The news about LastPass hack broke recently. If the user had strong password, the password is not brute-forcable. However dictionary passwords along with passwords that are guessable with mutation and Markov chains can be broken up to length of 12 characters on one GPU even though LastPass’s key derivation function (KDF) using 100000 iterations. This means that if the attacker can crack user’s simple password, the attacker can download the encrypted blob containing passwords from LastPass and use the cracked password to decrypt them. The weakest link here is the password strength.
But what are other options if we want to manage passwords ourselves and optionally sync encrypted password to server of own choosing? We focus on multiplatform tools as they are their usability is higher.
There are tons of password managers, but once you require ability to work on multiple platforms, only a few remain.
Software password managers
KeePass 2 comes close enough to our requirements, but needs Mono on non-Windows platforms. It has capability to import passwords from many formats and synchronization built in (though some of its functionality depends on plugins that are not portable). By default 6000 rounds are used for deriving key from password.
KeePassX + git/dropbox
KeepassX is probably one of the best multiplatform managers. It supports serveral formats for password import, albeit not as many as KeePass. Nevertheless you have to add the synchronization feature manually, either through dropbox, git or similar mechanism. Only one file needs to be synchronized (or one file per password database, if you have more databases).
I’d prefer git as synchronization because it gives you history, you can choose your own server(s) and has conflict resolution abilities in case there is conflict. With git you can sign tags over the commits to know no one else modified them. Dropbox would be for simpler developments (“works out of the box”).
Note: you should use very strong password in case an attacker gets a copy of the encrypted password file from server (not unlike the LastPass case).
Password store is based on an idea of encrypting with gpg locally and git syncing. At first it seems fine and simple, extendable e.g. to more complex GUI apps. However, I didn’t like the “pass” shell-script, so I tried to use GUI application QtPass, the Qt wrapper of “pass”. I couldn’t make the Qt app work (gpg complained that given public key cannot be encrypted to, etc.).
I don’t know about the usability and quality of the other apps (Android/iOS ones). It might suit you if you like command-line tools.
One advantage of using gpg to locally encrypt the password file is that even if attacker gets the encrypted file from a server, the key can’t be bruteforced.
Hardware password managers
There’s couple of them if you search the web. None of them is multiplatform, except for a few “vaporware” (nonexistent) ones. Some of them have weird features like self-delete after a few unsuccessful attempts to provide master password – which I’d guess makes it more easy to lock yourself out.
The main advantage of hardware password manager is that even computer infected with malware cannot dump all of the passwords from memory once the encrypted password file is opened.
TrezorPass + git/dropbox
I wrote this password manager because I was unsatisfied by existing solutions. In theory the design should be safer than pure-software password managers (but in practice it would need audit). It’s beta software and the GUI could use some polishing. As an extra bonus, the password manager software along with the firmware of the token are open source.
How it works: you need Trezor token. Trezor will act like hardware token for encrypting and decrypting passwords. The encrypted passwords stay on local disk, not on Trezor (not enough space there). You can sync the encrypted password file with git or dropbox.
All encrypted passwords can be protected by PIN and/or passphrase. PIN can never be sniffed by malware because Trezor displays permuted PINpad.
Each time you need to decrypt a password, you request it from TrezorPass GUI, then acknowledge by pressing button physically on Trezor which will show you exactly which password you are going to decrypt. So malware can only sniff those passwords that you actually use on the infected machine, but not all of them (no way to protect against sniffing computer’s memory).
There’s also second RSA key whose private part is encrypted in the storage and to whose public part every password is encrypted to. It’s used as “export all” key and you should use this function only on malware-less computer for backup purposes. Also of course requires physical confirmation on Trezor.