Connect with us

Companies

The Security of Your Password Vault: An Interview with Keeper’s Co-Founder

Published

on

Passwords. The keys to verify your credentials on every single online platform that you use. With the multitude of social media accounts, online services, email addresses, banking logins and more, it is entirely likely that you may find remembering multiple passwords (a good security practice) to be, overwhelming.

If you’re an everyday user of the Internet frequenting several websites that seek credentials, you are likely to be using a password manager, or an encrypted password vault that stores your passwords. Password managers are a no-brainer solution in this day of mandatory form-filling and entering credentials. They are now available as cross-platform products that can be installed as an application on your phone. Quite simply a no-brainer, a password manager helps make your time spent on the internet to be a seamless experience.

Despite the benefits, the reality is that every platform, product or service can be hacked. Skilled white-hat hackers bring vulnerabilities and bugs to the developer’s attention while malicious hackers profit from the exploits they devise for the vulnerabilities. Hacked readers will remember a recent report wherein LastPass, a contender for the most widely used password manager of them all, was revealed to contain “a number of bugs, bad practices, and design issues,” as two security researchers put it. The researchers also claimed there is no “bug-free” software, insisting that any further research on password managers would “likely have similar results.”

Hacked spoke to Craig Lurey, the co-founder and chief technology officer of Keeper, a prominent password manager and digital vault that adheres to SOC-2 compliance, a top-level security certification.

Why isn’t consumer-end security given precedence? For instance, why is SOC-2 not widely implemented by security companies for end-users and consumers?

SOC-2 compliance is not easy to obtain because it structurally changes the entire software development process, security, operations and data management of the company.  It requires continuous improvement, optimization and a team that embraces the process.  We’re proud that Keeper is the only SOC-2 certified company across the entire password management industry. Keeper is also a Zero-knowledge security provider. Zero-knowledge is a system architecture that guarantees the highest levels of security and privacy by adhering to the following principles:

  • Data is encrypted and decrypted at the device level (not on the server)

  • The application never stores plain text (human readable) data

  • The server never receives data in plain text

  • No employee or intermediary can view the unencrypted data

  • The keys to decrypt and encrypt data are derived from the user’s master password

  • Multi-Layer encryption provides access control at the user, group and admin level

  • Sharing of data uses Public Key Cryptography for Secure key distribution

Data is encrypted on the user’s device before it is transmitted and stored in Keeper’s digital vault. When data is synchronized to another device, the data remains encrypted until it is decrypted on the other device.

We’re color-brand-white@2xconfident that Keeper is the most secure, certified, tested and audited password management and digital vault in the world. We are the only SOC-2 certified password management solution in the industry and certified by TRUSTe for online privacy.

Not only do we implement the most secure levels of encryption, but we also adhere to very strict internal practices that are continually audited by third parties.

Where is the Keeper user’s encrypted record stored?

Customer data is encrypted and stored locally on the user’s device using 256-bit AES.  The user’s master password derives an encryption key using PBKDF2, and that key decrypts other keys that are then used to encrypt and decrypt the record-level data.  Keeper uses multiple layers of encryption.

The cipher keys used to encrypt and decrypt customer records are not stored or transmitted to Keeper’s Cloud Security Vault. However, to provide syncing abilities between multiple devices, an encrypted version of this cipher key is also stored in the Cloud Security Vault and provided to the devices on a user’s account. This encrypted cipher key can only be decrypted on the device for subsequent use as a data cipher key.

If a person is interested to dig into the low-level encryption methods of Keeper, they can check out our open source API called Keeper Commander.  Our full security disclosure is published here.

Amazon recently and finally started two-factor authentication for its customers’ accounts. What are some of the practices that you see will gain wider adoption among the masses for better security?

The use of two-factor authentication is definitely a growing movement as companies begin to grasp the severity of data breaches. Adding a process like 2FA to control access over the network layer will become the norm in a few years time. Another process we see going mainstream is the integration of security directly into the hardware and software layers of devices. If devices come pre-loaded with security applications, users will develop better security hygiene from the start rather than having to learn a behavior.

