Is WhatsApp or Facebook Messenger secret conversation a reasonable method for transferring passwords?

Question

I have the Netflix account in our family, meaning I have the password.

It's a secure password, with 16 characters, including symbols, numbers and uppercase, for example 3?TeJ)6RK]4Z_a>c, which has around 80 bits of entropy.

However, I have to share this password with other members of the family, so they can also login to it. Is using WhatsApp or Facebook Messenger secret conversation an acceptable method for this?

Are there better methods?

Just because I can't read this without saying it.... That password is unnecessarily hard, 4 words combined would do just as much and you won't have to share it (as they can remember it because its not random bunch of characters). https://xkcd.com/936/ — EpicKip, Jun 01 '17 at 08:45
@EpicKip This came up in the comments which were removed - it's actually more secure than the four words (this is 80 bit of entropy) whereas 4 words is 48. Of course, 48 bits is plenty for a Netflix account but I have no reason to generate a less secure password just because the account is less critical. My password manager generates these. Also, nobody remembers 4 words the first time they hear it. It would be easier over the phone though. — Tim, Jun 01 '17 at 08:58
@EpicKip Sure, but there's no need to remember it (my computer does that) and the XKCD example taken at face value is less secure. Also my spelling is not so good, so words might not be best! — Tim, Jun 01 '17 at 09:10
But there is a need to send it around which is never a good idea, just saying the "secure passwords" aren't necessarily more secure — EpicKip, Jun 01 '17 at 09:25
@tim use five or more words them. "Correct Horse identifies Battery Staple " or something like that. The moment you need to write it down for some reason, you are already making it insecure! — T. Sar, Jun 01 '17 at 12:18
@TSar you expect me to remember 200 passwords each 5 words long!? That's not going to happen! Whatever password I use, I need an encrypted password manager (I use Enpass) and my manager generates these passwords but not the word ones. — Tim, Jun 01 '17 at 12:36
@Tim If you're using that many passwords, the password manager is the best option to save them. However, keep in mind that if this specific use case is for a shared password, not for storing several of them. For a single shared password, I think a passphrase would be the better option! — T. Sar, Jun 01 '17 at 12:41
@Tim There is a reason to generate a less secure password here; you are sharing it and they aren't using your password manager. — Yakk, Jun 01 '17 at 14:58
3?TeJ)6RK]4Z_a>c is 16 characters. When just using a-Z you will need a password of 20 characters to make it more difficult to brute force crack, taking into account that the hacker KNOWS you are using a-Z only. Netflix=MoviesForTheEntireFamily is a password that is easily remembered and much MUCH MUCH stronger than your current password. — Laoujin, Jun 02 '17 at 13:16
@Laoujin With respect, if someone wants to brute force my Netflix password, and they can manage 3?TeJ)6RK]4Z_a>c, I think they will also be able to get your suggested password. In either case, if they're trying passwords with 80 bits of entropy, I think they're pretty desperate to get in and will stop trying to brute force, and start hitting me with a wrench. Brute force attacks are not something I'm concerned about with my password. https://xkcd.com/538/ — Tim, Jun 02 '17 at 13:20
@Laoujin In fact based on XKCD's entropy measures, I get your password as being 83 bits of entropy - only just above mine. That assumes 6 common words (66), each might be capitalised (6), a punctuation mark (4) in one of 5 positions (2). Whichever password I pick, we're looking at 1000x the age of the universe to brute force it, so to clarify, I'm not concerned in the slightest about the "strength" of this pasword. Re rememberability, that's also not a concern. Nobody has to remember this password. — Tim, Jun 02 '17 at 13:28
@eckes That's something I had not considered. Thankfully, we have a Chromecast rather than a smart TV. — Tim, Jun 05 '17 at 16:59

David · Accepted Answer · 2017-06-01T15:51:10.627

66

Both Facebook Messenger (using secret conversations) and WhatsApp implement end-to-end encryption, which means that when you send a message your text is encrypted on your computer and decrypted on the destination computer. The text of your messages is not visible to anyone in between unless they break the encryption, which for practical purposes is not going to happen (unless you happen to be the subject of a national security investigation, in which case you've got bigger problems than sharing your Netflix password with the wonks at the NSA).

