Living with passwords. How can you manage your passwords and what the alternatives are. Password managers, two-factor authentication, OTPs, smart cards and NFC are some of the covered topics.
4. Motivation > People Reuse Passwords
•
Password
Sharing:
73%
of
users
share
passwords
that
are
used
for
online
banking
with
at
least
one
non-‐financial
website.
•
Username
/
Password
Sharing:
42%
of
users
share
both
their
username
and
password
with
at
least
one
non-‐financial
website
Study
on
4M
PCs in
Reusing
Login
Creden.als,
Security
Advisor,
February
2010,
Trusteer
Inc.
SAPO
Websecurity
Team 4
5. Today
Typical
choice
of
passwords
on
the
Web:
• Weak
password
and
reused
in
different
sites
• Strong
password
but
reused
in
different
sites
• Weak
password
but
different
from
other
sites
• Strong
password
for
criFcal
sites,
Weak
password
for
other
sites
• Strong
or
weak
password
and
basic
derivaFons
on
other
sites
SAPO
Websecurity
Team 5
6. Today
Can
we
memorize
hundreds
of
strong
passwords?
SAPO
Websecurity
Team Confraria
InfoSec 6
7. Today
No
way!
SAPO
Websecurity
Team Confraria
InfoSec 7
8. Today
So
what
can
we
do?
SAPO
Websecurity
Team Confraria
InfoSec 8
10. Alternatives > Post-it
Post-‐it
User
can
write
passwords
on
a
piece
of
paper,
prefixed
and
sufixed
with
random
chars,
and
keep
it
in
his/her
wallet
Pros:
• More
secure
than
memorizing
weak
passwords
12345
6
Cons:
• Not
prac;cal
at
all
• Difficult
to
check
and
type
passwords
when
there’re
people
around
“Simply, people can no longer remember passwords good enough to reliably defend against dictionary
attacks, and are much more secure if they choose a password too complicated to remember and then
write it down. We're all good at securing small pieces of paper. I recommend that people write their
passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper:
in their wallet.”
in
Schneier
on
Security,
Bruce
Schneier,
Jun
2005
SAPO
Websecurity
Team 10
11. Alternatives > Password Cards
Password
Cards
User
keeps
the
password
card
in
his/her
wallet
and
all
he/she
does
it
remember
a
combina;on
of
a
symbol
and
a
color
per
site...
and
direc;on
and
length!
Pros:
• More
secure
than
post-‐it
if
stolen
Cons:
• Not
prac;cal
• Might
be
difficult
to
use
because
of
password
policies
• User
s;ll
needs
to
memorize
some
informa;on
for
each
site
SAPO
Websecurity
Team 11
12. Alternatives > OpenID
OpenID
Open
standard
that
describes
how
users
can
be
authen;cated
in
a
decentralized
manner,
allowing
users
to
consolidate
their
digital
iden;;es
Pros:
• Users
don’t
need
to
remember
mul;ple
passwords
• Sites
don’t
know
users’
passwords
• Users
can
change
provider
and
s;ll
maintain
digital
iden;ty
• Allows
mul;ple
authen;ca;on
mechanisms
Cons:
• Limited
to
the
subset
of
sites
that
support
OpenID
• If
the
provider
is
down
you
can’t
authen;cate*
SAPO
Websecurity
Team 12
13. Alternatives > OAuth based
OAuth
based
Use
popular
sites
(Facebook,
TwiQer,
SAPO)
as
authen;cators
to
other
sites,
just
like
OpenID.
Similar
Pros&Cons
of
OpenID
SAPO
Websecurity
Team 13
14. Alternatives > Smart Cards
Smart
Cards
Some
sites
allow
you
to
use
SSL
Client
cer;ficates
as
a
mean
of
authen;ca;on.
Cer;ficates
can
be
stored
in
a
Smart
Card.
Pros:
• Good
security
offered
• Even
beQer
when
used
as
3-‐factor
authen;ca;on
Cons:
• Not
very
prac;cal
• Only
a
very
limited
number
of
sites
support
SSL
Client
cer;ficates
• May
provide
a
false
sense
of
security
SAPO
Websecurity
Team 14
15. Alternatives > Password Managers
Password
Managers
Use
a
password
manager
to
manage
all
your
passwords
instead
of
trying
to
memorize
them
all
Types
(we
will
provide
examples
of
each):
•
Local
•
Stateless
•
Remote
Pros:
• easy
to
use
• prac;cal
• enable
you
to
use
strong
and
different
passwords
across
sites
Cons:
• If
a
hacker
breaks
your
password
manager,
ALL
your
passwords
are
compromised!
SAPO
Websecurity
Team 15
16. Alternatives > Password Managers > Local > PGP File
PGP
Encrypted
File
on
Disk
Not
really
a
password
manager,
but
the
user
can
keep
all
his/hers
passwords
in
one
file
that
is
encrypted
with
PGP.