How does Keeper ensure a safe account recovery process compared to other password managers’?

Keeper has a unique and secure Zero-knowledge account recovery process to ensure that customers can access their accounts in the case of a lost Master Password.

During account signup, you are asked to select a Security Question and Answer. Also during signup, Keeper generates a ‘data key’ which is used to encrypt and decrypt the ‘record keys’ stored with each of your vault records. Your ‘data key’ is encrypted with your master password, and each record key is encrypted with the ‘data key’. Each record has an individual, different ‘record keys’.

The way account recovery works is by storing a second copy of your data key that is encrypted with your Security Question and Answer. To complete a vault recovery, your are required to enter an email verification code, and also your Two-Factor Authentication code (if enabled on your account). We recommend creating a strong security question and answer, as well as turning on Keeper’s Two-Factor Authentication feature from the ‘Settings’ screen.

We’re the only product in the industry to offer this secure method of account recovery in a Zero-knowledge environment.

Are there any drawbacks to 2FA? If so, what are they?

Not really. 2FA can be implemented in many different forms, and most consumers are not familiar with the terminology.  This is why we refer to 2FA in our product as “Keeper DNA”.  We offer the user many choices and options in their 2FA configuration.  For example, users can authenticate with their Apple Watch or Android Wear device with a single tap.  Nobody else in the password management industry is offering this.

Full disclosure: I’m a user of LastPass’ free service. Why do I need to — if I need to — switch over to Keeper?

We’re the only Zero Knowledge and certified platform, made for the mass consumer market as well as the enterprise environment.  When you use Keeper, you’ll immediately notice the quality of the service and the ease of use across mobile, desktop and browsers.  We prioritize security and ease of use over quantitative features.  Many of our competitors such as LastPass are buggy, confusing, and springs fly out every time you use it.  Buggy and complex software inevitably leads to security vulnerabilities which has been reported widely in the press.  We spend a massive amount of time improving our user experience while building the most secure product.

Featured image from Shutterstock. Keeper logo from Keeper.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4 stars on average, based on 1 rated postsSamburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

5 Comments

5 Comments

  1. Bob Archer

    December 7, 2015 at 11:15 pm

    “Many of our competitors such as LastPass are buggy, confusing, and springs fly out every time you use it.”

    Such FUD. Also, Last Pass is a zero knowledge product too at half the price.

    Security questions can be less secure than a strong password. The user is always the weakest link in the chain.

    • P. H. Madore

      December 8, 2015 at 12:57 am

      Although I agree it’s fuddish, you should check out some recent and interesting vulns discovered in LastPass: https://hacked.com/researcher-even-lastpass-will-hacked/

      That’s not to say Keeper won’t have its own problems, and for the record I still use LastPass, though I’ve followed the researcher’s recommendations.

  2. aaron ashfield

    December 9, 2015 at 7:55 pm

    We should not be using a password vault. The solution is to KILL passwords. Secure Access Technologies removes all passwords, and replaces them with a fingerprint on your phone.

  3. Hua Li

    June 8, 2016 at 7:30 am

    These days we have so many passwords to remember. We need passwords for email accounts, banking websites, social media accounts, online shopping, just about everything needs a password! The average person needs to log into about 20 different accounts regularly and passwords often have requirements that you need to include numbers, symbols and capital letters. How can we remember so many different complex passwords? Although the experts warn us not to use the same password for all our accounts, most of us are guilty of this little shortcut.

    However, reusing the same password for all your accounts carries great risk. If even one of your accounts is hacked, then criminals can get access to all your important accounts, including bank accounts! Or if hackers gain access to your email account then they can use the password reset links on websites to gain control of your other accounts.

    A solution to this problem, is to use a secure password manager to store and even generate passwords for you. CoverMe’s encrypted password protected vault includes a password manager for you to store all your passwords.

    CoverMe’s secure password manager is organized into 6 categories: ID Cards, Wallet, Web Sites, Accounts, Email, Others.

