Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

KWallet and Password Security Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

Abstract Today's world is run by technology. This has lead to a boom in the field of computer and information security. This boom has lead to the research and development of many products with the purpose to thwart various attackers from getting personal and secret information. One of these products is kWallet. The overarching feature present in KWallet is the ability to store passwords in encrypted packages called Wallets. On top of that, there are other features KWallet includes: the ability to lock applications, add or delete Wallets, and even store other sensitive data in a secure location. The overall idea is to have all of the users passwords for their various internet applications be much longer and more random. This leads to a password almost impossible to be broken by a brute force or dictionary attacks and a much safer experience online.

Problem Statement

Password security is a very complicated issue. The average person has so many passwords to remember, that they commonly make decisions that sacrifices security. Though some can remember these passwords with ease, many people find it difficult. This causes them to come to one of two solutions: ● Create an easier password that would be much easier to remember KWallet and Password Security Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

● Store passwords and other sensitive information in one central location While both of these are valid solutions to the problem of remembering information, they also make the user vulnerable in terms of password security.

Easier Passwords

Creating easier passwords to remember, or perhaps using the same password for multiple accounts is not an ideal solution to the problem because it drastically sacrifices security. though longer passwords are harder to remember, this also makes them harder to guess. On the other hand, a shorter password is much easier to guess. A longer, and possibly random, password will, in turn, have much more security than a shorter password one can remember (e.g. a loved one’s birthday). The big problem is that most people choose the easier way, sacrificing security for convenience when they should make a secure password that would be harder to remember but would be harder to crack.

Documenting Passwords

Writing down passwords is an easy way to remember or ensure access to one's passwords. Though this is much safer than creating easily guessable passwords, they would all be in a central location, making them easy to misplace. If they are stored in a file on one's computer, this grants easy access for hackers to find them. Then there would be nothing them KWallet and Password Security Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

from using this information for their, undoubtedly, devious purposes. They would have claim on all of the passwords stored, thus making all accounts linked to these passwords in the central location insecure.

Solution Description

Overview:

KWallet is an application which stores passwords in "wallets". These wallets are encrypted files which are accessed via password. KWallet allows storage of multiple. Each wallet is able to be individually managed so that each password is treated differently. Wallets are able to be given permissions eliminating the need to type passwords for certain chosen applications. This allows applications to remember any password that the user chooses. This is beneficial as in the event of a compromised system, your more sensitive passwords won't automatically be remembered.

Security:

What makes Kwallet superior to other password storage applications is its use of encryption. A regular application would simply require a password and then all the users sensitive information is out in the open if compromised. KWallet not only stores passwords in pseudo-different locations but it encrypts each wallet. The fact that each wallet can be handled as an individual password vault allows various levels of security for different information. In simple terms, it’s like giving your passwords a password.

Ease of access: KWallet and Password Security Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

After the initial setup of Kwallet there is essentially no further management apart from entering new passwords. The fact that each wallet has settings for what can access it automatically means that once a user has chosen which applications are given permissions, passwords never have to be entered again. This allows for an essentially safer version of the "Would you like to remember this password" cookie that is built in to most applications.

Using KWallet

KWallet is a very easy program to use. The whole program revolves around creating small packages of information called Wallets, which is the location of which your password is stored, encrypted by your selected passphrase. “By default a wallet named kdewallet will be used to store your passwords,” [2]. A new wallet can be created by either:

· Going to File →New Wallet in the KWallet Manager

· Clicking New in system settings under KDE Wallet

Storing Passwords

KWallet and Password Security Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

There are many applications that prompt KWallet to startup when it loads. These applications can be either disconnected or connected in the KWallet Manager.

When the user inputs login information for the first time in any of these applications, a prompt will pop up, asking whether they want to store the data or not. The user can click store to store this information. If the user hasn’t created a new wallet beforehand, the dialog prompts for the user to select an encryption backend and then proceeds to create a wallet named kdewallet.

If stored, the next time the user visits this form, the information stored will be prefilled (provided they are using the same wallet). If the previously used wallet was closed the application will prompt the user to open it again as seen in the figure below::

Why KWallet

Convenience:

KWallet is available for install on computers running Linux, and comes as part of many desktop environments. Programs can also be designed to integrate with KWallet to store sensitive information there. Firefox and Chrome both require little effort to set up to use KWallet to store passwords and form data. KWallet and Password Security Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

Trustworthy:

The most important factor when choosing software to manage passwords is trust. Using an untrusted program is worse than using nothing at all. KWallet works entirely offline, so there is need to trust some off-site location with your data.

Conclusion kWallet is a product that is both necessary and convenient. kWallet is necessary because with “1.5 million annual cyber-attacks, online crime is a real threat to anyone on the Internet. That number means there are over 4,000 cyber-attacks every day, 170 attacks every hour, or nearly three attacks every minute” [1]. kWallet is convenient because it allows long and complicated passwords to be used all over the internet, all while the user only has to remember one password to the kWallet application. This creates the perfect situation for any user who no longer wants to trade ease of use for the security of secret information. KWallet and Password Security Brandon Lewis, Andreas Aderiye, Josh Willis-Jones

Works Cited

1. "These Cybercrime Statistics Will Make You Think Twice About Your Password: Where’s the CSI Cyber Team When You Need Them?" CBS. CBS, 03 Mar. 2015. Web. 14 Apr. 2017. 2. Staikos, George, and Lauri Watts. "The KWallet Handbook." Kde.org. N.p., n.d. Web. .