LastPass Forums

[jpenny84]

It's convoluted, but they can create a custom notes template with a bunch of fields that can be copied, and just have each password character in them. Just be aware that custom templates cannot be edited or deleted at this time, so be careful with prototypes.

https://blog.lastpass.com/2016/07/diy-w ... ates.html/

[ShawnElseworth]

The proof is that if they are selecting any arbitrary/random character from your password to compare against the unencrypted value, then they *must* have knowledge of your actual password value.

Is that for sure? When I checked one of the sites it seemed to me that character length is limited.
Couldn't they simply store each character on its own encrypted and then compare the entered value one by one?
I don't know if that would work, it is just an idea.

But even if not, I am proposing this feature. As I have a 2 sites that as for login, password plus random characters from a stored password. So for that case login and password security is intact and the 3rd credential is what makes logging in so annoying.

Furthermore, if Lastpass does not support this request, what does it mean? Instead of automatically logging in and be safe from prying eyes, I have to make my password be visible instead of dotted, count the required characters and enter them manually. This exposes my complete password which should never be the case for random character password. So by not implementing this feature for "security" reason Lastpass is putting their users on a different security risk.

[jonat]

If they can check individual characters of your password, they must have a way of recreating your password. This means at best encryption using a shared key and not hashing. With hashing, there is no way to reconstruct the password from the hash - this is the secure method. (Assuming use of a good hash algorithm properly implemented.) Even if they have encrypted your password, it can be decrypted - either by them or by a hacker who obtains the common key.

[ShawnElseworth]

If they can check individual characters of your password, they must have a way of recreating your password. This means at best encryption using a shared key and not hashing. With hashing, there is no way to reconstruct the password from the hash - this is the secure method. (Assuming use of a good hash algorithm properly implemented.) Even if they have encrypted your password, it can be decrypted - either by them or by a hacker who obtains the common key.

I think I meant it differently. What if they don't store your complete password for comparison, but only hashes for each of the characters? Maybe even salted with your username or something.
Could they then be able to compare hashes per character without being able to decrypt? The way it looks like you never need the full password to log in but also at least for one site your password can not be retrieved if you lost it, you can only generate a new one.
So to me this looks that the bank does not have access to the clear text password.

[mike808137]

So to me this looks that the bank does not have access to the clear text password.

I think you give far too much credit to the capabilities of ALL of these banks individual application developers security expertise, as well as assuming, with no evidence whatsoever, that they a) have done something like what you describe, and b) have done so with rigorous secuirty evaluation, review, and testing, c) have correctly implemented the mechanism with zero defects, and d) have the testing/audit logs by an independent security review entity to prove it.

Sorry, I've seen far too many "not invented here", security through obscurity, and egotistical crypto dillettante wannabes in my experience to think that what you describe is anywhere close to the possible "floor" of expectation when it comes to security, and in particular, bank security. And to be blunt, Europe in particular is full of that SDLC culture, in my experience.

Chopping up your password and encrypting it one character at a time is still encrypting it. And anything that can be encrypted, can be decrypted. If I have a test for each individual character of your password, then I have a way to "decode" your password, one character at a time, as a simple matter of provable fact.

And you've offered no guarantees or even a way to evaluate th "correctness" of whatever home-cooked sooper-dooper-secret-sauce method the web developer has cooked up. And you certainly cannot point to any public peer-reviewed mechanisms or standards defining such a mechanism. Which does not bode well for whatever imaginary "security" such an undisclosed method claims to correctly implement.

If the idea is that you are to provide some identifier verification, then it should not be confused with authentication or require in any way, the possession of a value that only you possess, in any form, encrypted or spread about in split knowledge.

This is also the reason I have very, very significant and sincere reservations about why LastPass, by design, requires that the same password used to access the LastPass website and download your vault MUST also be the same as the password you use to decrypt your vault. That decision is such a poor security decision, it seriously strains the credulity of every single one of the other security claims made by LastPass. That concept of privileged action should NEVER be overloaded with the same credential you use for some lesser security activity. That's security 101, and IMO, LP really misses the mark on that one.

[jonat]

Just to be clear, mike808137 is quoting ShawnElseworth, not me.

However, mike is incorrect regarding how LastPass works. The authentication key for downloading and the encryption key are different, though both are derived locally from the master password. One can't be turned into the other.

[ShawnElseworth]

So to me this looks that the bank does not have access to the clear text password.

I think you give far too much credit to the capabilities of ALL of these banks individual application developers security expertise, as well as assuming, with no evidence whatsoever, that they a) have done something like what you describe, and b) have done so with rigorous secuirty evaluation, review, and testing, c) have correctly implemented the mechanism with zero defects, and d) have the testing/audit logs by an independent security review entity to prove it.