    In ID cards, you can store information like driver’s license, passport and membership cards. In Wallet, you can save your credit card, debit card, bank account, Paypal and Alipay information. In Website, you can store information about any website you want and the most popular websites are already listed to get you started, such as Facebook, Google and YouTube. Accounts is where you would put information about your computer password, server password, iTunes and Dropbox. In Email, you can save passwords for Gmail, Hotmail and Yahoo or any other email accounts. In Others, you can save things like software license key, calling card numbers or whatever you like.

    CoverMe’s not only stores passwords, but it can also generate unique, random passwords for you to use. Use CoverMe password manager to safely store all your passwords for you on your phone!

You must be logged in to post a comment Login

Leave a Reply

Altcoins

Stellar Acquires Blockchain Startup Chain to Form Interstellar

Published

on

The commercial arm of the Stellar Development Corporation has acquired a promising blockchain startup by the name of Chain, paving the way for possibly higher enterprise adoption of distributed ledger technology. The deal adds to Stellar’s credibility as one of the world’s leading blockchain companies.

Chain Acquired

Chain, a San Francisco-based startup pursuing enterprise grade adoption of blockchain technology in finance, has sold to Lightyear in an undisclosed cash agreement. Lightyear, the subsidiary of the Stellar Development Corporation, will be re-named Interstellar, according to official reports. Jed McCaleb, Stellar’s founder, will be the chief technology officer of the newly formed company, which he said should help companies build on the Stellar network. He adds:

“Chain’s team has led the market for enterprise adoption of blockchain technology, which is a critical component of building a future where money and digital assets move over open protocols.”

Interstellar’s new CEO Adam Ludwin explained how the newly merged company will work together:

“Chain has worked from inside the enterprise while Stellar has focused on the network between organizations. As a single team we will have a complete view and set of capabilities to make value-over-IP a reality.”

Chain is said to be a leader in the world of fin-tech, having built enterprise-grade blockchain solutions for Visa, Citigroup and Nasdaq, among others. With the merger, Interstellar will have access to Sequence, Chain’s powerful cloud solution that enables companies to monitor assets moving between private ledgers and the Stellar network.

Previously, Chain had raised more than $43 million across multiple deals. Financiers included Capital One, Citigroup, Pantera Capital and Blockchain Capital.

XLM Price Update

Although the merger between Chain and Lightyear has not had a demonstrably positive effect on XLM’s price, the cryptocurrency continues to outperform leading assets such as Ethereum and bitcoin cash. The XLM price was down 4.4% on Tuesday but has gained 3.2% over the past seven days. By comparison, bitcoin has declined nearly 1% over that period while Cardano has lost more than 10%. Ethereum is trading in positive territory over seven days as prices recovered from 16-month lows.

XLM, which is currently valued at $0.197, has declined roughly 12% over the past month. At current values, it has a market capitalization of $3.7 billion, placing it sixth among active cryptocurrencies. Bitbox is the most active market for XLM traders, accounting for more than 54% of daily transactions.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 610 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Business

Nvidia Pulls Out of Cryptocurrency Business amid Declining Profit

Published

on

California chipmaker Nvidia Corp (NVDA) has officially pulled out of the cryptocurrency mining business over declining GPU sales and dwindling profits. However, a closer look at the mining landscape reveals that competition, and not declining demand, is at the root of Nvidia’s decision to exit the industry.

Nvidia Quits Crypto Mining Business

Colette Kress, Nvidia’s CFO, announced the decision last week in a report that was published by The Wall Street Journal.

“We believe we’ve reached a normal period as we’re looking forward to essentially no cryptocurrency as we move forward,” Kress said. “Our revenue outlook had anticipated cryptocurrency-specific products declining to approximately $100 million, while actual crypto-specific product revenue was $18 million, and we now expect a negligible contribution going forward.”

