Confraria InfoSec Living With Passwords: Personal Password Management 23/02/2011
May 12, 2015
Confraria InfoSec Living With Passwords:
Personal Password Management23/02/2011
SAPO Websecurity Team
Summary
2
• Mo;va;on
• Today’s scenario
• Alterna;ves-‐ Non-‐electronic-‐ Limited-‐ Password Managers
• Two-‐Factor Authen;ca;on-‐ SoHware Tokens-‐ Hardware Tokens
• Trends
Summary:
SAPO Websecurity Team
Motivation > Lots of accounts compromised
3
SAPO Websecurity Team
Motivation > People Reuse Passwords
4
• Password Sharing: 73% of users share passwords that are used for online banking with at least one non-‐financial website.• Username / Password Sharing: 42% of users share both their username and password with at least one non-‐financial website
in Reusing Login Creden.als, Security Advisor, February 2010, Trusteer Inc.Study on 4M PCs
SAPO Websecurity Team
Today
5
• Weak password and reused in different sites
• Strong password but reused in different sites
• Weak password but different from other sites
• Strong password for criFcal sites, Weak password for other sites
• Strong or weak password and basic derivaFons on other sites
Typical choice of passwords on the Web:
SAPO Websecurity Team Confraria InfoSec
Today
6
Can we memorize hundreds of strong passwords?
SAPO Websecurity Team Confraria InfoSec
Today
7
No way!
SAPO Websecurity Team Confraria InfoSec
Today
8
So what can we do?
SAPO Websecurity Team
Alternatives to memorizing multiple passwords?
9
• Non-‐electronic-‐ Post-‐it-‐ Password Cards
• Limited adopFon-‐ OpenID / OAuth (Facebook, TwiQer, Google, SAPO)-‐ Smart card
• Password Managers:-‐ Local (examples):
‣ PGP File on Disk‣ Mac Keychain‣ Password Safe
-‐ Stateless (examples):‣ SuperGenPass
-‐ Remote (examples):‣ LastPass‣ 1Password + Dropbox
SAPO Websecurity Team 10
Post-‐it
• More secure than memorizing weak passwords
• Not prac;cal at all• Difficult to check and type passwords when
there’re people around
User can write passwords on a piece of paper, prefixed and sufixed with random chars, and keep it in his/her wallet
Pros:
Cons:
Alternatives > Post-it
“Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.”
in Schneier on Security, Bruce Schneier, Jun 2005
123456
SAPO Websecurity Team 11
Password Cards
Pros:
Cons:
• More secure than post-‐it if stolen
• Not prac;cal• Might be difficult to use because of
password policies• User s;ll needs to memorize some
informa;on for each site
User keeps the password card in his/her wallet and all he/she does it remember a combina;on of a symbol and a color per site... and direc;on and length!
Alternatives > Password Cards
SAPO Websecurity Team 12
OpenID
Pros:
Cons:
• Users don’t need to remember mul;ple passwords
• Sites don’t know users’ passwords• Users can change provider and s;ll
maintain digital iden;ty• Allows mul;ple authen;ca;on
mechanisms
• Limited to the subset of sites that support OpenID
• If the provider is down you can’t authen;cate*
Open standard that describes how users can be authen;cated in a decentralized manner, allowing users to consolidate their digital iden;;es
Alternatives > OpenID
SAPO Websecurity Team 13
OAuth basedUse popular sites (Facebook, TwiQer, SAPO) as authen;cators to other sites, just like OpenID.
Alternatives > OAuth based
Similar Pros&Cons of OpenID
SAPO Websecurity Team 14
Smart Cards
Pros:
Cons:
• Good security offered• Even beQer when used as
3-‐factor authen;ca;on
• Not very prac;cal• Only a very limited number of sites
support SSL Client cer;ficates• May provide a false sense of security
Some sites allow you to use SSL Client cer;ficates as a mean of authen;ca;on. Cer;ficates can be stored in a Smart Card.
Alternatives > Smart Cards
SAPO Websecurity Team 15
Password Managers
Pros:
Cons:
• easy to use• prac;cal• enable you to use strong and
different passwords across sites
• If a hacker breaks your password manager, ALL your passwords are compromised!
Use a password manager to manage all your passwords instead of trying to memorize them all
Alternatives > Password Managers
• Local• Stateless• Remote
Types (we will provide examples of each):
SAPO Websecurity Team 16
PGP Encrypted File on Disk
Pros:
Cons:
• It seems preQy secure
• Not for everyone• Hard to maintain• If you need a password and you
don’t have your computer with you..
Not really a password manager, but the user can keep all his/hers passwords in one file that is encrypted with PGP.
Alternatives > Password Managers > Local > PGP File
SAPO Websecurity Team 17
MacOSX Keychain
Pros:
Cons:
• Integrated with the opera;ng system, thus easy and prac;cal to use
• Secure• You can unlock your keychain with a
smart card
• If you need a password and you don’t have your computer with you..
• Only MacOSX is supported
OS-‐wise password manager. Can sync keychain’s data with other computers.