However, beware that end-to-end encryption only protects the communication channel itself. It does not protect you from threats such as:

Malware, such as keyloggers or screen grabbers that have been installed on your machine or the destination machine
Friends/family who decide to re-share or change your password without your permission
Netflix, who monitors these things and will see that your account is being used in multiple geographic places and thus probably being shared against their terms of service. Netflix has plans that allow multiple streams among family members, so this in itself is not an actionable issue unless your password is somehow shared widely.
Law enforcement, if you happen to live in an area that has criminalized password sharing
As pointed out by daniel in the comments, Facebook (who owns both Facebook Messenger and WhatsApp) might accidentally provide weak security or be complicit in breaking user security (e.g. in order to assist a law enforcement investigation). As proprietary applications (not open source) neither of these softwares have been vetted by outside security researchers, so Facebook might have a poor implementation or they might be copying/inspecting your data at either the source or destination device. Additionally, since these applications create and control the encryption keys used to implement the end-to-end encryption, you must assume that Facebook can break the encryption if they so desire (or anyone they would give the keys to, e.g. law enforcement).
Another excellent point from Gert van den Berg in the comments: some messaging apps will automatically back up to the cloud. The security around cloud storage is not nearly as strong as the end-to-end encryption used in the communications channel. See, for example, the Fappening attacks for more info as to how the cloud represents a threat to data privacy. (Even for supposedly deleted data!)

edited Jun 01 '17 at 15:51

answered May 29 '17 at 21:52

David

1,416
10
8

14

It might be worth adding to this that law enforcement would not have to break the encryption, they would ask WhatsApp or facebook for the plain text messages, and WhatsApp would supply them without informing the users. (WhatApp may need to retrieve the key from the users device to decrypt the messages to still sell it as end to end encryption but they could do this also without informing the users) – daniel May 30 '17 at 06:52
2

@daniel: WhatsApp itself has to be able to decrypt the messages (in order to display them on screen) so there's really nothing that their app can't do with them. – Lightness Races in Orbit May 30 '17 at 09:52
4

@BoundaryImposition WhatsApp the application has to be able to do that; WhatsApp the organization (who are actually just a branch of Facebook anyway now) cannot. If you have access to the phone, all bets are off - you're then reliant on the lock screen and storage encryption on the device remaining secure to stop a user simply logging in and scrolling up the screen to find it. – IMSoP May 30 '17 at 10:16
1

@IMSoP: WhatsApp the organisation create WhatsApp the application. They are the people who write the code running on your phone. It can do anything. – Lightness Races in Orbit May 30 '17 at 10:17
4

@BoundaryImposition Yes, they have the ability to implement a backdoor, in advance; this is true of any software you are trusting to perform your encryption, right down to a hardware encryption module. If they have not done so, however, doing so in retrospect will not allow them to decrypt previously sent messages, without having the phone unlocked in order to install the backdoor (at which point, you can just read the messages without the backdoor). – IMSoP May 30 '17 at 10:20
@IMSoP: I never claimed that this ability was limited to WhatsApp. The point is that you are running someone else's code so it's as if they have physical access to your device, and people forget this. – Lightness Races in Orbit May 30 '17 at 10:28
3

@BoundaryImposition "you are running someone else's code so it's as if they have physical access to your device" Sorry, I see your point, but that sentence is simply not true. – xDaizu May 30 '17 at 13:07
@xDaizu: Well, it is true, but you are of course permitted to disagree :) – Lightness Races in Orbit May 30 '17 at 13:10
1

What, no one posted this XKCD yet?! – Gallifreyan May 30 '17 at 15:19
2

@BoundaryImposition It's not quite the same as physical access - the code can only run within whatever permissions it has, or exploit vulnerabilities to circumvent those permissions vs. physical access where you can do whatever you like. With that said, I think everyone is niggling over details here. The point is that you are correct in saying that this line in the answer is not accurate: "The text of your messages is not visible to anyone in between unless they break the encryption". It's not necessary to break the encryption if you control the app. – Jon Bentley May 30 '17 at 19:04
2