The company, which is best known for developing chips for supercomputers and video game systems, experienced an upsurge in GPU sales last year as miners rushed to capitalize on the crypto boom. Earlier this year, Nvidia revealed for the first time how much revenue it generated from crypto market sales. As Hacked reported back in May, Nividia’s first-quarter chip sales to cryptocurrency miners hit $289 million, far exceeding forecasts of $200 million.

Despite better than expected results, the company warned of a steep fall in subsequent quarters as mining profitability plummeted.

“Crypto miners bought a lot of our GPUs in the quarter and it drove prices up,” Nvidia CEO Jensen Huang said on a Q1 earnings call back in May.

Nvidia may be exiting the crypto mining business, but its overall profitability is as good as ever. For the quarter ending July 29, profits nearly doubled to $1.1 billion, or $1.76 a share. Revenues surged 40% to $3.12 billion. Both results beat analysts’ forecast.

Bitmain’s Growing Dominance

Following a series of acquisitions and funding rounds, China’s Bitmain has emerged as the world’s biggest blockchain conglomerate. The company, which is valued at $19 billion, generated $1.1 billion in profits during the first quarter. As CCN reports, Bitmain’s crypto venture earned 65 times more profit than Nvidia during the quarter.

Bitmain’s profitability suggests that demand for mining equipment remains strong despite the seven-month downturn in cryptocurrency prices. What’s more, bitcoin’s hash rate has increased significantly this year, offering further evidence of continued growth. As Hacked reported last month, bitcoin’s hash rate has risen 100% amid the downturn. What’s more, the hash power that has come online since the end of last year is equivalent to more than 2 million SHA-256 ASIC. Each of these units is valued at roughly $1,800.

The real issue for Nvidia isn’t that crypto mining is on the decline but that demand for GPU-specific equipment has fallen.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 610 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Business

Overstock.com Shares Spike 17% After Chinese Private Equity Firm Pledges $270 Million for tZERO

Published

on

Shares of Overstock.com (OSTK) surged in after-hour trading Thursday after a major Chinese equity firm agreed to invest in tZERO, the blockchain subsidiary vying to reshape the investment world through a SEC-regulated alternative trading system (ATS).

GSR Capital to Invest Heavily in tZERO

CNBC confirmed on Thursday that Hong Kong-based GSR Capital will invest up to $270 million in tZero. The investment is based on a valuation of $1.5 billion, giving GSR an 18% stake in the new blockchain startup. GSR will also buy $30 million worth of tZERO security tokens.

“We are honored to have GSR Capital as a strategic investor,” said tZERO CEO Saum Noursalehi in a statement, as quoted by CNBC. “The tokenization of securities has the potential to disrupt global capital markets responsible for moving hundreds of trillions of dollars. Together with our partners, we will globalize our blockchain-based platform, bringing more efficiency, liquidity, and trust to capital markets.”

The announcement came less than six weeks after GSR Capital signed a letter of intent with Overstock to purchase $160 million worth of security tokens.

Launched in December, tZERO’s initial coin offering (ICO) has raised $134 million to finance its ATS infrastructure, which will provide a regulated venue for securities trading. The company plans to build similar systems around the world.

Despite a highly successful crowdraise, documents submitted to the SEC earlier this year revealed a target of $250 million. Independent valuations had placed tZERO’s ICO anywhere between $200 million and $500 million.

Overstock.com Spikes

Overstock.com’s share price was up by as much as 21% after-hours. It would eventually settle at $45.40 for a gain of 17.6%.

As the following chart illustrates, the OSTK price rose 4.5% in regular trading on Thursday to settle at $38.60.

Despite the gain, OSTK has been a dismal performer this year. Share prices are down 40% year-to-date, vastly under-performing the Nasdaq Composite Index, which has returned more than 14%.  What’s more, the stock is trading at less than half of its 52-week high.

Overstock’s share price has been rocked by disappointing quarterly results and the cancellation of a proposed public stock offering. Last March, the company offered four million shares of common stocks before abruptly cancelling those plans. Noursalehi said the decision to pull the offering was due to “market volatility and price.” To be sure, OSTK had declined 20% following the initial announcement to issue common stock.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 610 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending