Masaryk University Faculty of Informatics Password managers: a survey Bachelor’s Thesis Daniel Pecuch Brno, Fall 2020 Masaryk University Faculty of Informatics Password managers: a survey Bachelor’s Thesis Daniel Pecuch Brno, Fall 2020 This is where a copy of the official signed thesis assignment and a copy ofthe Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Pecuch Advisor: RNDr. Lukáš Němec. i Acknowledgements I would like to thank my advisor, RNDr. Lukáš Němec, for his friendly approach, useful advice, and guidance of my work. I would like to express my gratitude to my family and friends for their support. ii Abstract The goal of this thesis is to find, test, and compare three open-source password managers. The evaluation focuses on the usability aspect and the implementation of supported features. The thesis also defines a methodology used to compare different password managers by dividing their components into sections containing a set of pre-defined tasks. According to the results, the most suitable manager is selected. iii Keywords password manager, open-source, survey, usability iv Contents 1 Introduction 1 2 Ideal Password Manager 2 2.1 Usability of the Ideal Password Manager ...........3 2.2 Security ............................3 2.3 Database ............................4 2.4 Password Generator ......................5 2.5 Entries .............................6 2.6 Autofill ............................6 2.7 Additional Components ....................7 3 Selection Criteria 10 4 KeePass 11 4.1 Security ............................ 11 4.2 Usability ........................... 12 5 Password Safe 13 5.1 Security ............................ 13 5.2 Usability ........................... 14 6 Bitwarden 15 6.1 Security ............................ 16 6.2 Usability ........................... 16 7 Password Managers Comparison 18 7.1 Database ............................ 18 7.1.1 KeePass . 18 7.1.2 Password Safe . 20 7.1.3 Bitwarden . 22 7.1.4 Conclusion . 23 7.2 Entries ............................. 23 7.2.1 KeePass . 23 7.2.2 Password Safe . 25 7.2.3 Bitwarden . 26 7.2.4 Conclusion . 28 v 7.3 Password Generator ...................... 28 7.3.1 KeePass . 28 7.3.2 Password Safe . 29 7.3.3 Bitwarden . 30 7.3.4 Conclusion . 30 7.4 Autofill ............................ 30 7.4.1 KeePass . 31 7.4.2 Password Safe . 32 7.4.3 Bitwarden . 32 7.4.4 Conclusion . 33 7.5 Additional Components .................... 34 7.6 Final Recommendation .................... 36 8 Conclusion 38 Bibliography 39 vi 1 Introduction Protecting personal information was and always has been the primary purpose of passwords. On the one hand, passwords present a real security thread among researchers and users; active research is still underway to find a suitable replacement alternative [1]. On the other hand, passwords still prevail as the most common form of authentication in the digitalized world, and it is convenient to manage and create new, secure passwords. With this in mind, the average user has about 25 accounts protected by passwords and uses at least eight daily [2]. Users tend to choose weaker passwords over strong ones, write them down on a sheet of paper or store them un- protected in their computer, which destroys the purpose of secret information [3]. Furthermore, they are likely to forget them. Another weakness is reusing passwords between multiple services or accounts. As reported in a study, out of 26 participants, 25 shared passwords between accounts [4]. For these purposes, password managers exist. They are a bank of personal information secured by one master password. On paper, this means we can choose to remember only one strong password, without the burden of remembering multiple ones. Furthermore, they are often recommended by security experts as a convenient solution [5] that can help users pick passwords [6]. This thesis aims to describe an ideal password manager’s features and choose the best open-source manager from available options. The first chapter defines the ideal view of a password manager. The following section describes the usability and features of such a manager and applies it to our candidates. The next chapter analyzes and briefly introduces the chosen three password managers, describes their layout, security, and usability features. The last chapter focuses on applying the defined tasks of an ideal password manager to our candidates, describes their behavior, con- cludes the findings, and chooses the one with the best approach. The result of our comparison is a table of features for each manager to summarize its functionality. 