Mitro’s shutting down — security is a full-time job.

As we mentioned previously, Mitro (www.mitro.co) is shutting down in early October. While the Mitro code is on Github and GPL3 licenced, the service itself will NO LONGER OPERATE AS OF OCTOBER 6. The turndown schedule and exporting instructions are at the end of this post.

One alternative for Mitro is Passopolis, which is based Mitro’s code. NB: we (Mitro, Lectorius Inc, the founders and I) are not associated with Passopolis and make no guarantees about the security or availability of that service.

Rationale

Evan Jones, Adam Hilss, and I founded Mitro back in 2012 with the mission of making exploring, remembering, and sharing access to products as easy, enjoyable, and secure as possible. We placed a significant emphasis on a simple design and password sharing functionality. A number of features were built for organizations — including administrative accounts. I explained some of the shortcomings in the space in my guest post about password management in VentureBeat.

In August 2014, the Mitro team joined Twitter. Twitter never acquired Mitro’s IP. Since then, the founders (Evan, Adam, and I) have been running the service, at a cost of about $300/month.

When we first announced that we were considering turning off our service, more than a dozen people (many of whom use our service in their companies) wrote to us, offering to contribute to the operational costs in various ways. We considered this carefully but have decided against continuing to run the service for the following reasons:

1. Running a security service cannot be a part-time job. The fact that Mitro is quite well-engineered (we haven’t even needed to log in to the system in months), makes it very tempting to continue to operate the service. Unfortunately, services need constant maintenance: security patches need to be applied, browser extension APIs change, and sites become incompatible over time. Password managers are “security-critical”: people trust us with the keys to their kingdoms, and we owe them the diligence to proactively search for, isolate, and eliminate potential security issues as quickly as possible. For instance, researchers are planning on revealing vulnerabilities in LastPass in November. Since we don’t know what the attack vectors are, we can’t tell you whether similar attacks are possible against Mitro. We wouldn’t have time to investigate and/or patch bugs even if we did know that what the vulnerabilities were.
2. Hiring contractors to administer a security service is fraught with risk. We also considered hiring part-time or full-time contractors to administer Mitro with donated money. If the contractor had the keys to sign and release our extension, an attacker would only need to compromise the contractor or somehow convince/coerce her to insert a vulnerability into the extension code.
3. Taking payment (even if it’s just to cover costs) comes with an implicit commitment. If you contributed money to a running service, you’d expect some level of availability and security, which we can no longer guarantee.
4. Government overreach. This hasn’t happened (yet), but if a government came knocking and asked us to release a “special” extension, or to somehow compromise a user’s account, we wouldn’t have resources to fight their request.

We’re all very busy with our full-time jobs at Twitter: I’m a Director of Engineering and NYC engineering site lead, Evan is managing a team working on Geo/Location products, and Adam is working on Project Lightning. Unfortunately, we simply do not have time to do a good job running Mitro.

We’re overjoyed that a number of people have been using the code we released, and are excited to see how Passopolis (which is built based on Mitro’s open sourced code and should have similar features) develops. Thanks for using Mitro; it was a great ride!

If a task has once begun.
Never leave it till it’s done.
Be the labor great or small.
Do it well or not at all.

Turn-down schedule and exporting data:

On September 25, 2015 Mitro will become read-only. This means that you will no longer be able to edit or add passwords or secrets.

On October 6, 2015 Mitro’s service will be shut down and all data, including all backups, will be erased. If you do not export your data before then, you will lose all access to your secret data.

In order to export your data from Mitro:

1. Click the Mitro extension button.
2. Click the gear in the lower right corner.
3. Click “Export Secrets”.
4. Click the “Export to CSV” button.
5. WAIT: The export is very slow if you have a lot of secrets (e.g. 10–30 minutes). It will look like nothing is happening, but something is.
6. When it is done, the page will download a file called “mitro-passwords.csv” and show the text “Export Complete”.

The mitro-passwords.csv file is in LastPass format, and can be imported into 1Password or LastPass.