Extracting Secrets from Locked Password Managers

Explore the security vulnerabilities of popular password managers in this 41-minute RSA Conference talk. Dive into the intricacies of how master passwords and stored secrets are handled during different states of password manager operation, including when logged out or locked. Examine the anatomy of password managers, their workflow, and terminology. Analyze security guarantees in various states such as "Not Running" and "Running:Unlocked." Witness demonstrations of attacks on password managers in different states, including a specific demo attack on 1Password in the "Running:Locked" state. Learn about a Windows bug discovery affecting LastPass and its mitigation. Gain insights into applying this knowledge for improved security practices and understand the implications for future password manager development.

Intro
Agenda
Background
Password Manager Research Timeline
Anatomy of a Password Manager
Workflow Overview
Password Manager Terminology
Password Manager States
"Not Running" State Security Guarantees
"Running:Unlocked" State Security Guarantees
Attacks on "Not Running" Password Managers
Attacks on "Running:Locked" Password Managers
Demo Attack - Running:Locked (1Password)
Windows Bug Discovery
LastPass (Windows bug mitigation)
Mitigation is helpful (for us)
Attacks on "Running:Unlocked" Password Managers
Attacks on "Running:Unlocked" Summary
Apply What You Have Learned Today/Going Forward
RSAConference 2020