Alternatives > Password Managers > Local > MacOSX Keychain
SAPO Websecurity Team 18
Password Safe
Pros:
Cons:
• Secure• GUI to manage passwords
• If you need a password and you don’t have your computer with you..
• Only MS-‐Windows is supported
Similar to PGP Encrypted File in terms of func;onality but has a GUI.
Alternatives > Password Managers > Local > Password Safe
SAPO Websecurity Team 19
SuperGenPass
Pros:
Cons:
• Simple Idea, simple to use• Very Prac;cal, easy to use when you don’t
have access to your computer
• Prone to XSS aQacks!
SuperGenPass is a simple bookmarklet that computes your site’s password.No one knows your passwords. Site’s password =10x MD5(yourMasterSecret:domainURL).
Alternatives > Password Managers > Stateless > SuperGenPass
SAPO Websecurity Team 20
Alternatives > Password Managers > Remote
Remote Password Managers
SAPO Websecurity Team 21
• Server is not aware of your encryp;on key
• Data is stored on server in encrypted form and encrypted/decrypted locally (using JS or browser extension)
• Device synchroniza;on
• Mul;plahorm support
• Import and export func;onality
• Mul;-‐factor authen;ca;on (OTPs, Yubikey, Grid, among others)
• Phishing mi;ga;on
LastPass Features:
Alternatives > Password Managers > Remote > LastPass
SAPO Websecurity Team 22
Login
Alternatives > Password Managers > Remote > LastPass > Usage
SAPO Websecurity Team 23
Saving a site
Alternatives > Password Managers > Remote > LastPass > Usage
SAPO Websecurity Team 24
Saving a site
Alternatives > Password Managers > Remote > LastPass > Usage
SAPO Websecurity Team 25
Site login
Alternatives > Password Managers > Remote > LastPass > Usage
SAPO Websecurity Team 26
Looking deeper:
• The login process;
• Adding a site;
• Risks related to implementaFon;
• Major threats;
• Advantages.
Alternatives > Password Managers > Remote > LastPass
SAPO Websecurity Team 27
Looking deeper -‐ The login process
Alternatives > Password Managers > Remote > LastPass > Details
SAPO Websecurity Team 28
Looking deeper -‐ The login process
Parameter Value Opera[on
username [email protected] user
hash 0f4ca0edff9ac0436c9c161565c7bff0654aa67e412578e5294a245d971d91cb SHA256(master_key + password)
encrypted_username, requesthash
Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSNmiTNzk= B64(AES256_ECB(master_key, PKCS7(user)))
lostpwotphash dafb156eb7e0c3aa23a47c90a70350b54ce649c9a9e6ee6670f64110dc783778 SHA256(user + recovery_key)
u e548f6d1a533d298102519aed86ef186b3d3b9f4b0d3c7c1c20cc8072771ce3d SHA256(user)
• user = “[email protected]”• password = “pwd123456”• master_key = SHA256(user + password)• rand_n = RAND(128b)• recovery_key = SHA256(user + rand_n)• encrypted_master_key = AES256_ECB(recovery_key, master_key)
Alternatives > Password Managers > Remote > LastPass > Details
SAPO Websecurity Team 29
Looking deeper -‐ Adding a site
Alternatives > Password Managers > Remote > LastPass > Details
SAPO Websecurity Team 30
Looking deeper -‐ Adding a site
Parameter Value Opera[on
url 68747470733a2f2f747769747465722e636f6d2f HEX(“hfps://twifer.com/”)
name iiFFsmFqWzhZEzz4WdqFsQ== B64(AES256_ECB(master_key, PKCS7(“twifer.com”)))
username VXu4hWF75MFuA1XiaAUp/g== B64(AES256_ECB(master_key, PKCS7(“someaccount”)))
password 8ISq2uZ6HHHkgaPNPzTDDs2sqi+erKc65snJce/0V2s=
B64(AES256_ECB(master_key, PKCS7(“NS3ptHQcvwEkCX6NK9uJeKOstLWbN4Mf”)))
requesthash Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSNmiTNzk= B64(AES256_ECB(master_key, PKCS7(user)))
• user = “[email protected]”• password = “pwd123456”• master_key = SHA256(user + password)
Alternatives > Password Managers > Remote > LastPass > Details
SAPO Websecurity Team 31
Looking deeper -‐ Risks related to implementa[on
• The URL is stored in plaintext;
• Form field names are stored in plaintext;
• AES is being used in ECB mode. The same input always generates the same output...
• Key derivaFon should be improved (e.g. using PBKDF2)“That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.”
• Beware of the “create an OTP for recovery opFon”;
• Third-‐party security assessment sFll pending.
Alternatives > Password Managers > Remote > LastPass > Details
SAPO Websecurity Team 32
Looking deeper -‐ Major threats
• Master password thea;
• Trojan installed in host may compromise all passwords at once.
Alternatives > Password Managers > Remote > LastPass > Details
SAPO Websecurity Team 33
Prac[cal• One password to remember;
• Integrated with the browser;• Synchronizes credenFals across devices.
