Evaluation of Professional Cloud Password Management Tools

  • Daniel Schougaard
  • Nicola Dragoni
  • Angelo Spognardi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9881)

Abstract

Strong passwords have been preached since decades. However, lot of the regular users of IT systems resort to simple and repetitive passwords, especially nowadays in the “service era”. To help alleviate this problem, a new class of software grew popular: password managers. Since their introduction, password managers have slowly been migrating into the cloud. In this paper we review and analyze current professional password managers in the cloud. We discuss several functional and non-functional requirements to evaluate existing solutions and we sum up their strengths and weaknesses. The main conclusion is that a silver bullet solution is not available yet and that this type of tools still deserve a significant research effort from the privacy and security community.

References

  1. 1.
    Amico, M.D., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: 2010 Proceedings of INFOCOM, pp. 1–9. IEEE, March 2010Google Scholar
  2. 2.
    Brugger, R.: Simplevault - password manager. http://simplevault.sourceforge.net/. Accessed 09 Dec 2016
  3. 3.
    Crypton: Encryptr - powered by crypton. https://crypton.io. Accessed 05 Dec 2016
  4. 4.
    Devgeeks: About encryptr - powered by crypton. https://encryptr.org/#about. Accessed 05 Dec 2016
  5. 5.
    Devgeeks: Add server software for self-hosting. issue #156 spideroak/encryptr. https://github.com/SpiderOak/Encryptr/issues/156. Accessed 05 Dec 2016
  6. 6.
    Devgeeks: Crypton - build private applications. https://encryptr.org. Accessed 05 Dec 2016
  7. 7.
    Hall, D.: RatticDB. http://www.ratticdb.org. Accessed 05 Dec 2016
  8. 8.
    KeePass: Keepass. http://keepass.info/help/base/security.html. Accessed 05 Dec 2016
  9. 9.
    LastPass: Bookmarklets — user manual. https://helpdesk.lastpass.com/bookmarklets/. Accessed 10 Dec 2016
  10. 10.
    LastPass: How it works — lastpass. https://lastpass.com/how-it-works/. Accessed 10 Dec 2016
  11. 11.
    Laumaill, N.: Teampass. http://teampass.net/. Accessed 07 Jan 2016
  12. 12.
    Li, Z., He, W., Akhawe, D., Song, D.: The emperors new password manager: security analysis of web-based password managers. Technical report, University of California, Berkely (2014)Google Scholar
  13. 13.
    Ltd., H.P.: Frequently asked questions. https://www.simplesafe.net/faqs/. Accessed 08 Dec 2016
  14. 14.
    Ltd., H.P.: Team password management — simplesafe - self-hosted password sharing. https://www.simplesafe.net/. Accessed 08 Dec 2016
  15. 15.
    Ltd., Z.C.P.: Password manager, password management software - Zoho vault. https://www.zoho.com/vault/. Accessed 05 Dec 2016
  16. 16.
    Ltd., Z.C.P.: Secure sharing of secrets. https://www.zoho.com/vault/secure-sharing-of-secrets.html. Accessed 05 Dec 2016
  17. 17.
    Passwordstate: Enterprise password management with passwordstate. http://www.clickstudios.com.au/. Accessed 08 Dec 2016
  18. 18.
    Passwordstate: Secure code, secure data. http://www.clickstudios.com.au/about/secure-code-data.html. Accessed 08 Dec 2016
  19. 19.
    Pedersen, C., Dahl, D.: Crypton: Zero-knowledge application framework. Technical report, SpiderOak. https://crypton.io/crypton.pdf. Accessed 01 Sep 2016
  20. 20.
    Pressman, R.: Software Engineering: A Practitioner’s Approach. McGraw-Hill higher education, New York (2005)Google Scholar
  21. 21.
    Primepix, Konfeta: Team password manager. collaboration and password sharing, API, hostable version. https://passwork.me/. Accessed 05 Dec 2015
  22. 22.
    RightClick: Collaborative password manager & file storage. https://www.vaultier.org. Accessed 17 Dec 2015
  23. 23.
    RightClick: rclick / vaultier — gitlab. http://git.rclick.cz/rclick/vaultier. Accessed 17 Dec 2015
  24. 24.
    Siber Systems, I.: World’s best password manager. http://www.roboform.com/. Accessed 05 Dec 2015
  25. 25.
    Siegrist, J.: Lastpass security notice. https://blog.lastpass.com/2015/06/lastpass-security-notice.html/. Accessed 05 Dec 2015
  26. 26.
    TeamPasswordManager: Secure sharing of secrets. http://teampasswordmanager.com/. Accessed 05 Dec 2015
  27. 27.
    Zhao, R., Yue, C.: All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013). ACM (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Daniel Schougaard
    • 1
  • Nicola Dragoni
    • 1
    • 2
  • Angelo Spognardi
    • 1
  1. 1.DTU ComputeTechnical University of DenmarkLyngbyDenmark
  2. 2.Centre for Applied Autonomous Sensor SystemsÖrebro UniversityÖrebroSweden

Personalised recommendations