Other risks include Whatsapp's automatic backups to the device and Google Drive which uses a lower grade of encryption than the communications channel... https://qz.com/656035/whatsapps-new-encryption-wont-protect-you-unless-youre-also-doing-all-these-things/ – Gert van den Berg May 31 '17 at 08:46
To the Netflix ToS point: it would seem that at the moment, Netflix views sharing passwords with others as a first step in acquiring more users and it does not plan to go after those who share passwords. At the moment, I believe they've only commented on sharing within the family (like the question implies) and this could change in the future. Here is a link to a decent article with more links in it: https://techcrunch.com/2016/07/11/psst-its-still-okay-to-share-your-netflix-password/ – Pants May 31 '17 at 15:02
@Gallifreyan As it happens, I don't know this password. Them beating me with a wrench wouldn't get them that far! They would need the password for my computer (normally unlocked) or phone (6 digits / fingerprint) plus the password for my password manager (12 random chars / fingerprint). Sounds like they just need to cut off my finger to watch my netflix :P – Tim Jun 01 '17 at 09:01
1

@David You claim that end to end encryption is being used. Do you have a reliable source that backs your statement up? I really don't think that such a statement coming from a company like Facebook/WhasApp can be trusted these days. – Forivin Jun 02 '17 at 11:28
@Forivin It was reported as such in the media (just google it) but those reports are invariably traced back to Facebook themselves. As already said, it's proprietary code and hasn't been checked by the larger community. – David Jun 02 '17 at 14:53

score 48 · Answer 2 · edited May 29 '17 at 20:37

48

"Acceptable" is relative to what level of risk you want to accept.

Personally, I think WhatsApp is suitable for this. As it has good end to end encryption. But I would also think Facebook is fine only because it's a Netflix password and not your bank.

As I say. It's down to you and your risk appetite. Personally, I would be more than happy using WhatsApp with my family.

edited May 29 '17 at 20:37

Tim

950
1
7
16

answered May 29 '17 at 20:31

ISMSDEV

3,270
13
22

11

WhatsApp does dirty things with login tokens on the local network. Some roommates of mine were able to spoof an account they sniffed on the lan for quite a while (token was valid for like 12ish hours). This was literally a fun weekend project for them... – Aaron May 30 '17 at 20:22
2

@Aaron So if I regularly visit a cafe, someone could maybe get my accounts? – Tim May 30 '17 at 23:17
@Tim theoretically yes. having your login token allows another user to login as you for a period of time. when it comes time to re-generate this token they won't be able to without your account creds however. If you are on unsecured wifi, I would strongly suggest you use a VPN or your cellular data. – Aaron May 31 '17 at 13:20
2

@Aaron What about secured but untrusted (university, restaurant with a password)? – Tim May 31 '17 at 13:57
1

@Tim WPA-PSK (pre shared key) will let anyone see your traffic if they also have the password to the wifi (this is the typical residential configuration as well as many smaller businesses) EAP authentication may provide more security depending on how it's implemented, and is the standard for larger businesses and universities (wifi where you have a unique username and password. Note: username and password would be entered in wifi settings not in a web page (that's called a captive portal, and has a generally different use (not for security))) – Aaron May 31 '17 at 18:13
1

@Tim I would just like to point out that while these vulnerabilities may exist, they pretty much all involve someone needing to be physically in range of the wifi you're using, know that you'll be transmitting sensitive information, and have a desire to specifically spy on you. The combination of all these things is pretty unlikely. – Aaron May 31 '17 at 18:32

score 7 · Answer 3 · answered May 29 '17 at 21:08

In the case of a Netflix password, passing the password over FB Messenger or WhatsApp will be secure enough. The data, while in transit will be encrypted using modern encryption technologies. Keep in mind though that the password will be visible within both your's and the recipient's inbox- in plain text. This may introduce a risk if the recipient's Messenger/WhatsApp account is compromised (or your own account).

Hypothetically, if you are sending messages with confidential information related to, let's say, national security- then I would recommend not sending this sensitive data across these types of messaging platforms. The reality is that the "powers" that may have the ability to obtain your chat logs from these messaging services would only do so if the information they were seeking was highly valuable.

