Last week, just before Christmas, LastPass made a bombshell announcement: Following a breach in August, which led to another breach in November, hackers had gotten their hands on users’ password vaults. While the company insists your credentials are still safe, some cybersecurity experts have been critical his mailsaying that this can make people feel more secure than they actually are and pointing out that this is just the latest in a series of incidents that make it difficult to trust the password manager.
LastPass’ December 22 statement was “full of omissions, half-truths and outright lies,” it reads a blog post by Wladimir Palant, a security researcher known for helping develop AdBlock Pro, among others. Some of his critiques are about how the company framed the incident and how transparent it is; he accuses the company of portraying the August incident, with LastPass saying “some source code and technical information was stolen” as a separate breach, when in reality the company “couldn’t control” the breach.
“LastPass’ claim of ‘zero knowledge’ is a blatant lie.”
He also highlights LastPass’s admission that the leaked data includes “the IP addresses from which customers accessed the LastPass service,” and said the threat actor could create “a full motion profile” of customers if LastPass registered that you used. with his service.
Another security researcher, Jeremi Gosney, wrote a long post on Mastodon he explains his recommendation to switch to another password manager. “LastPass’ claim of ‘zero knowledge’ is a blatant lie,” he says, claiming that the company has “about as much knowledge as a password manager can get away with.”
LastPass claims its “zero knowledge” architecture keeps users safe because the company never has access to your master password, which hackers need to unlock the stolen vaults. While Gosney doesn’t dispute that specific point, he does say the phrase is misleading. “I think most people think of their vault as some kind of encrypted database where the whole file is secured, but no – with LastPass, your vault is a plain text file and only a few select fields are encrypted.”
Palant also notes that the encryption only serves you well if the hackers can’t crack your master password, which is LastPass’ main defense in his post: If you’re using the default password length and reinforcement values and haven’t reused it on another site “It would take millions of years to guess your master password with widely available password cracking technology,” wrote Karim Toubba, the company’s CEO.
“This sets the stage for blaming the customers,” writes Palant, saying that “LastPass should be aware that passwords will are decrypted for at least some of their clients. And they already have a handy explanation: these customers clearly haven’t followed their best practices.” However, he also points out that LastPass has not necessarily enforced those standards. Despite 12-character passwords becoming the standard in 2018, Palant says, “I can log in with my 8-character password with no warnings or prompts to change it.”
LastPass’s post even provoked a backlash from a competitor, 1Password — on Wednesday, the company’s chief security architect, Jeffrey Goldberg wrote a post for his site titled “Not in a Million Years: It Could Cost Much Less to Crack a LastPass Password.” In it, Goldberg calls LastPass’ claim that it would take a million years to crack a master password “highly misleading,” saying that the statistic appears to assume a randomly generated 12-character password. “Passwords created by humans fall nowhere near that requirement,” he writes, saying that attackers can prioritize certain guesses based on how people construct passwords they can actually remember.
Of course, a competitor’s word should probably be taken with a grain of salt, although Palant echoes a similar idea in his post – he claims that the viral XKCD method of password creation would take about 25 minutes to crack with a single GPU, while dice password creation would take about 3 years to guess with the same hardware. It goes without saying that a motivated actor trying to break into a specific target’s vault could likely throw more than one GPU at the problem, potentially reducing that time by orders of magnitude.
“They are committing essentially every ‘crypto 101’ sin”
Both Gosney and Palant also object to LastPass’s actual cryptography, albeit for different reasons. Gosney accuses the company of basically “committing every ‘crypto 101’ sin” with how the encryption is implemented and how it manages data once it’s loaded into your device’s memory.
Meanwhile, Palant criticizes the company’s post for depicting its password-enhancing algorithm, known as PBKDF2, as “stronger than usual.” The idea behind the standard is that it will make it more difficult to brute force guess your passwords because you have to perform a certain number of calculations with each guess. “I seriously question what LastPass considers typical,” writes Palant, “since 100,000 PBKDF2 iterations is the lowest number I’ve seen in a current password manager.”
Bitwarden, another popular password manager, says his app uses 100,001 iterationsand that it adds another 100,000 iterations when your password is stored on the server for a total of 200,001. 1Password says it uses 100,000 iterations, but the encryption scheme means you must have both a secret key and your master password to unlock your data. That feature “ensures that if someone gets their hands on a copy of your vault, they simply can’t access it with just the master password, making it uncrackable,” according to Gosney.
Palant also points out that LastPass hasn’t always had that level of security, and older accounts may only have 5,000 iterations or less — something The edge confirmed last week. That, along with the fact that you can still have an eight-character password, makes it hard to take LastPass’s claims about taking millions of years to crack a master password seriously. Even if that applies to someone who has created a new account, what about people who have been using the software for years? If LastPass didn’t warn or force an upgrade to those better settings (which Palant says it hasn’t for him), then the “defaults” aren’t necessarily helpful as an indication of how concerned users should be.
Another sticking point is the fact that LastPass, for years, ignored pleas to encrypt data such as URLs. Palant points out that knowing where people have accounts could help hackers target individuals specifically. “Threateners would Love to know what you have access to. Then they can produce well-targeted phishing emails only for the people who are worth their while,” he wrote. He also points out that URLs stored in LastPass can sometimes give people more access than intended, using the example of a password reset link that didn’t expire properly.
There is also a privacy corner; you can tell one lot about an individual based on what websites they use. What if you use LastPass to store your account information for a niche porn site? Can anyone find out what area you live in based on your bills from your energy supplier? Would the information that you are using a gay dating app endanger your freedom or your life?
One thing that several security experts, including Gosney and Palant, seem to agree on is the fact that this breach is not proof that cloud-based password managers are a bad idea. This seems to be in response to people touting the benefits of completely offline password managers (or even just writing randomly generated passwords in a notebook, as I saw one commenter suggest). There are, of course, obvious benefits to this approach – a company that stores the passwords of millions of people will get more attention from hackers than an individual’s computer, and it’s a lot harder to get hold of something that isn’t in the cloud.
But just like crypto’s promises to let you be your own bank, running your own password manager can present more challenges than people realize. Losing your vault through a hard drive crash or other incident can be catastrophic, but backing it up risks making it more vulnerable to theft. (And you remembered to tell your automatic cloud backup software not to upload your passwords, right?) Plus, syncing an offline vault between devices is a little tricky, to say the least.
In terms of what people should do about this, both Palant and Gosney recommend that they at least consider switching password managers, in part because of how LastPass handled this breach and the fact that it the company’s seventh security incident in just over a decade. “It’s obvious they don’t care about their own security, much less your security,” Gosney writes, as Palant wonders why LastPass didn’t discover that hackers were copying the vaults from its remote cloud storage while it was running. happens. (The company’s post says it has “added additional logging and alerting capabilities to help detect further unauthorized activity.”)
LastPass has said that most users will not need to take any action to secure themselves after this breach. Palant disagrees, calling the recommendation “gross negligence.” Instead, he says that anyone who had a simple master password had a low number of iterations (here’s how you can check), or who may be a ‘high-value target’ should consider changing all their passwords immediately.
Is that the best thing to do during the holidays? No. But also don’t clean up after someone gains access to your accounts with a stolen password.
Update December 28, 7:39 PM ET: Updated with comments from 1Password, which published its own rebuttal to LastPass’ claims.