Lastpass customer vaults taken in last attack.

[britechguy]

I agree with you.

And I agree with your follow-up observations about reality.

But it's the lack of taking into consideration factors that have been at play for a very long time now that falls solely on the end user's shoulders. I expect a lot of stupidity (or, often, ignorance rather than true stupidity) from your random residential customer. But someone who's at the head of any important, high-value, entity absolutely must be expected to know better and take appropriate action.

Hence my earlier statement about that demographic: I flat out refuse to give anyone a pass on this anymore. These issues are not new news.

Lack of circumspection and taking appropriate preventive measures ends up with entirely predictable, and deserved, results. What I ask for is a lot less than what a number of other members here expect. Yet just taking very simple measures gets rid of the vast majority of your risk. Those in positions of responsibility have to know this, but choose it ignore it. I really don't know how anyone could possibly believe, "It won't happen to me," in terms of possibly being hacked/socially engineered or having storage media fail. The former is constantly in the news and the latter has happened, if not to an individual personally, more than enough in their respective spheres to know it happens, and unpredictably.

Actions, or lack thereof, have consequences. We say that to kids, and should not have to say it to adults in positions of responsibility.

 

[britechguy]

Password crackers now have more power available to increase the speed of their operation so many of those checker websites are giving a false sense of security.

I really disagree. But if you want to use a very, very conservative strength calculator then use the Bitwarden Password Strength Testing Tool. For one of my 15-character portmanteau passwords, here are the strength results:

Bitwarden: Strong, 3 years to crack

PMDN Password Checker: Good (This site would probably be a choice equal to or better than Bitwarden. It gives estimates based on 4 types of cracking attempt: online throttling, online no throttling, offline slow, offline fast. I get a "centuries" result for both online types, 3 years for offline slow, and 2 minutes for offline fast. An explanation of what they mean by each type is given on the page. Additional details, including test details, can be examined).

Security.org's "How Secure is My Password?" Tester: Strong, 15 billion years

University of Illinois at Chicago (also has great detailed analysis): Very Strong (they don't give crack time estimates)

Comparitech.com Test Your Password Strength: 63 billion years

ID Strong Password Strength Checker: Very strong

The Password Meter: Very strong (gives a report very similar to the one given on the University of Illinois at Chicago site)

 

[Larry Sabo]

I wonder how secure all these PW testing sites are. Providing my master password to any such site would make me feel insecure, lest some residual cache gets leaked/pwned.

 

[britechguy]

Providing my master password to any such site would make me feel insecure, lest some residual cache gets leaked/pwned.

Almost all of them make the point that they actually operate locally with nothing going out to the net. But if you don't want to use your actual password, create another that uses the exact same structure, as that is what's examined. And if you use a real word of the same length, and in the same relative position, when making up the replacement.

For example, 235Birds*1 could be substituted with 389Plums&2 and the results should be very, very similar indeed.

 

[nlinecomputers]

and 2 minutes for offline fast.

That's the key. How much hardware do you have to have to achieve that? It may be less than you think.

 

[britechguy]

That's the key. How much hardware do you have to have to achieve that? It may be less than you think.

Perhaps. But if it's that easy, and available, we would have been utterly doomed (functionally, every single day) with passwords years ago. But we're not. Strong ones still seem to be the best "first level" of security, backed up with things such as 2FA.

If it were easy, high value targets would be falling far more often than they have/do.

What's funny is that the Bitwarden checker and PMDN both use a tool/method called zxcvbn as their primary analysis method, and both come up with the same figures as a result. Bitwarden chooses to report the Offline Slow value. That alone tells me that this is almost assuredly the worst case current real-world-probable case. And if you read the presumptions that PMDN makes clear about what's needed for each of the four conditions, I agree with the folks at Bitwarden that this is likely the "worst case" case. Offline fast just isn't happening, yet, and probably won't be anytime soon, either.

Addendum: Using the following string - I1Think2That3Estimates4 - as the root of a password, is enough to have everything except "Offline Fast" be centuries at PMDN, and adding a single character afterward turns "Offline Fast" to centuries, too. Without it, it's 2 years. It's not all that difficult to have a passphrase of 3 or 4 words, with numbers, that you can if most, not all, of it is fixed. Using "IThinkThatEstimates1234" instead is even easier to remember, and changes Fast Offline to 11 hours. With but one additional character, that becomes 1 month, and with 2 additional characters, 8 months, 3 characters, years. Shorter passwords that are not a concatenated string of words, followed by numbers, are even more secure. I'm still not losing sleep at night even though many of my passwords would die a quick death if Offline Fast were to become a practical reality in common use. For all other conditions, years is the minimum.

 

[nlinecomputers]

If it were easy, high value targets would be falling far more often than they have/do.

Except that the bad guys don’t often get the chance to attack encryption storage directly. Most servers don’t allow more than a handful of login attempts. A few places have had hash files stolen, including ironically LastPass in 2015, but that’s only useful if you don’t change your password. This opportunity to attack a encrypted blob until you succeed is unprecedented. There will be a few successful decryptions.

