Security of synchronized passwords with Opera Link
By Esteban Manchado Velázquezzoso. Tuesday, May 3, 2011 2:44:26 PM
Some of you have, understandably, asked about security details of how we're storing the passwords. You may have noticed that during these months we have been changing the login pages of all of our public websites to make sure they all use HTTPS. This has been part of an ongoing process (which includes internal changes you can't see!) to tighten security to make sure your Opera Account remains safe. Why is this so important? It is important because all your password manager data is encrypted using your Opera Account password.
That was a bit of a simplification, so if you're curious, this is how it works:
- When you send passwords to Opera Link for the first time, Opera generates a long, strong, random encryption key for your data.
- This encryption key is used to encrypt, on the client side, all data you send to the Link servers.
- The encryption key is also sent to the servers, but encrypted with your Opera Account password (this is why you must keep it safe!)
- When other installations of Opera connect to the Link servers, they receive both the encrypted encryption key and the password manager data. To be able to decrypt the password manager data, they have to decrypt the encryption key first, which they can because they have your Opera Account password (needed to login to Opera Link in the first place).
What does this mean for your password security? It means that Opera has theoretical access to your data, but in practical terms no single department at Opera does, because your account password is never sent to the Link servers, but to Auth, our authentication service. As it is never stored in plain text anywhere, it also means that no one that only has access to the data (say, database backups), can get your passwords except by brute force. Even if the attacker has data for both Auth and Link. And then again it's not as easy as it sounds, because we use random salts in every chunk of information we store to avoid rainbow table attacks.
In conclusion, you have to keep in mind at all times that your Opera Account is the key to all the passwords you have saved in Opera Link, meaning:
- It's important that you choose a good password for your Opera Account. In fact, we recommend you change your password before you start saving passwords in Opera Link. You can change it by clicking on the tool icon on the My Opera top bar -> Account -> Privacy & password.
- Never, ever give your Opera Account password to anyone. Not that you should do that with any other password, but this is especially important as it gives access to all your passwords.
EDIT: clarified a bit the part about Auth.