Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Extracting Secrets from Locked Password Managers

RSA Conference via YouTube

Overview

Explore the security vulnerabilities of popular password managers in this 41-minute RSA Conference talk. Dive into the intricacies of how master passwords and stored secrets are handled during different states of password manager operation, including when logged out or locked. Examine the anatomy of password managers, their workflow, and terminology. Analyze security guarantees in various states such as "Not Running" and "Running:Unlocked." Witness demonstrations of attacks on password managers in different states, including a specific demo attack on 1Password in the "Running:Locked" state. Learn about a Windows bug discovery affecting LastPass and its mitigation. Gain insights into applying this knowledge for improved security practices and understand the implications for future password manager development.

Syllabus

Intro
Agenda
Background
Password Manager Research Timeline
Anatomy of a Password Manager
Workflow Overview
Password Manager Terminology
Password Manager States
"Not Running" State Security Guarantees
"Running:Unlocked" State Security Guarantees
Attacks on "Not Running" Password Managers
Attacks on "Running:Locked" Password Managers
Demo Attack - Running:Locked (1Password)
Windows Bug Discovery
LastPass (Windows bug mitigation)
Mitigation is helpful (for us)
Attacks on "Running:Unlocked" Password Managers
Attacks on "Running:Unlocked" Summary
Apply What You Have Learned Today/Going Forward
RSAConference 2020

Taught by

RSA Conference

Reviews

Start your review of Extracting Secrets from Locked Password Managers

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.