From what I recall, FB's "secret conversations" use device specific keys, so just a compromise of the account shouldn't leak the conversations. But I think its possible to have future secret conversations sent to a new device (after the attacker gets into your account), so you could get "intercepted" in the future. — mbrig, May 31 '17 at 02:06
Yeah each convo is between two devices only. However, my Facebook password is 100% an area of weakness - I need to update that password. — Tim, May 31 '17 at 11:22

score 2 · Answer 4 · answered May 30 '17 at 05:13

2

While others have pointed out that a Netflix password in particular may not be the most valuable asset in the world, I personally prefer to exercise best practice where possible which I think most would agree includes not transmitting passwords electronically where avoidable.

My wife and I both use KeePass, and for passwords that we both need (including Netflix) I went through the one-time process of manually entering the password into her KeePass DB. If we ever need to change it, that'll happen manually as well.

Is this overkill? Maybe. I'd counter by asking - why not? It really is not that much of an inconvenience, and it gets everyone in the habit of not sharing passwords via sticky note or email. Additionally, you don't need to worry about the NSA secretly getting Facebook to decrypt your messages so they can watch House of Cards on your dime :)

answered May 30 '17 at 05:13

Rob Gwynn-Jones

121
2

2

"why not? It really is not that much of an inconvenience" Well, sure, if you live in the same house or close by. What if you're three hours away? Five? Twelve? Twenty-four hours and a £5000 airline ticket? Not so convenient now! – Lightness Races in Orbit May 30 '17 at 09:55
Sure, like anything else it's a case of weighing the pros and the cons and not being dogmatic. Just thought I'd add a point of view that hadn't been shared yet in this discussion :) – Rob Gwynn-Jones May 30 '17 at 23:29
I highly doubt the NSA is interesting in stealing people's Netflix passwords to watch House of Cards. They probably intercept and decrypt the video stream as it's playing and watch it like that :) – Matthew Crumley Jun 01 '17 at 14:07
One option would be to have a shared keepass database and send that, or store it online, encrypted with a pre-shared key. Some other password managers, such as lastpass have a password sharing facility, where you can share that one password with another user. – Baldrickk Jun 01 '17 at 15:52

score 2 · Answer 5 · edited Jun 16 '20 at 09:49

2

You should be aware that the end to end encryption of Whatsapp could not be what you expect. The protocol used by Whatsapp is indeed secure, but it looks like the implementation willingy choosed ease of use over security. It has been discussed at Whatsapp security, and a comment gave a link to the Guardian explaining that

A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service
...

However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting of previously undelivered messages effectively allows WhatsApp to intercept and read some users’ messages.

[Whatsapp justifies that to cope when] a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.

That means that even if there is an end to end encryption, Whatsapp administrators have the ability to make your sending device send a new copy of the message containing the password with a new encryption key that they know. Whether this is acceptable is up to you, but as far as I am concerned, I prefere S/MIME or PGP encrypted mail that do not suffer that vulnerability.

edited Jun 16 '20 at 09:49

Community

1

answered May 30 '17 at 07:55

Serge Ballesta

26,693
4
44
89

1

That Guardian article has been largely debunked. It's very poor on tech details, and basically wrong. See details here. – samiles May 30 '17 at 13:48
2

@samiles: Thank you for your comment. I have just read the article you link. Nothing there says that the extract I have quoted is wrong: the system allows for re-sending of a message with a different key to cope with user changing their device and thus their key. That means that the system could be subverted to re-send a message to a different recipient, because the action is originated by the server and not by the user. My post does not present that fact as a back door (willingly exploited) but as a vulnerability (could be exploited). And my post says: the protocol... is indeed secure – Serge Ballesta May 30 '17 at 14:18
It's a function of end-to-end encryption, not a security flaw. Telling people (not saying you're doing this, but many have following that Guardian article) that WhatsApp isn't safe is dangerous. – samiles May 30 '17 at 14:20
4

@samiles: I shall not wonder whether Whatsapp is safe of not. The end to end protocol is correctly implemented and secure. But end to end encryption as implemented in PGP or S/MIME encrypted mail does not allow automatic re-sending of a mail with a new key. The sender has to do it by hand. That's clearly a design choice to have an easier to use application. I'm not saying it is unacceptable nor even bad. I just say that it could be subverted from Whatsapp servers to re-send a message to a new receipient. Each user can then make his own risk evaluation... – Serge Ballesta May 30 '17 at 14:30
2