1 2 Ideal Password Manager A password manager is a software dedicated to saving and managing personal information, usually passwords. Although password managers offer great benefits like faster au- thentication, secured storage for our personal information, and pre- vention against phishing and brute force attacks, their use has not been adopted by many users [7]. According to a study in a large cor- poration, only 1% out of 836 employees that filled out a questionnaire stated they use some password manager [3, 7]. The investigation by Fagan et. al. [6] shows that while users of pass- word managers noted their usefulness and convenience, others noted security issues as the main factor for not using password managers. Furthermore, the analysis of differences in emotions between “users” and “non-users” reveals that participants who use a password manager are more likely to feel secure, admiring and energetic, and less likely to feel suspicious when using their password manager to log into a website [6]. We can divide password managers into multiple categories based on their implementation and provided functionality [8]. An ideal password manager should include: ∙ Securely stored personal information – The personal informa- tion written or inserted into a password manager should be stored in an encrypted form. The most common practice is to protect the vault of the password manager with a master key. The master key is essentially a password to enter the vault of passwords to keep the vault secure. Alternatively, a token can be used for the same purpose. ∙ Password Generator – Users can generate stronger and safer passwords via password meter or generator build inside a par- ticular password manager. The study of web password habbits by Florencio et. al. [2] states that an average user has 6.5 pass- words, shared across 3.9 different services and thus should have a unique password for each service. It ensures that if one account gets breached, other accounts will not be compromised. ∙ Faster authentication – Password managers offer various func- tionality tools including autofilling passwords. The manager 2 2. Ideal Password Manager fills in the information automatically without the involvement of the user. It can even execute login protocols and visit pre-set domains which prevents phishing attacks. ∙ Synchronization – Users typically share passwords across mul- tiple devices, so it is convenient to have shared access to the database. The synchronization can be managed automatically or manually. 2.1 Usability of the Ideal Password Manager An essential part of the ideal password manager is usability and in- cluded features. To compare three such applications to an ideal man- ager, we define its features, describe the ideal scenario, and test each manager’s implementation. Then we try to choose the best approach by the purpose of use. 2.2 Security Saving our personal information in the application is a sensitive oper- ation, so the protection is expected. The conventional method used in password managers to secure the database is symmetric cryptography, which usually includes a master key to decrypt the database. While there are a lot of algorithms available, each has its pros and cons. For databases, we are looking for an algorithm with a comparable performance to security ratio. On the one hand, we want the chosen al- gorithm to be secure, but on the other hand, as the size of the database increases, we will wait a significant time for it to decrypt with a slow algorithm. The list of the most common disk encryption algorithms: ∙ AES – The Advanced Encryption Standard, originally called Rijndael, uses a 128-bit block cipher with the key size of 128, 192, and 256 bits [9]. Rijndael was developed by Vincent Rijmen and Joan Daemen and won the contest organized by NIST as a successor of DES cipher, which has shown security breaches in the recent years [10]. By combining AES with XTS crypto- graphic mode, we get solid disk encryption [10, 11]. XTS-AES was standardized on 2007-12-19 as IEEE P1619 [11]. 3 2. Ideal Password Manager ∙ Twofish – Is an unpatented fast block cipher algorithm devel- oped by Bruce Schneier. It uses a symmetric block cipher with a block size of 128-bits, and its keys can go up to 254-bits. The pre- decessor, Blowfish, is considered reasonably secure, although it has some speed drawbacks [12]. The issue with speed is reduced with Twofish as it is comparably faster on modern hardware than Blowfish while retaining the Blowfish algorithm’s security. The AES protocol is quicker for text encryption, but with a sufficient ram, the Twofish is faster for the same encryption [13]. There is currently no cryptoanalysis against it, so it maintains a strong level of security [10]. ∙ RC6 – Rivest cipher 6 is derived from RC5 designed to meet the AES requirements. [14] It was developed by Yiqun Lisa Yin, Ron Rivest, Matt Robshaw, and Ray Sidney. It uses a 128-bit block ci- pher with key sizes of 128, 192, and 256 bits. The algorithm is fully parametrized, supporting various word-lengths, key sizes, and many rounds [10].