A reader asked in a comment to my post about unsafe password managers:

So, what is the solution?

It is a good question and prompted me to write this answer.

My Recommendations With Regards to ‘Evil Password Managers’

1. Always keep in mind that the internet is dangerous and there is no security available and never will be. Because:
   All technical solutions to safety, secrecy and security are for phishers, gangsters and secret services what is sh*t for flies.

2. Distribute your money between several bank accounts at different banks. So if one account is hacked, you will still keep a big part of your money.

3. For bank accounts, keep a unique password or -phrase for every one which does not resemble any of the others.

4. If you cannot keep these in mind, write them down onto a sheet of paper.

5. Write them down with a simple encryption which you can remember and calculate easily in your head. So in the rare case that somebody finds it by chance, he still cannot take your money.

6. Hide this sheet of paper somewhere in your home. Maybe glue it into a book or the like.

7. Use an extra computer for doing banking related stuff. Use this computer for nothing else. Do not surf the web or read mails or watch %/*%/@&* on this computer.

8. Keep it switched off all the time when you don’t need it.

9. Run an obscure and seldom used operating system on the extra banking computer.

10. For all medium important stuff – non-banking and not really important but quite annoying if hacked – build a base password or passphrase. Modify this slightly for every of these accounts.

11. For all fun stuff – accounts where you could live well with them being hacked – use one and the same simple password for all of them.

12. If I needed to do communication that must stay secret under all circumstances – for example being a freedom fighter in a state run by criminals – I would not use the internet or a phone or any technical thing at all. I would do extremely delicate communication only face to face in real life.

I can not claim that my methods are safe. Because – see point number one above – nothing can ever be safe.

But in my view, my methods are much much safer than using any kind of password manager or things like TOR or encryption algorithms which I do not understand.

What do you think about my solutions to evil password managers? Do you have better ideas? I’d love to hear your opinions.

Why Password Managers Aren’t Safe – And Won’t Ever Be

Lately a paper by Zhiwei Li, Warren He, Devdatta Akhawe und Dawn Song from the University of Berkeley has been published which is called The Emperor’s New Password Manager. It reveals that

…in four out of the five password managers we studied, an attacker can learn a user’s credentials for arbitrary websites.

and later in the paper they write

We found critical vulnerabilities in all the password managers and in four password managers, an attacker could steal arbitrary credentials from a user’s account.

I’m not surprised; not at all. IMHO, which I have had since password managers have been invented is: Password managers are evil and cannot ever be really fixed.

Why Password Managers Can’t Be Fixed

There are two main problems with password managers:

1. Nobody is trustworthy.
2. Password managers are for phishers and secret services what is sh*t for flies.

Let me explain. Of course,

You can trust any given password manager maximally as much as you can trust the provider of the password manager.

And all providers are untrustworthy because everybody on the net is untrustworthy. Especially when it comes to password managers.

Even if there would be company XYZ which you trusted fully, how do you make sure that the password manager you download from company XYZ is really the password manager from XYZ? You can bet that there exist a lot of hacked versions on the net.

Not trusting the identity of anybody is common sense these days. But aside of this, there are other problems…

Basically there are three possible types of password managers. Each of them is untrustworthy per se, even without identity theft.

A Commercial Company’s Closed Source Password Manager

1. You can bet that the NSA has built backdoors into it.
2. And there is a secret law that forbids that the company talks about the backdoors.
3. Other secret services are very much trying to find out the backdoors or to put spies into the company to be able to introduce their own backdoors.

An Open Source Password Manager

1. The NSA has built backdoors into it.
2. Other secret services have built backdoors into it.
3. Some bright phisher has built backdoors into it.
4. With many eyes, all bugs are shallow, you say. Heartbleed I say. Oh, and Shellshock, of course.

A Password Manager Built by Yourself

This is a site for developers, so building your own password manager may seem like an option. At least, you will be sure that nobody builds backdoors into it.

But are you really savvy of security related programming stuff? I don’t know any programmer who really is. Maybe there are those. Surely there are those. Probably most of them work for the secret services of the world or are gangsters. 😉

If you are one of the really security savvy developers in the world, maybe you can build your own flawless password manager.

But before you start…. answer these questions for yourself:

• How many bugs have you produced already in your career?
  Yes, estimate a number.
• With this number in mind, how much do you trust yourself?

Of course, even in spite of the bugs in your own password manager, it will be much more secure than all the others: because nobody knows that it exists, nobody tries to hack it.

US-CERT

The US-CERT stated in a paper (cited from Li et al’s paper)

[A Password Manager] is one of the best ways to keep track of each unique password or passphrase that you have created for your various online accounts without writing them down on a piece of paper and risking that others will see them.

Li et al’s view

While idealized password managers provide a lot of advantages, implementation flaws can negate all the advantages of an idealized
password manager …

My view:

Password managers are flawed and cannot ever be fixed.
I won’t ever trust one.
I’ve also written about a kind of a solution to the ‘Evil Password Managers’ problem.

UPDATE, Dec 2017

As I’ve always said, password managers are inherently unsafe. And nobody can be trusted. I’ve been right: Now it came out, that even in an original Windows 10 installation, there is preinstalled a flawed password manager which allows any website to steal any password.

UPDATE, Jan 2018

With the processor flaws Meltdown and Spectre, it is even more obvious, that all of the internet is inherently unsafe. And will always be. Including password managers.