Cryptography Reference
In-Depth Information
These online password managers introduce some drawbacks, however. Foremost
among these is the issue of trust. This class of managers asks users to trust a remote
server or group of servers with their sensitive data. When a remote server is employed,
the password encrypted with a master password is sent across the internet, making it
much more likely for a malicious entity to capture and store it for later offline dictio-
nary attacks (master password is still user-chosen). Furthermore, should an adversary
manage to break in to one of these servers they would be able to gain access to all the
encrypted passwords for every user stored on that server. Again, the fact that these cre-
dentials are stored as ciphertexts alleviates this issue somewhat, but the threat of a later
offline attack on this data remains. In contrast, an offline attack on a portable password
manager of a user only exposes that particular user's passwords.
An additional consideration pertaining to remote credential storage is the flexibility
of authentication. Because these remote servers manage passwords for many users, au-
thentication with a user name and password prior to credential retrieval is a necessity.
Portable managers, on the other hand, never requires a user name due to the personal
nature of a user's mobile device.
Also, as noted in [13], there are several flaws and challenges associated with with
managing credentials through remote servers. Although users desire the additional se-
curity benefits online servers can provide, users are unwilling to compromise on usabil-
ity to improve security. Thus remote servers must be careful not to add security at the
cost of detracting from the overall user experience. Client side software must be easy
to download and install, and should be tightly integrated with the browser or operat-
ing system to prevent users from cutting corners that could potentially lead to social
engineering attacks.
Several portable managers exist for various mobile phone platforms, such as KeeP-
assMobile for J2ME enabled devices [10] and OpenIntents Safe for Android [11]. While
uncomplicated, users of these alternatives must
manually
transfer their password by
reading it off their mobile device and typing it on their terminal's keyboard. This may
be clumsy in terms of usability, but also restricts the security of the password manage-
ment solution by limiting the length of passwords that can be used to that which a user
is capable of correctly reading and typing during each authentication.
USB managers (e.g., RoboForm2Go [6]), being personal, offer a similar level of trust
as provided by phone managers. One potential advantage of a USB manager over phone
manager is that the password recalling process is automated. However, mobile phones
appear, at first glance, potentially more appealing to users. USB devices indeed do not
serve any additional purpose other than providing data storage, while mobile phones
are increasingly playing the role of a “digital swiss army knife.”
Strong authentication in existing passwords managers is achieved through the use
of randomly generated password strings. Most existing solutions provide users with
the option of either storing their pre-existing, non-random credentials or generating
new random passwords at registration time. If existing passwords are stored then the
solution does not provide any measure of additional security, only the convenience of
password recall.
Search WWH ::
Custom Search