How Zero Knowledge Keeps Passwords Safe

When you store your passwords in a password manager, how do you know they're actually secure? At a minimum, that password manager should encrypt all of your passwords. That's not enough, however. To truly protect your business data, your password manager should use a zero-knowledge security model. Here's how zero-knowledge encryption works, why it matters, and how it keeps your passwords safe. 

How does encryption usually work?

To understand what zero-knowledge encryption is, it's helpful to know how regular encryption usually works. When you encrypt data, you're putting it under lock and key. By making that data illegible to anyone who doesn't have the decryption key, you're shielding it from prying eyes. No one else but you can see what your data contains, let alone do anything with it, unless they have the decryption key that was created when you encrypted that data.  Businesses find encryption helpful from a security standpoint. For example, encryption can come in very handy if an unauthorized person or organization tries to access your business data. If they can't see what's in your encrypted data and they don't have the key to open it up, they essentially hit a dead end. The only downside, of course, is that anyone who does have the decryption key could take a peek, or, worse, use that data as they see fit.  For example, a software provider that encrypts your business data for you could theoretically grant someone else access to your data or be forced to do so without your knowledge. If an unauthorized party stole the decryption key from your provider, that could also put your business at risk and you would be none the wiser. To head this potential vulnerability off at the pass, many forward-thinking software providers are moving toward a zero-knowledge security model.

What is a zero-knowledge security model?

Zero-knowledge gives the key to you and you alone. In a zero-knowledge encryption scenario, no one except you, not even your provider, can decrypt your data and find out what's inside. Because only you have the key or password to access your encrypted data, you can have greater confidence that no one else will be able to access that data without your permission and knowledge.  Strictly speaking, zero-knowledge is an overall encryption methodology rather than a specific encryption protocol like AES-256. A zero-knowledge security model makes sure that your data is encrypted before it leaves your device, while it is in transit, and when it is stored at its destination (for example, a server or a cloud storage service). Because a zero-knowledge approach encrypts your data at all of these different stages, each of which has its own unique technical requirements, it may use a combination of encryption protocols (such as AES-256 and TLS) to get the job done. 

What is zero-knowledge proof and how does it work?

But what if your key or password gets stolen, you might ask? Well, the zero-knowledge approach has an answer for this potential problem, too. A zero-knowledge security model requires that you store your key somewhere safe – that is, somewhere that a third party could never access it.  When the time comes to access your encrypted data, then how do you prove that you have the right to do that? After all, passwords are typically a two-way affair: a user provides the password, and the system receives it. Upon verifying that the password is correct, the system grants access to that user. Instead of using traditional passwords or decryption keys, a zero-knowledge security model uses an authentication process called zero-knowledge proof to confirm that you are authorized to access the data. Rather than asking you for the password or key itself, a zero-knowledge proof approach asks you to provide evidence that you have it. By successfully responding to a series of challenges, you can verify that you are who you say you are and get the green light. Many software solutions like password managers and cloud storage services now handle this zero-knowledge proof authentication in the background, automatically taking care of it for you so you don't have to fumble around looking for your details each and every time you want to use your data.

The benefits of zero-knowledge encryption

Zero-knowledge gives you greater peace of mind that not only is your business data under lock and key but that only you have that key. Rather than worrying about whether someone may have stolen or borrowed the other key from your provider and then started poking around your data without your awareness or consent, you can rest assured that you've taken the steps necessary to keep your business data shielded from anyone who would want to view, use, or manipulate it. A zero-knowledge security model is especially useful for any business that uses a password manager to secure and store its passwords. With a zero-knowledge approach, you can rest easy knowing that no one else but you, not even your password manager vendor, has the keys to the kingdom. After all, you wouldn't want anyone else to be able to see the passwords you use to access critical business, IT, and financial accounts. By design, a zero-knowledge approach makes sure that no one else can do that. When your password manager uses a zero-knowledge security model, you can more easily trust it with your passwords. For example, zero-knowledge means that no one has access to your master password for LastPass or the data stored in your LastPass vault, except you (not even LastPass). This way, you can enjoy all the business benefits of a password manager without worrying about whether someone else might be able to access your business data. 

Achieve better password security with a zero-knowledge approach

You want to be sure that your provider is taking all the right security measures to protect those passwords and keep your business safe. Unless you know a fair amount about cybersecurity, though, you're probably taking them at their word when they say they're following cybersecurity best practices. By choosing a password manager that uses a zero-trust security model, you can be sure that only you have access to your passwords – and you can achieve the peace of mind that comes with better password security.  Discover how LastPass' zero knowledge security safeguards your data.