Web users are confronted with the daunting challenges of managing more and more passwords to protect their valuable assets on different online services. Password manager is one of the most popular solutions designed to address such challenges by saving users' passwords and later auto-filling the login formson behalf of users. All the major browser vendors have provided password manager as a built-in feature; third-party vendors have also provided many password managers. In this paper, we analyze the security of two very popular commercial password managers: LastPass and RoboForm. Both of them are Browser and Cloud based Password Managers (BCPMs), and both of them have millions of active users worldwide. We investigate the security design and implementation of these two BCPMs with the focus on their underlying cryptographic mechanisms. We identify several critical, high, and medium risk level vulnerabilities that could be exploited bydifferent types of attackers to break the security of these two BCPMs. Moreover, we provide some general suggestions to help improve the security design of these and similar BCPMs. We hope our analysis and suggestions could also be valuable to other cloud-baseddata security products and research.

bibitem{Bonneau_SP_12}

J.~Bonneau, C.~Herley, P.~C. van Oorschot, and F.~Stajano, ``The quest to

replace passwords: A framework for comparative evaluation of web

authentication schemes,'' in emph{Proc. of IEEE Symposium on Security and

Privacy}, 2012.

bibitem{Herley_J_SP_2012}

C.~Herley and P.~C. van Oorschot, ``A research agenda acknowledging the

persistence of passwords,'' emph{IEEE Security {&} Privacy}, vol.~10,

no.~1, pp. 28--36, 2012.

bibitem{Herley_FC_2009}

C.~Herley, P.~C. van Oorschot, and A.~S. Patrick, ``Passwords: If we're so

smart, why are we still using them?'' in emph{Proc. of FC}, 2009.

bibitem{Adams_CommunACM_1999}

A.~Adams and M.~A. Sasse, ``Users are not the enemy,'' emph{Commun. ACM},

vol.~42, no.~12, pp. 40--46, 1999.

bibitem{Feldmeier_CRYPTO_1989}

D.~C. Feldmeier and P.~R. Karn, ``Unix password security -- ten years later,''

in emph{Proc. of CRYPTO}, 1989.

bibitem{Komanduri_CHI11}

S.~Komanduri, R.~Shay, P.~G. Kelley, M.~L. Mazurek, L.~Bauer, N.~Christin,

L.~F. Cranor, and S.~Egelman, ``Of passwords and people: {M}easuring the

effect of password-composition policies,'' in emph{Proc. of CHI}, 2011.

bibitem{Yan_Memorability_2004}

J.~Yan, A.~Blackwell, R.~Anderson, and A.~Grant, ``Password memorability and

security: Empirical results,'' emph{IEEE Security and Privacy}, vol.~2,

no.~5, pp. 25--31, 2004.

bibitem{Jakobsson_Myers_Book}

M.~Jakobsson and S.~Myers, emph{{Phishing and Countermeasures: Understanding

the Increasing Problem of Electronic Identity Theft}}.hskip 1em plus 0.5em

minus 0.4emrelax Wiley-Interscience, ISBN 0-471-78245-9, 2006.

bibitem{Dhamija_CHI_2006}

{Rachna Dhamija and J.D.Tygar and Marti Hearst}, ``Why phishing works,'' in

emph{Proc. of CHI}, 2006.

bibitem{YUE_TOIT_2010}

C.~Yue and H.~Wang, ``{BogusBiter: A Transparent Protection Against Phishing

Attacks},'' emph{ACM Transactions on Internet Technology (TOIT)}, vol.~10,

no.~2, pp. 1--31, 2010.

bibitem{Yue_LISA_2012}

C.~Yue, ``{Preventing the Revealing of Online Passwords to Inappropriate

Websites with LoginInspector},'' in emph{Proc. of USENIX LISA}, 2012.

bibitem{Florencio_WWW_2007}

D.~Flor{^e}ncio and C.~Herley, ``A large-scale study of web password habits,''

in emph{Proc. of WWW}, 2007.

bibitem{LastPass_2012}

``{LastPass Password Manager}.'' url{https://lastpass.com/}.

bibitem{RoboForm_2007}

``{RoboForm Password Manager}.'' url{http://www.roboform.com/}.

bibitem{Morris_CommunACM_1979}

R.~Morris and K.~Thompson, ``Password security: a case history,'' emph{Commun.

ACM}, vol.~22, no.~11, pp. 594--597, 1979.

bibitem{Wu_SOUPS_2006}

M.~Wu, R.~C. Miller, and G.~Little, ``Web wallet: preventing phishing attacks

by revealing user intentions,'' in emph{Proc. of SOUPS}, 2006.

bibitem{Halderman_WWW_2005}

J.~A. Halderman, B.~Waters, and E.~W. Felten, ``A convenient method for

securely managing passwords,'' in emph{Proc. of WWW}, 2005.

bibitem{Ross_USEC_2005}

B.~Ross, C.~Jackson, N.~Miyake, D.~Boneh, and J.~C. Mitchell, ``Stronger

password authentication using browser extensions,'' in emph{Proc. of USENIX

Security Symposium}, 2005.