I agree, it's useful info to have. But if WhatsApp is still good enough for political dissidents, it's good enough for Netflix passwords ;) Whenever that Guardian article is mentioned it's just worth adding that many security professionals consider it to be bad, dangerous journalism... – samiles May 30 '17 at 14:33
@samiles pro hominem is not valid reasoning. – Sparhawk Jun 02 '17 at 01:20
@Sparhawk It's not pro hominem. The Guardian article is BS. It's useless information in the context of this question, and dangerous in fact to spread the idea that WhatsApp isn't safe because of this particular issue. – samiles Jun 02 '17 at 07:06
@Sparhawk The tweets of zeynep are great to follow for more info on this, and why it's literally dangerous information to spread, not just incorrect. – samiles Jun 02 '17 at 07:09
@samiles Sorry, should have been clearer. I was referring to this part: But if WhatsApp is still good enough for political dissidents… – Sparhawk Jun 02 '17 at 10:42
@Sparhawk The point is a lot of political dissidents use WhatsApp, and this Guardian article made some of them think they should switch to SMS or something, which is less private, and dangerous, in a way that sharing a Netflix password clearly isn't. But yes, nice pickup of my "fallacy"... – samiles Jun 02 '17 at 10:54
@samiles I never really interpreted it as that. The Guardian article suggests Signal as a viable alternative… which I tend to agree with. I don't think they suggest anything else? (Although I'm too lazy to read it again.) – Sparhawk Jun 02 '17 at 11:04
FYI, the Guardian article as since been amended and now describes the issue accurately as far as I'm concerned. Signal, the original implementation of the Signal Protocol, does not suffer from this flaw and isn't owned by giant, US-based corporation, so I'm still going to prefer that. – Niklas Holm Oct 05 '18 at 14:00

score 2 · Answer 6 · answered May 30 '17 at 21:21

2

Primarily in an attempt to be contrary, I would point out that the password is rarely the weakest point in your password security, and in fact too secure of a password can actually make you less secure. People are frequently the weakest point, a fact which is especially applicable here. You have made a very secure (i.e. hard-to-remember) password. You don't have a problem with this because you store your password in a password manager. Do your family members do that though? What are the odds they will leave your message somewhere very accessible for when they need it, because they can never remember it themselves? Which family member will then copy and paste that message and then email it to themselves over an insecure channel so that they don't forget it?

Might point is that a secure and memorable password will be more secure than a password that is secure but impossible to remember, because in the latter place someone will store it in an insecure manner because they have zero intention of memorizing it. So I would say that if you really want to guarantee top security then you need to come up with a password that can be memorized easily. Then you could just call them and tell them what it is.

XKCD: Always worth a link: https://xkcd.com/936/

answered May 30 '17 at 21:21

Conor Mancone

31,265
13
94
100

1

They will stay signed into Netflix. Note that the XKCD is not relevant here because their "more secure" one is less secure than mine. (I've got almost 80 bits of entropy). But I take your point that they are the weak link – Tim May 30 '17 at 22:47
clearly no one would actually use "correcthorsebatterystaple" as their password. If you capitalize some words, and add a couple of symbols between words, then you could very easily be over 80 bits of entropy, and still have a memorable password. – Hannah Vernon May 31 '17 at 14:55
2

@MaxVernon XKCD is very definitely advocating for 4 lowercase words - and plenty of password generators create those. – Tim May 31 '17 at 15:16
2

@MaxVernon, no, capitalizing and adding symbols completely misses the entire point of the strip. If you need a stronger password, don't add trivial extra transformations. Add an extra word or two. – Ben May 31 '17 at 15:33
@MaxVernon some people would. Dropbox for example explicitly forbid the use of "correcthorsebatterystaple" as a password. Whether you think this is just an 'Easter egg' feature or not, someone had to try using it to find it... – Baldrickk Jun 01 '17 at 15:48

score 2 · Answer 7 · answered May 31 '17 at 14:51

For most normal folks whose threat models do not involve nation-state targeted surveillance or a warrant from Law Enforcement Agencies, yes - WhatsApp end-to-end encryption would be sufficient.

