FejoaAuth: Single Password Authentication and Secure Password Management
FejoaAuth combines secure password-based authentication and secure password management. FejoaAuth allows users to securely reuse passwords to authentication at multiple FejoaAuth sites and to encrypt data. The encrypted password manager can be stored locally or in the cloud. FejoaAuth prevents web page providers to learn any information about the user’s password and thus a malicious provider can’t impersonate the user or decrypt data that is protected with the user password.
To prevent the service provider to learn the user password, e.g. by performing a dictionary attack, FejoaAuth applies key strengthening techniques. The user is able to choose the key strengthening parameters and is in control of how secure a password is protected. In this way the user can make it arbitrary hard for an attacker to brute force the user password.
To prevent leaking the user password during authentication FejoaAuth uses the CompactPake protocol. CompactPake is secure against parameter attacks (see paper) and reveals no information about the entered passwords. For example, if a user accidentally attempts to login at a provider with a password used at another provider, the current provider can’t uses the exchanged information to login at the other provider or learn any information about the password.
Quick link: Download
What’s wrong with password-based web authentication?
As a result an authentication password should never be used for another purpose such as data encryption or to authenticate at another service. However, maintaining multiple secure passwords is cumbersome and neglected by many people. For this reason a solution is needed that requires users to only remember one single password.
A promising solution are password managers. Storing a password manager locally/offline is probably the most secure way to protect it from attackers in the web. However, keeping it locally makes it vulnerable to data loss for which reason a user might want to keep a backup of the password manager in the cloud. This usually requires a password-based authentication at a cloud storage provider. Since the cloud storage provider should not be able to decrypt the password manager the authentication password should differ from the encryption password. This leads to kind of a hen and egg problem; we need to remember two passwords, one for authentication and one for encryption.
While remembering two passwords seems not too much of a problem the reality looks much worse because users usually don’t even have the choice to choose separate passwords for authentication and encryption. For example, 1password is not only able to record the encryption key at account creation but is able to learn the master password at every login on their webpage. The same problem exists for cloud storage providers that offer client side encryption.
FejoaAuth solves these problems and allows to securely reuse a password for multiple purposes. A single password can be used for authentication and to encrypt the password manager. Moreover, users are in control of how secure their passwords are protected and users don’t need to trust provides anymore to store their passwords securely.
When developing the privacy-preserving portable cloud solution Fejoa we ran into the problem that at some point you have to register and authenticate with a storage provider to manage your remote account. While this sounds quite straight forward it actually is not, especially when you care for your privacy of your encrypted data. When using conventional password-based authentication methods, e.g through a web form, one should use a different password than used for data encryption to avoid letting the storage provider decrypt your data with the authentication password. However, using two passwords for the same provider is a usability problem and most likely ignored by most users. Two factor authentication would be an alternative but puts additional burden on the user and lacks the simplicity of password-based authentication.
What was needed is a method to store encrypted data at a potentially untrusted storage provider using only a single password. This only requires the user to remember username and password to access and decrypt the data. FejoaAuth uses the CompactPake protocol to prevent the storage provider to learn any useful information about the user’s authentication password. Thus the authentication password can be the same as the encryption password.
As a next logical step we integrated a password manager into FejoaAuth; what is a better application than securely backup a password manager in the cloud using only a single password?
FejoaAuth Browser Extension
Using conventional password-based authentication on the web, users can’t prevent web page providers to learn the entered password. For example, a web page provider can simply add JS code to readout the plain user password and even record passwords while typing.
To provide secure password-based authentication on web pages we developed a FejoaAuth browser extension that allows users to authenticate at supported FejoaAuth providers.
When registration at a supported web page the extension let the user choose how secure their passwords are protected. The build in benchmark gives users an estimate of how much time is needed to strengthen their password, i.e. how long a login attempt will take.
To provide a complete password-based authentication solution FejoaAuth includes a password manager. The password manager uses password encrypted storage to securely store user passwords.
You can test the addon to register and authenticate on this web page!
The source code is hosted on GitLab.
To initialize the gradle wrapper run:
To build the browser extension run:
./gradlew build -p browseraddon
This will output the extension at:
This extension directory can then be loaded into Chrome or Firefox (untested).
To build and run the FejoaAuth server run:
The server will host a test authentication page at: