Leo to [email protected]English • 2 years ago1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comexternal-linkmessage-square46fedilinkarrow-up1264cross-posted to: [email protected][email protected][email protected][email protected][email protected]
arrow-up1264external-link1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comLeo to [email protected]English • 2 years agomessage-square46fedilinkcross-posted to: [email protected][email protected][email protected][email protected][email protected]
minus-squareGigglyBobblelinkfedilink7•edit-22 years agoI hope they don’t have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked? Also, you can go multi-factor with every password manager I know.
minus-square@[email protected]linkfedilinkEnglish7•edit-22 years agoThey don’t have your password in any form. The random key is generated with a CSPRNG, we don’t know how to crack those. They aren’t hiding behind secrets: it’s all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf 1Password is quite good.
minus-square@[email protected]linkfedilinkEnglish1•2 years agoNot as clearly as you seem to think. You’ll struggle to find qualified people with criticism of their response.
minus-square@[email protected]linkfedilinkEnglish2•2 years agoYou clearly don’t understand what happened, nor what it would take to get into a users password store.
I hope they don’t have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked?
Also, you can go multi-factor with every password manager I know.
They don’t have your password in any form. The random key is generated with a CSPRNG, we don’t know how to crack those. They aren’t hiding behind secrets: it’s all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf
1Password is quite good.
Not good enough clearly.
Not as clearly as you seem to think. You’ll struggle to find qualified people with criticism of their response.
You clearly don’t understand what happened, nor what it would take to get into a users password store.