259

1Password discloses security incident linked to Okta breach (www.bleepingcomputer.com)

submitted 1 year ago by leo@lemmy.linuxuserspace.show to c/technology@lemmy.world

46 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] danielfgom@lemmy.world 51 points 1 year ago

It wasn't 1Password that got breached, it was a 3rd party company called Okta, which 1Password was using in some capacity.

The attempted breach was detected and the hackers had only 1 set of Okta credentials from 1 member of the IT team. So they couldn't actually do much.

It was detected and immediately all the keys were changed so the hacker lost all access to Okta immediately.

No 1Password systems were affected at all.

Hypothetically even if the hackers somehow managed to get a customers vault, they would never be able to decrypt it because it requires 1. The master password AND 2. The very long and complex decryption key, which only the user posseses.

Even 1Password does not posses it so it's literally impossible for the vault to be hacked.

1Password is still by far THE most secure password manager.

[-] Appoxo@lemmy.dbzer0.com 39 points 1 year ago

1Password is still by far THE most secure password manager.

Now that is a very confident statement. Any sources to back that up? Maybe even a comparison to other password managers like Bitwarden, LastPass, etc.?

[-] Lime66@lemmy.world 29 points 1 year ago

Don't compare it to last pass, you'll have an answer very shortly

[-] Appoxo@lemmy.dbzer0.com 4 points 1 year ago

First password manager coming to mind because of such things.
Nothing is unhackable.

[+] hystericallymad@lemmy.ml -9 points 1 year ago* (last edited 1 year ago)

Hmm. Why don’t you let everyone know what you know about encryption. Or, let everyone know how much you don’t know about encryption by just stating, “Nothing is unhackable”.

[-] dangblingus@lemmy.world 5 points 1 year ago

Opsec is a treadmill. Everything is hackable. This is why companies hire penetration testers.

[-] ChaoticEntropy@feddit.uk 1 points 1 year ago* (last edited 1 year ago)

I mean... also, insecure things are eminently hackable and you don't know until someone has tried. That's the main reason companies hire penetration testers.

[-] Appoxo@lemmy.dbzer0.com 2 points 1 year ago* (last edited 1 year ago)

I think my knowledge suffices to say that equal to physical security no security is forever safe. At some point a weak point will be exposed.
And if you can get a hand on encrypted content and live long enough with the right ressources and determination you might be able to crack something.

Because afaik it's all math at some point. Math is logic and logic can be cracked.

[-] hystericallymad@lemmy.ml -1 points 1 year ago

Interesting. Currently, I guess if you have hundreds of years to sit at the most advanced computers currently available you too can crack modern encryption…

load more comments (10 replies)

load more comments (23 replies)

this post was submitted on 26 Oct 2023

259 points (97.1% liked)

Technology

59414 readers

1100 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS