This post is motivated by Aaron Toponce’s comment on my previous article on the release of SynthPass. Rather than giving a short reply, I decided this was the opportunity to explain certain features of my recently released SynthPass password generator. In essence, the comment said that password generators will never be appealing to consumers because of certain flaws emanating from their very nature, which are aptly described in this article, entitled “4 fatal flaws in deterministic password managers,” published November 2016 in Tony Arcieri’s blog.
These are the flaws that Tony Arcieri thinks will never allow vaultless password “generators” to go mainstream, as opposed to password managers that do store secrets in an encrypted “vault”:
- They cannot accommodate varying password policies without keeping state.
- They cannot handle revocation of exposed passwords without keeping state.
- They can’t store existing secrets.
- Exposure of the master password alone exposes all of your site passwords.
Let me start by saying that I mostly agree to these criticisms, and this is why SynthPass is different from the rest of the password generators. I’ll go through each criticism in sequence.
- SynthPass accommodates varying password policies because it does keep state. In other words, the other password generators store nothing, whether secret or not secret, but SynthPass does use storage for non-secret information, such as password length. SynthPass has an optional input for password length, which also can tell the app to generate a password composed entirely of numbers (by prefacing the numerical length with the word “pin”). This field is kept in sync storage so that users can go to a different computer, log into Chrome or Firefox, as the case may be, so that the field is filled automatically for each website. At present, I have not felt the need to add more options such as “smallcase only” or “no special characters” because it seems that very few websites have rules like that anymore, but I’ll be able to add those really easily if there is demand. They will be remembered as well. Storing this kind of information unencrypted is not a security risk because it is publicly available from the websites.
- SynthPass also remembers the optional “serial” used to vary the generated password without changing the Master Password, while the other generators that use this method (Master Password and FlyPass, for instance) do not. I can’t agree any more with Tony when he says that users should not be forced to remember this piece of data, which might be changing fairly frequently on a regular schedule or because of exposure. Since the security of the generated password lies in the Master Password, not the serial, it is safe to store the serial, unencrypted, in sync storage. It is filled automatically for each website visited.
- But no, SynthPass won’t store existing secrets, and my reply to Tony is “why should it?” Regular password managers ordinarily allow users to store secrets unrelated to logins, such as credit card info and so forth. They do that as a freebie since they are already have an encrypted storage area where those items can go without major hassle. But there are apps that do this much better than password managers. TrueCrypt, for instance, will secure not only short pieces of text, but also images, files, and entire folders if necessary. If you have Dropbox, you have this already, plus seamless backup and past version recovery. Adding encrypted storage to a password generator just for the sake of a few small pieces of data unrelated to logins seems to me a waste of time at best. Get a real encryption app, and you’ll do a lot better. And no, password managers don’t do well storing login-related extra info such as your pet’s name; they do store it, but they also have a frightening tendency to mistake it for your password, with nefarious consequences.
- Exposing SynthPass’s Master Password will expose all your logins, whereas the same accident in a storage-based manager won’t do this. In this I agree with Tony, but let’s think a bit about what is going on. The reason why a Master Password exposure is not fatal for a password manager is that hackers still won’t be able to get your passwords because they don’t have the encrypted vault; then you can change your Master, re-encrypt the vault, and you’re fine. The vault functions as the “something you have” component of a two-factor scheme. The scheme does not come free, however, since now you have to secure the vault, keep it from corruption, and sync it across devices. You’ll get comparable security from switching to a two-factor login on the websites that support it, even with an “insecure” password generator, at a fraction of the hassle.
- SynthPass also remembers user ID’s through sync storage. It is quite hard to remember those for websites that are not visited often, so SynthPass stores them if you write them in the appropriate box. This information is more confidential than the password length and is stored without encryption, but on the other hand retrieving it requires you to log into the browser, which provides a mild two-factor sort of security. User ID’s are not considered secret, anyway, so I thought the convenience of having SynthPass store them outweighed the slight impact on security.
- SynthPass enters a special mode when presented with a “change password” page. In this mode, there are several inputs for Master Password and serial, matching those on the page. Changing a password is as simple as writing a new serial in the corresponding box. Password managers typically don’t react well to this special situation, and they limit themselves to storing the new password in place of the old one, which often they do wrong and always without giving proper feedback to the user. Generators don’t react to this situation at all.
- SynthPass is smart about differing website URLs, so that it does not make a different password if a user happens to be directed to a different login page for the same website. Managers are notorious for storing different entries if the login page is different in any way, resulting in old passwords that won’t go away (I’m looking at you, 1Password) or new passwords that won’t “take.”
- SynthPass is smarter when it comes to generating website passwords. Managers and all other generators make passwords using a single strength setting. SynthPass, on the other hand, uses a variable-strength generation algorithm named WiseHash, based on industry-standard SCRYPT and a dictionary-based measurement of Master Password entropy. This means that SynthPass is fast when your Master is strong, and slow when it is weak, rather than fast or slow all the time. Hackers trying to guess your Master have to spend huge amounts of computer time checking bad Master Passwords that likely you won’t use, or else risk missing them.