Leo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 1 year ago1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comexternal-linkmessage-square42fedilinkarrow-up1241arrow-down18cross-posted to: technews@radiation.party
arrow-up1233arrow-down1external-link1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comLeo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 1 year agomessage-square42fedilinkcross-posted to: technews@radiation.party
minus-squareGigglyBobble@kbin.sociallinkfedilinkarrow-up5·edit-21 year agoI hope they don’t have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked? Also, you can go multi-factor with every password manager I know.
minus-squareqqq@lemmy.worldlinkfedilinkEnglisharrow-up7·edit-21 year agoThey don’t have your password in any form. The random key is generated with a CSPRNG, we don’t know how to crack those. They aren’t hiding behind secrets: it’s all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf 1Password is quite good.
minus-squaredangblingus@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down8·1 year agoNot good enough clearly.
minus-squarePoliticalAgitator@lemm.eelinkfedilinkEnglisharrow-up1·1 year agoNot as clearly as you seem to think. You’ll struggle to find qualified people with criticism of their response.
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up1·1 year agoYou clearly don’t understand what happened, nor what it would take to get into a users password store.
I hope they don’t have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked?
Also, you can go multi-factor with every password manager I know.
They don’t have your password in any form. The random key is generated with a CSPRNG, we don’t know how to crack those. They aren’t hiding behind secrets: it’s all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf
1Password is quite good.
Not good enough clearly.
Not as clearly as you seem to think. You’ll struggle to find qualified people with criticism of their response.
You clearly don’t understand what happened, nor what it would take to get into a users password store.