Are open-source password managers more secure? (2)

How do password managers protect our passwords?


Thousands of years ago, people started using codes and ciphers(cryptography) to protect secrets. Caesar cipher was one of the well-known classical ciphers, substituting one letter with another to encrypt a message.

Caesar cipher

Classical ciphers can be easily broken by brute-force attack or frequency analysis. Think about it letter e is the most common in English, so the most common letter in the ciphertext is very likely the letter e.

In the late 20 century, modern cryptography became the cornerstone of computer security. Crypto algorithms transform plaintext to ciphertext with a key by a bunch of complex computations. It is impossible to recover the plaintext from the ciphertext without the key, even though we know the algorithms exactly.

Password managers, built on cryptography, usually encrypt our passwords with a user-set master password. We explained how the second generation password managers protect our data in The Evolution of Password Manager. This diagram shows the essentials.

graph LR MasterPassword([master password]) --> PBKDF2(PBKDF2) --> key --> Cipher(AES) plaintext([account data]) --> Cipher --> ciphtertext[[ciphtertext]]

By using PBKDF2 or other key deriving functions, the confidentiality of key changes to the non-divulgence of master password. It is like putting our passwords in a strongbox(encrypted database) and the master password is the key to the strongbox.

Common mistakes

There are quite a lot of password manager apps in the market. But some developers, including some famous security companies and long-established password manager companies, do not grasp the crypto algorithms well or are incapable of designing suitable security measures. In 2016, TeamSik found many vulnerabilities in password manager apps. Regarding passwords encryption, some common mistakes are:

password managers vulnerabilities

Many password managers stored master passwords or used home-brewed crypto algorithms as stated in the first row, Master/PIN, and some hardcoded encryption keys according to the second row(Other rows are irrelevant).

Users should look into the security design of password managers when choosing one. The big names are not necessarily better.

Open-source password managers can help users audit whether the cipher implementations are correct. And we explained the algorithms to help more developers do it right.

Unlock factors

As we know now, second-generation password managers require two factors to unlock, master password and encrypted database.

Many password managers tell users that data are safe if we keep the master password secure. However, it is still possible to leak it in the real world:

Obviously, it is much safer to protect both the master password and the encrypted database.

Increasing unlock factors can improve security.

Though most password managers unlock with two factors, the master password and the encrypted database, KeePass can use a key file as the third factor, which helps significantly. We detailed how password managers increased security by using more unlock factors in The Evolution of Password Manager.

Some cloud-based password managers authenticate users by using 2FA. Since the second authentication factor is not for encryption, it is not a unlock factor mentioned in this article.

Threat models and attack surface

The more unlock factors, the more secure. Many password managers highlight the master password safety but neglect other unlock factors. Let's dig out the risks by analyzing threat models and attack surfaces.

Threat models are the potential risks of using a software. The threats or risks differ from person to person. Some might refuse to unlock their phones for their girlfriends, but others might share computers or even passwords on computers with family members.

The attack surface of a software environment is the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.

How password managers protect our passwords and unlock factors varies considerably under different circumstances.

Social circles

Most desktop, browser extension, and web password managers keep the unlocked state long after entering the master password. People in social circles, family members, friends, or colleagues may touch your computer and find the saved passwords.

Mobile password managers are much safer since mobile phones usually lock automatically for a short time. Using biometric authentication is much easier than entering the master password.

Image by Peggy und Marco Lachmann-Anke from Pixabay

Threat mitigation:

Malicious programs intrusion

Password managers store the encrypted database on the hard drive on desktop computers. It has an attack surface. Most programs, including malicious programs, can access them easily. Some malicious programs can even hijack keyboard input and steal the master password. Some desktop password managers can utilize complicated technology to make it harder. But many browser-extension password managers can do nothing. They are popular but very insecure.

Password managers for smartphones are much safer. Android and iOS enable app sandboxing; one app cannot directly access another app's internal storage. So malicious apps cannot read the encrypted database inside password managers. However, Android allows apps to store data in external storage where password managers, such as many KeePass ports, do save the encrypted database. That exposes an attack surface for bad apps. Moreover, your master password can leak if entered with a bad input method. It can be more dangerous if the input method can access external storage(many of them can).

Without sandbox vs with sandbox

Threat mitigation:

There are always vulnerabilities in Operating Systems. Some can be abused by malicious programs to get system privileges and bypass the sandbox. In this case, they can steal encrypted databases inside the app's internal storage. We'd better install security updates in time.

Device loss

What if I lose my device? If a bad guy gets your device, he or she needs to unlock your device and then enter the master password to get your passwords. However, external storage is accessible via cable on some Android systems when locked. It is risky to save encrypted databases there.

Threat mitigation:

To reduce risk, we should set complex or strong device PIN and master password.


Cloud-based password managers sync the encrypted database over the Internet. Even some offline password managers, such as Enpass, use the Internet too. When using the Internet, many threats are considerable:

Users can hardly know what data apps send to and receive from the Internet. It is impossible to evaluate the risks.

Networking, a very opaque IO, discloses a huge attack surface. It is Pandora's box with every possibility.


Cloud-based password managers store all users' encrypted databases on the cloud side. The cloud is a honey pot for Winnie and hackers. And there is also no guarantee that the inside employees, who have access to cloud data, will ever think about profiting from the data.

LastPass Hacked: How to Protect Yourself as Company Confirms Breach
LastPass Hacked: How to Protect Yourself as Company Confirms Breach

Password manager companies can be hacked, just like other cloud services. If the encrypted databases get stolen, there is only one factor left to rescue -- the master password.


Crypto algorithms are marketed as "military" secure by many password managers. But it is only the cornerstone of confidentiality, and most password managers use the same AES crypto algorithm.

Some password manager developers, including some famous security companies with a good master of viruses, firewalls or VPNs, etc., do not know the data security technology. They cannot protect passwords well. Some even store master passwords, which is very wrong.

However, "military security" algorithms do not necessarily ensure data safety. The security design is much more critical. Besides the crypto algorithm, we should consider more on:

To put it simply, the more unlock factors, the more secure. And each factor must be protected.

No password manager can meet all user requirements and mitigate all threats perfectly without any attack surface, without exposing any unlock factor. It is a paradox!

good, cheap, fast

boy paradox

When choosing a password manager, we should figure out what threats we care about most. Ensure your password manager mitigates those threats with minimal attack surface and unlock factor exposure.

Open-source password managers give us a sight of the implementation. But we should focus more on its security design and ensure it minimizes the threats.

Previous: Are open-source password managers more secure? (1)