Open• Client-‐side source code is available.
Secure• Very effecFve in Gawker-‐style aeacks (password containment);
• Can be paired with addiFonal authenFcaFon factors;• Passwords are stored in encrypted form, both locally and remotely.
Alternatives > Password Managers > Remote > LastPass
Pros:
SAPO Websecurity Team Confraria InfoSec 34
Two-‐Factor Authen[ca[on
Two-Factor Authentication
SAPO Websecurity Team 35
Some Examples
Pros:
Cons:
• More secure than single-‐factor:)
• Not very prac;cal• May provide a false sense of security• Typically a closed market (vendors
rip you off!)
• Smart cards• SoHware OTP Tokens:
-‐ Google Authen;cator-‐ Verisign VIP
• Hardware OTP Tokens:-‐ Yubikey-‐ CryptoCard-‐ RSA SecureID
Two-Factor Auth > Examples
SAPO Websecurity Team 36
Google Authen[cator
Pros:
Cons:
• Free! :)• No need to carry extra devices• You can use it in your own systems (using a PAM
Module or integra;ng it with RADIUS)
• Concerns related to security of the device• Your baQery may die when you most need an OTP• You lose some ;me to generate an OTP
Two-Factor Auth > Google Authenticator
Supports HOTP (event-‐based) and TOTP (;me-‐based) codes. Key provisioning via scanning a QR code.
SAPO Websecurity Team
Two-Factor Auth > Yubikey > What is it?
37
• The Yubikey is a small USB token which acts as a regular keyboard. It can generate StaFc Passwords and One Time Passwords.
What is it?
SAPO Websecurity Team 38
• The Yubikey can be provisioned with a staFc password with up to 64 chars. This password can be used with applicaFons/services that do not support OTPs. You should use an addiFonal password!
Sta[c Passwords
One Time Passwords
• Two different One Time Password standards are supported: event-‐based HOTP and Yubikey-‐style OTPs.
• HOTP is a beeer known standard, but it is more limited due to usability concerns (smaller OTP, sync issues, etc.).
• The Yubikey OTP standard leverages the fact that the Yubikey inputs the OTPs for you.
Two slots• Short-‐press for slot 1; Long-‐press for slot 2 (3 secs);
Drivers• Any OS with USB-‐keyboard support. It even works during boot (useful for,
e.g., whole-‐disk encrypFon soluFons such as PGP-‐WDE and TrueCrypt).
Two-Factor Auth > Yubikey > How does it work?
SAPO Websecurity Team 39
Yubico OpenID (hfp://openid.yubico.com)
Two-Factor Auth > Yubikey > Where does it work?
SAPO Websecurity Team 40
Lastpass (hfp://www.lastpass.com)
Two-Factor Auth > Yubikey > Where does it work?
SAPO Websecurity Team 41
Laptop (hfp://127.0.0.1)
One Time Password Sta;c Password
Two-Factor Auth > Yubikey > Where does it work?
SAPO Websecurity Team 42
Inner workings
Two-Factor Auth > Yubikey > Details
SAPO Websecurity Team 43
Protocol afacks• Generated OTPs consist of unique 128 bit blocks encrypted with a shared
AES key between Token and Server. Protocol security depends on the security strength of the AES algorithm.
Two-Factor Auth > Yubikey > Security Threats
SAPO Websecurity Team 44
Server afacks
• An authenFcaFon server stores symmetric keys for all Token and is a single point of failure. This can be miFgated with tamper-‐proof HSMs and user passwords;
• A DoS aeack on the server will result in users not being able to log in.
Two-Factor Auth > Yubikey > Security Threats
SAPO Websecurity Team 45
User afacks• Social engineering;
• Phishing;• “Borrowing” the Token.
Two-Factor Auth > Yubikey > Security Threats
SAPO Websecurity Team 46
Host afacks• Soaware key extracFon (very hard to exploit);
• Man-‐in-‐the-‐browser.
Two-Factor Auth > Yubikey > Security Threats
SAPO Websecurity Team 47
• Hardware key extracFon and Token duplicaFon.Hardware afacks
Two-Factor Auth > Yubikey > Security Threats
SAPO Websecurity Team 48
Prac[cal• No drivers necessary
• Types the key for you
Open• Open standard and infrastructure
• Soaware released under permissive license• Extensible (PIN opFon)
• No license required per token
Secure• Provides an addiFonal authenFcaFon factor
• OTP generaFon requires manual intervenFon
Affordable• Around 10€ if purchased in larger quanFFes
Two-Factor Auth > Yubikey > Advantages
SAPO Websecurity Team Confraria InfoSec 49
Trends
Future
SAPO Websecurity Team 50
Trends
Two-‐factor Authen[ca[on is geong Popular:
SAPO Websecurity Team 51
Trends
NFC starts to be a hype:In “How Apple and Google will kill the password”, Computerworld, Jan 2011:
SAPO Websecurity Team Confraria InfoSec
The End
52
Ques[ons?
Nuno Loureiro <[email protected]> João Poupino <[email protected]>