Others have pointed out two situations that I'll repeat for completeness:

Service provider (in this case, FaceBook/WhatsApp) can extract the plaintext (decrypted password) directly from the device under certain circumstances.
Keyloggers and other malware on the endpoints (phones / laptops) themselves could access the plaintext directly.

One technique I use when facing this situation is to obfuscate the context itself, increasing the difficulty for the adversary. i.e., send the password but don't mention in the same channel what it is for; mention the context in a separate channel. e.g.,

Channel 1: SMS / voice call: "Hey I'm going to send you a separate message with NetFlix Password in a minute".

Channel 2: WhatsApp msg: "Here is what we just spoke about: 3?TeJ)6RK]4Z_a>c"

score 1 · Answer 8 · answered May 30 '17 at 05:23

1

Others have already pointed out the limited risk of losing the password and the use of end to end encryption by WhatsApp, but I'd like to point out one more thing:

keep in mind that this end to end encryption is only useful for transferring the password. Once the other person receives it, anyone with access to the (unlocked if relevant) phone can see it in the chat history.

It can be a good idea to ask the other person to remove the message from their chat history once they received it. You don't want them to use their WhatsApp chat history as a digital post-it with their password on it.

answered May 30 '17 at 05:23

Teun Vink

6,918
2
30
35

1

Just to add, facebook secret messaging can be set with an auto delete timer feature akin to snapchat. So no need to manually delete the chat after reading. – Max Payne May 30 '17 at 07:37
2

@MaxPayne you'd want to arrange for them to be in the right place when you send the message then, otherwise they'll end up with a starbucks napkin with "Tim's netflix password 3?TeJ)6RK]4Z_a>c" in their pocket. – Chris H May 30 '17 at 13:38

score 1 · Answer 9 · answered May 30 '17 at 13:36

Assuming you tust them to look after it, and that your exposure to the loss of this password wouldn't be too bad (i.e. it's not your bank):

I'd still be tempted to obfuscate it in some simple way while in transit and send the key on another channel. E.g. given your example of 3?TeJ)6RK]4Z_a>c, send 3?TfJ)6RK]4Z_b>d, then phone them and tell them to move the lowercase letters back one. This makes it useless to shoulder surfers.

I'd also avoid mentioning the account name/email and the service in the same thread within a few messages, so they don't appear on the same screen ("that password you wanted: 3?TeJ)6RK]4Z_a>c" rather than "Netflix password: 3?TeJ)6RK]4Z_a>c").

A shared password database online might be more secure but with everyone on different devices it's a hassle and you still have to share the login for that. While that should be posssible without messaging a password, it's not going to be trivial to walk someone through for a one-off.

score 1 · Answer 10 · edited May 31 '17 at 15:00

1

Option A: you meet the people in question in person
Option B: you call them (god knows who's bugged your wires
Option C you send them an encrypted letter by snail mail and send the key by other means. (What's the chance of getting spied upon on 2 media)
Option D: don't care and just risk it

edited May 31 '17 at 15:00

Hannah Vernon

105
4

answered May 30 '17 at 20:31

Mark

119
3

1

A is not an option B is a good idea - not sure why nobody suggested it, C is too slow and expensive and D is an option but if I'm sending banking details or similar, this question can apply. – Tim May 31 '17 at 11:35

score 1 · Answer 11 · answered May 31 '17 at 10:55

1

How about changing the password to something more like "all your first names and ages, listed in order of age with a space between each word" and then tell this to the other members of your family.

OK, you're unlikely to have many special characters in there, but the sheer length of it should offer some protection.

answered May 31 '17 at 10:55

Phill W.

119
2

That's a pretty good idea - and there's loads of ways to do that, involving the house address etc. – Tim May 31 '17 at 11:15

score -1 · Answer 12 · answered Jun 01 '17 at 22:49

Just to give a different point of view from all other answers so far:

No.

However, I have to share this password with other members of the family, so they can also login to it. Is using WhatsApp or Facebook Messenger secret conversation an acceptable method for this?

No. It neither matters that your Netflix password is probably not so important; nor does it matter what Facebook says about its encryption.