 

[britechguy]

There will be a few successful decryptions.

About which I have no doubt. What good they'll do for the thieves by the time this happens, I really don't know. But I strongly suspect it will be in the "not freakin' much" category.

The big picture, as things currently exist, is that this is not something worth panicking about. Take reasonable precautions for your high-value passwords in your vault, if it was stolen, and you're almost certainly golden. I don't use LastPass, but if I did, and my vault was stolen, my banking, credit, Amazon (anything where people can steal/spend my money) and Google account passwords would all have been changed by now. I'd not bother changing the password for my Kroger app account, as but one example. Certain things really aren't worth making much of any effort to protect, but we give them passwords because it's part of signing up. I'd gladly venture the guess that most people's password vaults are composed of way more accounts that fall into the "aren't worth making much of any effort to protect" entries.

To me, the biggest issue in this incident (and a number before them) is lack of timely transparency. And that's why people are running away from LastPass. For those of us subject to earlier (and, very different) breaches like Anthem, Equifax, and similar don't have the option to "run away" from those entities, and their behavior was no better in regard to timely transparency.

 

[alexsmith2709]

zxcvbn's "offline slow" bases it calculations on 10,000 hashes/sec.
A recent test using a RTX 4090 has the result:

----------------------------------------------------------------
* Hash-Mode 6800 (LastPass + LastPass sniffed) [Iterations: 499]
----------------------------------------------------------------

Speed.#1.........: 17066.6 kH/s (45.49ms) @ Accel:64 Loops:124 Thr:512 Vec:1

Now, lastpass now use 100,100 iterations. If you divide 17066.6 kH/s by 200 (100,100 divided by 499) that rate goes down to 85 kH/s (85,000 hashes/sec).

Now, this rate depends on a lot of factors, but im saying this to show how technology is advancing. zxvbn was last updated in 2017 and im sure 10,000 hashes per second was a good estimate back then for offline slow, but now it isnt. You can now reduce your "century" down to 12 years, which is still a long time and not feasible. The above results were using 1 RTX 4090, add a few in and the time is reduced even further.

A bruteforce attack (without any sort of masking) will take significantly longer and still not realistic (yet) for a strong password.

We all agree, using strong passwords means you're most likely safe, but technology is advancing quickly and those password checkers are out of date so if your password shows only a couple of years, then that is really down to days/hours now.

 

[timeshifter]

Now, lastpass now use 100,100 iterations.

Not necessarily. They've gone from 1, to 500, 5,000 then 100,100. Not all users were upgraded. Some are still at 1, 500 or 5,000.

 

[Sky-Knight]

Yeah, lastpass's fault wasn't keeping up, it was failing to enforce their paying customers to keep up.

 

[britechguy]

it was failing to enforce their paying customers to keep up.

But that's not their job, really. They were supposed to be secure storage for passwords, not the password nanny.

I don't want my password manager forcing me to "do the right thing" in all cases because many cases don't warrant much effort or protection, as I've noted. Suggesting, encouraging, creating strong passwords if you use their generator - sure - but if I'm typing my own what I type is what goes.

In the final analysis, end users should, nay, must, take responsibility for their choices.

 

[nlinecomputers]

But that's not their job, really. They were supposed to be secure storage for passwords, not the password nanny.

I don't want my password manager forcing me to "do the right thing" in all cases because many cases don't warrant much effort or protection, as I've noted. Suggesting, encouraging, creating strong passwords if you use their generator - sure - but if I'm typing my own what I type is what goes.

In the final analysis, end users should, nay, must, take responsibility for their choices.

Iterations are not the password nanny. That is the backend technology behind the encryption used. If that technology falters I expect any Password manager to upgrade everyone automatically to the new standard. The end user shouldn't have to do anything. It should just be done for them. Yesterday we had 5000 iterations and today it upgraded to 100,100.

And honestly, password minimums are a part of that. So yes it should have FORCED the end users to pick better passwords so that the service provided can actually work.

 

[Sky-Knight]

But that's not their job, really. They were supposed to be secure storage for passwords, not the password nanny.

I don't want my password manager forcing me to "do the right thing" in all cases because many cases don't warrant much effort or protection, as I've noted. Suggesting, encouraging, creating strong passwords if you use their generator - sure - but if I'm typing my own what I type is what goes.

In the final analysis, end users should, nay, must, take responsibility for their choices.

You cannot be a secure storage for passwords, if your technology is weakened by a bad master password or low iteration count. The latter is rough because the higher it goes the more CPU you need to get into a vault, and this directly impacts performance on phones.

And no, users do not get a choice here because they consistently choose to be stupid. Then when an issue happens, they sue. So for any company selling "Security" they make the call for you. If you do not like this reality, don't use the security product and have fun getting your world taken apart by a bot.

 

[britechguy]

I read that original comment as referring to individual passwords that customers use, NOT the password strength required for the vault itself. I agree that this is something that should be enforced as necessary for adequate, not ultimate, security, and what constitutes adequate can change over time, and forcing an update to a password with newer minimum criteria should be enforced for vault passwords, too.

 

[nlinecomputers]