Leo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 1 year ago1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comexternal-linkmessage-square46fedilinkarrow-up1267arrow-down18cross-posted to: technology@lemmy.mlnews@lemmy.linuxuserspace.showsysadmin@lemmy.worldhackernews@derp.footechnews@radiation.party
arrow-up1259arrow-down1external-link1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comLeo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 1 year agomessage-square46fedilinkcross-posted to: technology@lemmy.mlnews@lemmy.linuxuserspace.showsysadmin@lemmy.worldhackernews@derp.footechnews@radiation.party
minus-squareGigglyBobble@kbin.sociallinkfedilinkarrow-up7·edit-21 year agoI hope they don’t have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked? Also, you can go multi-factor with every password manager I know.
minus-squareqqq@lemmy.worldlinkfedilinkEnglisharrow-up7·edit-21 year agoThey don’t have your password in any form. The random key is generated with a CSPRNG, we don’t know how to crack those. They aren’t hiding behind secrets: it’s all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf 1Password is quite good.
minus-squaredangblingus@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down8·1 year agoNot good enough clearly.
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2·1 year agoYou clearly don’t understand what happened, nor what it would take to get into a users password store.
minus-squarePoliticalAgitator@lemm.eelinkfedilinkEnglisharrow-up1·1 year agoNot as clearly as you seem to think. You’ll struggle to find qualified people with criticism of their response.
I hope they don’t have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked?
Also, you can go multi-factor with every password manager I know.
They don’t have your password in any form. The random key is generated with a CSPRNG, we don’t know how to crack those. They aren’t hiding behind secrets: it’s all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf
1Password is quite good.
Not good enough clearly.
You clearly don’t understand what happened, nor what it would take to get into a users password store.
Not as clearly as you seem to think. You’ll struggle to find qualified people with criticism of their response.