb. It has a polished feel, handles generation of passwords for different sites with different size/character requirements with ease, lets you know how secure your existing and new passwords are, and allows you to sync between other OSX machines using Dropbox. For those with Windows boxes, there are other options. I can easily export my passwords from 1Password and import them using LastPass https://lastpass.com/ (Free), but that's only for my wife who uses my passwords occasionally, and it would suck for normal day to day use. So, if you have OS X only, 1Password is fantastic. If not, there are a few other options that are cross platform and will do the job. Writing them down seems like a bad idea.

http://www.passpack.com/en/home/
http://www.clipperz.com/
https://lastpass.com/