The point is that you cannot know what they are doing internally. Do they encrypt every message with an additional master unlock key? Do they re-encrypt the messages along the way? I assume that neither Whatsapp nor Facebook (the apps) have been reverse engineered/peer reviewed. And even if they had been, they could be changed on every single update.

Reasons are plentiful. "We want to make your private conversations searchable - of COURSE only YOU can search through them...", "We want to make sure your private conversations stay around when you lose your phone" etc. etc. Storing your data is their prime business, after all.

You never know, you cannot really know, and it can change at any update. That should give you enough pause.

Why does it not matter that it's "only" Netflix? Because it leads to complacency. If you are used to just chatting your unimportant passwords around, you will sooner or later just don't care anymore and also send the important ones.

Are there better methods?

Sure. Public Key cryptography was invented to make it unnecessary to post passwords in the clear. Have your family create private/public keys, have them mail their public keys around in the clear, have them verify each other over the phone or when you meet in RL next time, and then you are all set to share any secrets you like, in the future.

Feasible? Probably not, with the current interest of the general public in security issues being as marginal as it is. But still - better.

Then there's Threema, which has been peer reviewed and is at least open source in the security department, where it counts. Of course, here it's also not trivial to make sure your messages are not also encrypted towards a master recipient, but at least you have some things to verify, with the source.

Right no, I'm of getting my 50 year old mother and 14 year old siblings to create private and public keys... my question was not "what is the best option" it was "is WhatsApp suitable" and you've not convinced me otherwise that WhatsApp is unsuitable for this task. Re: starting to send critical passwords around, why would I do that? What critical passwords would ever be shared? — Tim, Jun 02 '17 at 09:17
Also if you lose your phone, your messages are lost. This is obvious - they're encrypting with keys on the device so how would they retrieve them. https://www.whatsapp.com/faq/en/general/24460358 not only is this answer unhelpful and paranoid, it's wrong. And their privacy policy is clear that messages are not stored. — Tim, Jun 02 '17 at 09:21
We're on security.SE, @Tim. You already made up your mind, and I can't really see why you're asking the question at all. I gave you the answer from the point of view of security. I was frank with my possibility that my suggestions are probably not easily set up in a family network (although Threema could just be used, it's just an app). My point is adamantly that it is atrocious to trust in the "security" of any of the "secret" offers of the big players, partly from paranoia and partly from the experience of the last years (decades, actually). — AnoE, Jun 02 '17 at 09:44
But I note you don't address the points I linked to. They don't store messages because they say they don't, and they're privacy policy says they don't and they can't because of end to end encryption. My mind was not made up, but I wasn't expecting people to suggest non tech savvy people create keys. The paranoia is right - this is a paranoid answer, which I asked for multiple points of clarification and you gave none. Re theema. The issue is that there are too many different apps. Telegram, Theema, there are loads. I don't want to install 6 apps, one for each of my security paranoid friends. — Tim, Jun 02 '17 at 09:52
If you edit to reference the claims you made and clarify my questions I'll undo my downvote, but this is an answer that doesn't help people and is spreading mis information. — Tim, Jun 02 '17 at 09:54
@Tim, it's OK, we can agree to disagree. That's what the voting is for, after all. ;) — AnoE, Jun 02 '17 at 10:00

score -1 · Answer 13 · answered Jun 05 '17 at 16:56

-1

For secure trasmission/one-time-access, you may use ViaCrypt. You write your content, generate a unique link and send it to your destination. The link can only be validly open once, meaning that once someone clicks on it, futher access to the link won't show your message because it was already invalidated.

Writing as an answer because I still don't have reputation to comment.

answered Jun 05 '17 at 16:56

luizfzs

291
2
12

This does not answer the question because I was asking if WhatsApp is secure, not for other apps which are secure. – Tim Jun 05 '17 at 16:57
I know that @Tim, that's why I wanted to write it as a comment, as it is stated on my answer. I wrote it because it adds some information regarding secure transmission, which is the category the question falls into. – luizfzs Jun 05 '17 at 17:02

Is WhatsApp or Facebook Messenger secret conversation a reasonable method for transferring passwords?

13 Answers13

No.