Pros:
• It
seems
preQy
secure
Cons:
• Not
for
everyone
• Hard
to
maintain
• If
you
need
a
password
and
you
don’t
have
your
computer
with
you..
SAPO
Websecurity
Team 16
17. Alternatives > Password Managers > Local > MacOSX Keychain
MacOSX
Keychain
OS-‐wise
password
manager.
Can
sync
keychain’s
data
with
other
computers.
Pros:
• Integrated
with
the
opera;ng
system,
thus
easy
and
prac;cal
to
use
• Secure
• You
can
unlock
your
keychain
with
a
smart
card
Cons:
• If
you
need
a
password
and
you
don’t
have
your
computer
with
you..
• Only
MacOSX
is
supported
SAPO
Websecurity
Team 17
18. Alternatives > Password Managers > Local > Password Safe
Password
Safe
Similar
to
PGP
Encrypted
File
in
terms
of
func;onality
but
has
a
GUI.
Pros:
• Secure
• GUI
to
manage
passwords
Cons:
• If
you
need
a
password
and
you
don’t
have
your
computer
with
you..
• Only
MS-‐Windows
is
supported
SAPO
Websecurity
Team 18
19. Alternatives > Password Managers > Stateless > SuperGenPass
SuperGenPass
SuperGenPass
is
a
simple
bookmarklet
that
computes
your
site’s
password.
No
one
knows
your
passwords.
Site’s
password
=10x
MD5(yourMasterSecret:domainURL).
Pros:
• Simple
Idea,
simple
to
use
• Very
Prac;cal,
easy
to
use
when
you
don’t
have
access
to
your
computer
Cons:
• Prone
to
XSS
aQacks!
SAPO
Websecurity
Team 19
21. Alternatives > Password Managers > Remote > LastPass
LastPass
Features:
• Server
is
not
aware
of
your
encryp;on
key
• Data
is
stored
on
server
in
encrypted
form
and
encrypted/decrypted
locally
(using
JS
or
browser
extension)
• Device
synchroniza;on
• Mul;plahorm
support
• Import
and
export
func;onality
• Mul;-‐factor
authen;ca;on
(OTPs,
Yubikey,
Grid,
among
others)
• Phishing
mi;ga;on
SAPO
Websecurity
Team 21
31. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-‐
Risks
related
to
implementa[on
• The
URL
is
stored
in
plaintext;
• Form
field
names
are
stored
in
plaintext;
• AES
is
being
used
in
ECB
mode.
The
same
input
always
generates
the
same
output...
• Key
derivaFon
should
be
improved
(e.g.
using
PBKDF2)
“That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if
there are numbers and special characters in the password or the password is longer and much less time if the password is
all one case, subject to a dictionary attack, or is partially known.”
• Beware
of
the
“create
an
OTP
for
recovery
opFon”;
• Third-‐party
security
assessment
sFll
pending.
SAPO
Websecurity
Team 31
32. Alternatives > Password Managers > Remote > LastPass > Details
Looking
deeper
-‐
Major
threats
• Master
password
thea;
• Trojan
installed
in
host
may
compromise
all
passwords
at
once.
SAPO
Websecurity
Team 32
33. Alternatives > Password Managers > Remote > LastPass
Pros:
Prac[cal
• One
password
to
remember;
• Integrated
with
the
browser;
• Synchronizes
credenFals
across
devices.
Open
• Client-‐side
source
code
is
available.
Secure
• Very
effecFve
in
Gawker-‐style
aeacks
(password
containment);
• Can
be
paired
with
addiFonal
authenFcaFon
factors;
• Passwords
are
stored
in
encrypted
form,
both
locally
and
remotely.
SAPO
Websecurity
Team 33
35. Two-Factor Auth > Examples
Some
Examples
•
Smart
cards
•
SoHware
OTP
Tokens:
-‐
Google
Authen;cator
-‐
Verisign
VIP
•
Hardware
OTP
Tokens:
-‐
Yubikey
-‐
CryptoCard
-‐
RSA
SecureID
Pros:
• More
secure
than
single-‐
factor:)
Cons:
• Not
very
prac;cal
• May
provide
a
false
sense
of
security
• Typically
a
closed
market
(vendors
rip
you
off!)
SAPO
Websecurity
Team 35
36. Two-Factor Auth > Google Authenticator
Google
Authen[cator
Supports
HOTP
(event-‐based)
and
TOTP
(;me-‐based)
codes.
Key
provisioning
via
scanning
a
QR
code.
Pros:
• Free!
:)
• No
need
to
carry
extra
devices
• You
can
use
it
in
your
own
systems
(using
a
PAM
Module
or
integra;ng
it
with
RADIUS)
Cons:
• Concerns
related
to
security
of
the
device
• Your
baQery
may
die
when
you
most
need
an
OTP
• You
lose
some
;me
to
generate
an
OTP
SAPO
Websecurity
Team 36
37. Two-Factor Auth > Yubikey > What is it?
What
is
it?
