How secure are password managers with account recovery?

Question

The major commercial password manager companies claim to have a "zero knowledge" system. This means the master password of the user is the only way to decrypt the data and it's is not stored anywhere. So even the company doesn't know the master password or has access to the users data. I've put hands on KeeperSecurity, LastPass, Dashlane and 1Password.

So far so good. But KeeperSecurity and LastPass provide a possibility to recover an account when the user has lost his master password. I mean how is this possible, if the master password is the only way to access the data and nobody knows it except the user?

KeeperSecurity manages this by saving a second copy of the users data which is not encrypted with the master password, but with a security question, previously asked, and answer. But this means there is another way of accessing the users data. And there is the chance that somebody knows the security answer. Okay the recovery requieres access to the email account and to a second auth factor. BUT still there is another chance of accessing the data besides the master password!

Dashlane and 1Password do not provide an account recovery.

How can those password managers pretend to be secure and claim that the master password is the only way to access the data, but on the other hand provide a recovery option.

What do you think about password managers with recovery option? I mean everybody who is using a password manager should be aware of loosing the master password.

Is a password manager with recovery option really trustworthy? Maybe someone could give a little valuation about security of such recovery systems.

Answer 1

Having a recovery option is perfectly fine as long as it is adequately secured. Whether you prefer losing your passwords if you lose the master password or want to trust the password manager company with access to your passwords is up to you.

Keep in mind that security is a means to an end. There are always trade-offs to be made. You can have a perfectly secure computer by not having a computer. Usability suffers, though.

Edit:

Since people in the comments want the specific question of "how secure are password managers with recovery option" answered, I will add some points:

It is possible to provide recovery options which are secure, but this always depends on the attacker model. Security ALWAYS depends on the attacker model: Passwords are very bad against-mind readers!

Here are some possible ideas for reasonably secure recovery schemes:

1. Encrypt a copy of the database under a different key and ask your users to print this key and store it in their safe. That's what keybase.io does, or the Ubuntu drive encryption.
2. Store a DB copy which requires a key from the company on the users machine.
3. Have two departments at the company, one storing a DB copy, the other storing necessary the key. If you want to recover, both verify your identity and send you their part.

However, none of these mean that it is impossible for somebody else to get your passwords. (not using "zero knowledge" because that has specific meaning which works completely different when applied to passwords) After all employees might collude or safes can be broken into.

Every recovery option for you is also a recovery option, or an alternative attack path for stealing your passwords.

Remember: If you want to ask "How secure is X?" your attacker model must be obvious or stated. Security always depends on the attacker model! There is no absolute security.

Answer 2

This is kind of a who can I trust question. When you use a password manager, and specifically an online one, you do trust it. Admitedly, your password vault is stored in a securely encrypted form that can be decrypted with your private master key, and you trust the password manager to never leak that key - it need to know it at decryption time. For those who offer a recovery procedure, the main secret can be decrypted with either you private key, or with an alternate key. If you only need to answer a security question, it is enough for an attacker to know the answer to the security question to access your passwords. If it is much simpler to guess that your master password, then you have lowered the global security.

If the recovery involves both the answer to a security question and access to a mailbox, it is as secure as the most secure of both. For example if you use 2FA on your mailbox, it can be acceptable. Because here again you trust your mail provider.

Anyway, when you use a password manager, you admit that they have secure enough procedures (*) to protect your passwords that it is no longer the weakest point. Said differently, you admit that it would be easier to an attacker to hack your own system (where you type the master password) than the system hosting the password manager. If you do not, then you should not use that password manager.

(*) I speak of procedures here, because the system security involves much more than software. You must also considere the physical security of the data center, and whether you can trust all employees that have admin priviledges on the system.

---

It is just my own opinion, but I must admit that I am still reluctant to using an online password manager for those reasons and stick to a local vault with private backups.

Answer 3

This means the master password of the user is the only way to decrypt the data and it's is not stored anywhere.

No, it doesn't. "Zero knowledge" means that no one at the company, much less a hacker, can decipher your data in anything less than brute force time, even if they're given the data on a silver platter. Your data is "stored," but in an encrypted format or two. Zero knowledge means that your data is not stored, in clear text, anywhere in the system.

If there are two, three, or five ways to get at the data, it's still secure so long as it's not possible to gain any bits of information from the variously encrypted forms (and presumably, there's random padding to discourage this).

Having more than one method to get at the data is still reasonably secure, so long as the questions are something that only you could answer, or require 2FA, etc.

Answer 4

LastPass's documentation says to do the following to reset a password:

If the [password] hint doesn't help, go to the Account Recovery page to activate your local One Time Password. This allows you to change your Master Password if you've logged into LastPass previously on that computer, and is the only way to 'reset your password'. You should try this on all browsers and on all computers where you've used the LastPass plugin to access your account. This method does not work on mobile devices. Account recovery is not supported on mobile devices or apps. Changing the master password, reverting the account, or clearing the browser cache for LastPass can destroy these files.

This is strongly suggestive that the relevant keying material (or perhaps the entire vault) lives in the browser, and not on LastPass's servers. Otherwise, these restrictions would not make any sense.

If you have updated your Master Password within the last 30 days, you can go through these steps to Revert to change to your previous Master Password. Please note, we do NOT recommend selecting the "restore" option unless you have confirmed with LastPass Support that this is the best course of action.

This indicates they keep an old copy of the keying material for thirty days, but does not mean they keep it unencrypted.

Your other link does not provide sufficient information for me to evaluate where they keep their keying material, because it only says that "If you have Account Recovery enabled on your account, you will be walked through a procedure to reset your master password." It does not state what that procedure entails, or whether you can perform it on a brand-new computer.