bibitem{Yee_SOUPS_2006}

K.-P. Yee and K.~Sitaker, ``Passpet: convenient password management and

phishing protection,'' in emph{Proc. of SOUPS}, 2006.

bibitem{Sun_NSPW_2012}

S.-T. Sun, Y.~Boshmaf, K.~Hawkey, and K.~Beznosov, ``A billion keys, but few

locks: the crisis of web single sign-on,'' in emph{Proc. of NSPW}, 2010.

bibitem{Passport_2007}

``{Windows Live ID}.''

url{http://msdn.microsoft.com/en-us/library/bb288408.aspx}.

bibitem{Chiasson_USEC_2006}

S.~Chiasson, P.~C. van Oorschot, and R.~Biddle, ``A usability study and

critique of two password managers,'' in emph{Proc. of USENIX Security

Symposium}, 2006.

bibitem{Kormann_Networks_2000}

D.~P. Kormann and A.~D. Rubin, ``Risks of the passport single signon

protocol,'' emph{Comput. Networks}, vol.~33, no. 1-6, pp. 51--58, 2000.

bibitem{SunHB_CS_12}

S.-T. Sun, K.~Hawkey, and K.~Beznosov, ``Systematically breaking and fixing

openid security: Formal analysis, semi-automated empirical evaluation, and

practical countermeasures,'' emph{Computers {&} Security}, vol.~31, no.~4,

pp. 465--483, 2012.

bibitem{Zhao_Yue_CODASPY_13}

R.~Zhao and C.~Yue, ``{All Your Browser-saved Passwords Could Belong to Us: a

Security Analysis and a Cloud-based New Design},'' in emph{Proc. of

CODASPY}, 2013.

bibitem{LastPass_Hacked_2011}

``{LastPass, Online Password Manager, May Have Been Hacked},''

url{http://www.pcworld.com/article/227223/LastPass_Online_Password_Manager_%

May_Have_Been_Hacked.html}.

bibitem{Cova_WWW_2010}

M.~Cova, C.~Kruegel, and G.~Vigna, ``Detection and analysis of

drive-by-download attacks and malicious javascript code,'' in emph{Proc. of

WWW}, 2010.

bibitem{Lu_CCS_2010}

L.~Lu, V.~Yegneswaran, P.~Porras, and W.~Lee, ``Blade: an attack-agnostic

approach for preventing drive-by malware infections,'' in emph{Proc. of

CCS}, 2010.

bibitem{Moshchuk2006}

A.~Moshchuk, T.~Bragin, S.~D. Gribble, and H.~M. Levy, ``A crawler-based study

of spyware in the web.'' in emph{Proc. of NDSS}, 2006.

bibitem{Provos_USEC_2008}

N.~Provos, P.~Mavrommatis, M.~A. Rajab, and F.~Monrose, ``All your iframes

point to us,'' in emph{Proc. of USENIX Security Symposium}, 2008.

bibitem{yindss2006}

Y.-M. Wang, D.~Beck, X.~Jiang, R.~Roussev, C.~Verbowski, S.~Chen, and S.~T.

King, ``Automated web patrol with strider honeymonkeys: Finding web sites

that exploit browser vulnerabilities.'' in emph{Proc. of NDSS}, 2006.

bibitem{Hsu_ACSAC_2006}

F.~Hsu, H.~Chen, T.~Ristenpart, J.~Li, and Z.~Su, ``Back to the future: A

framework for automatic malware removal and system repair,'' in emph{Proc.

of ACSAC}, 2006.

bibitem{Bhargavan_WOOT_2012}

K.~Bhargavan and A.~Delignat-Lavaud, ``Web-based attacks on host-proof

encrypted storage,'' in emph{Proc. of USENIX WOOT}, 2012.

bibitem{NIST_SP800_100}

P.~Bowen, J.~Hash, and M.~Wilson, ``{Information Security Handbook: A Guide for

Managers},'' in emph{{NIST Special Publication 800-100}}, 2007.

bibitem{Firefox_JS_Debug_2012}

``{Mozilla's JavaScript Debugger},''

url{https://developer.mozilla.org/en-US/docs/Venkman}.

bibitem{Http_Analyzer_2012}

``{HTTP Analyzer},'' url{http://www.ieinspector.com/httpanalyzer/index.html}.

bibitem{Stallings_CNS_PP2010}

W.~Stallings, emph{Cryptography and Network Security: Principles and

Practice}, 5th~ed.hskip 1em plus 0.5em minus 0.4emrelax Prentice Hall

Press, 2010.

bibitem{NIST_SHA}

``{NIST: Secure Hashing},''

url{http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html}.

bibitem{RFC_2898}

B.~Kaliski, ``{RFC 2898, PKCS5: Password-Based Cryptography Specification

Version 2.0},'' 1999, url{http://www.ietf.org/rfc/rfc2898.txt}.

bibitem{SQLite}

``{SQLite Home Page},'' url{http://www.sqlite.org}.

bibitem{OWASP_RiskRatingMethodology}

``{OWASP Risk Rating Methodology},''

url{https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology}.