Sorry, I've seen far too many "not invented here", security through obscurity, and egotistical crypto dillettante wannabes in my experience to think that what you describe is anywhere close to the possible "floor" of expectation when it comes to security, and in particular, bank security. And to be blunt, Europe in particular is full of that SDLC culture, in my experience.

Chopping up your password and encrypting it one character at a time is still encrypting it. And anything that can be encrypted, can be decrypted. If I have a test for each individual character of your password, then I have a way to "decode" your password, one character at a time, as a simple matter of provable fact.

And you've offered no guarantees or even a way to evaluate th "correctness" of whatever home-cooked sooper-dooper-secret-sauce method the web developer has cooked up. And you certainly cannot point to any public peer-reviewed mechanisms or standards defining such a mechanism. Which does not bode well for whatever imaginary "security" such an undisclosed method claims to correctly implement.

If the idea is that you are to provide some identifier verification, then it should not be confused with authentication or require in any way, the possession of a value that only you possess, in any form, encrypted or spread about in split knowledge.

This is also the reason I have very, very significant and sincere reservations about why LastPass, by design, requires that the same password used to access the LastPass website and download your vault MUST also be the same as the password you use to decrypt your vault. That decision is such a poor security decision, it seriously strains the credulity of every single one of the other security claims made by LastPass. That concept of privileged action should NEVER be overloaded with the same credential you use for some lesser security activity. That's security 101, and IMO, LP really misses the mark on that one.

I really don't know if it helpful to discuss posssible flaws in security implementations, because it has nothing to do with the partial password challenge. In fact, you'd probably don't know for any website if their security implementation is as good as you want it to be.
But what Lastpass is saying and what you where saying is that partial password should not be implemented into Lastpass because the bank has to store the password in plain text. And I don't see a reason why this gets mixed up. From my believe it is not LastPass' business to judge about the security implementation of the websites I am using. Their business is to provide me with a tool so that I can store my passwords in a secure way and enter them securely and conveniently anywhere I want.

According to the statemant that the bank or website or whatever has to store the password in plaintext, I even don't think it is correct. According to http://groups.inf.ed.ac.uk/security/passwords/pps.pdf

To support the partial protocol the implementation will need to either store plain-text for the password, or devise a mechanism for performing one-way checks on all combinations that might be queried (which can be a large number for long passwords).

So there seem to be ways around plain text storage and we just don't know if the banks do it this way. Just for the record: I don't give the menioned site any credit, I just noted the indicators (short password and no way the retrieve a forgotten password) that they might not store it as plain text.

As said before and as laid out in the paper some banks do have this partial security challenge only for a 2nd secure password, so that there is login, 1st password and 2nd partial password which in any case does not weaken the security aspect. Even if they store the the partial password in a reversible mode. So I don't see any reason for LastPass to deny a convenient way to enter these kind challenge without having to fully disclose the partial password which is also mentioned as why partial challenge as only option is a really bad idea.

[Jessie31]

And yet another vote. An option to display the password with index numbers would be handy, if auto-fill can't be made to work reliably.

Something like this (in a mono-spaced font):

Passw0rdhere!?
1234567890123

[boz]

I noted someone said it is only part of the login, in that you have to provide your full password in one place and then in some other place, they only ask you for some random character(s) from the password you entered earlier.

I'm not sure that's of any actual security benefit - if the bad guys already know your entire password, they can certainly enter the partial characters any other time. It is also trivially provable that they MUST BE STORING A DIRECT COPY YOUR PASSWORD - one that can be STOLEN and COPIED WITHOUT THEIR KNOWLEDGE. That's the entire point of a password breach.

I think there's some misunderstanding here. They don't ask for a complete password and then random characters from the same password.

Nationwide ask for
1) customer number
2) one of 6 predefined memorable data (names, places, dates) - can be any of the 6 and the same one can be used all the time
3) 3 random digits from a 6 digit passnumber. This is also asked for when phoning them so I assume the random digits is so the advisor doesn't need to know the full passnumber. (It has been a long time since I needed to phone them so I could be wrong but I think I remember being asked for 3 random digits)

The co-operative bank uses something similar
1) Username
2) password
3) 2 random digits from a 6 digit code

Capital One asks for:
1) username
3) random characters from a password

[Elusien]

This is a very common requirement for UK financial institution websites. I was hoping to move from Keepass, which has this feature, to Lastpass. But if Lastpass does not support this it is not viable for my requirements and i'll stick with Keepass Their implementation of this is called '{Pickchars}' (Google it) and is easy to use, requiring you just to click on the numbers for the character positions being requested on a pop-up.