• The
Yubikey
is
a
small
USB
token
which
acts
as
a
regular
keyboard.
It
can
generate
StaFc
Passwords
and
One
Time
Passwords.
SAPO
Websecurity
Team 37
38. Two-Factor Auth > Yubikey > How does it work?
Sta[c
Passwords
• The
Yubikey
can
be
provisioned
with
a
staFc
password
with
up
to
64
chars.
This
password
can
be
used
with
applicaFons/services
that
do
not
support
OTPs.
You
should
use
an
addiFonal
password!
One
Time
Passwords
• Two
different
One
Time
Password
standards
are
supported:
event-‐based
HOTP
and
Yubikey-‐style
OTPs.
• HOTP
is
a
beeer
known
standard,
but
it
is
more
limited
due
to
usability
concerns
(smaller
OTP,
sync
issues,
etc.).
• The
Yubikey
OTP
standard
leverages
the
fact
that
the
Yubikey
inputs
the
OTPs
for
you.
Two
slots
• Short-‐press
for
slot
1;
Long-‐press
for
slot
2
(3
secs);
Drivers
• Any
OS
with
USB-‐keyboard
support.
It
even
works
during
boot
(useful
for,
e.g.,
whole-‐disk
encrypFon
soluFons
such
as
PGP-‐WDE
and
TrueCrypt).
SAPO
Websecurity
Team 38
39. Two-Factor Auth > Yubikey > Where does it work?
Yubico
OpenID
(hfp://openid.yubico.com)
SAPO
Websecurity
Team 39
40. Two-Factor Auth > Yubikey > Where does it work?
Lastpass
(hfp://www.lastpass.com)
SAPO
Websecurity
Team 40
41. Two-Factor Auth > Yubikey > Where does it work?
Laptop
(hfp://127.0.0.1)
One
Time
Password Sta;c
Password
SAPO
Websecurity
Team 41
43. Two-Factor Auth > Yubikey > Security Threats
Protocol
afacks
• Generated
OTPs
consist
of
unique
128
bit
blocks
encrypted
with
a
shared
AES
key
between
Token
and
Server.
Protocol
security
depends
on
the
security
strength
of
the
AES
algorithm.
SAPO
Websecurity
Team 43
44. Two-Factor Auth > Yubikey > Security Threats
Server
afacks
• An
authenFcaFon
server
stores
symmetric
keys
for
all
Token
and
is
a
single
point
of
failure.
This
can
be
miFgated
with
tamper-‐proof
HSMs
and
user
passwords;
• A
DoS
aeack
on
the
server
will
result
in
users
not
being
able
to
log
in.
SAPO
Websecurity
Team 44
45. Two-Factor Auth > Yubikey > Security Threats
User
afacks
• Social
engineering;
• Phishing;
• “Borrowing”
the
Token.
SAPO
Websecurity
Team 45
46. Two-Factor Auth > Yubikey > Security Threats
Host
afacks
• Soaware
key
extracFon
(very
hard
to
exploit);
• Man-‐in-‐the-‐browser.
SAPO
Websecurity
Team 46
48. Two-Factor Auth > Yubikey > Advantages
Prac[cal
• No
drivers
necessary
• Types
the
key
for
you
Open
• Open
standard
and
infrastructure
• Soaware
released
under
permissive
license
• Extensible
(PIN
opFon)
• No
license
required
per
token
Affordable
• Around
10€
if
purchased
in
larger
quanFFes
Secure
• Provides
an
addiFonal
authenFcaFon
factor
• OTP
generaFon
requires
manual
intervenFon
SAPO
Websecurity
Team 48
49. Future
Trends
SAPO
Websecurity
Team Confraria
InfoSec 49
51. Trends
NFC
starts
to
be
a
hype:
In
“How
Apple
and
Google
will
kill
the
password”,
Computerworld,
Jan
2011:
SAPO
Websecurity
Team 51
52. The End
Ques[ons?
Nuno
Loureiro
<nuno@co.sapo.pt> João
Poupino
<joao.poupino@co.sapo.pt>
SAPO
Websecurity
Team Confraria
InfoSec 52
Editor's Notes
\n
- All examples in PHP and MySQL\n
- Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
- Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
- Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
- Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
- Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
- Passwords are remotely stored\n- Web-based\n- Multi-platform\n- Sync between devices\n\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
hash parameter ~ HMAC\n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
\n
\n
\n
- Waterproof\n- \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Anti-phishing\nAnti-gawker\n\n
- PAM\n- SSH\n
- The ModHex encoding is used instead of standard hex or base64 encoding to make the device independent of language settings in the operating system.\n- sessionCtr : It is incremented every time the device is powered on and an OTP is used\n- timestamp : Is set to a random value every time the device is connected.\n- sessionUse: counts the number of authentication tokens generated during the particular session.\n- random: LFSR register seeded by the touch button sensor USB activity\n- crc: data corruption (not integrity!)\n- \n
- Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
- Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
- Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
- Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
- Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
\n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
- Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n