Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

1Password discloses security incident linked to Okta breach

⁨263⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨leo@lemmy.linuxuserspace.show⁩ to ⁨technology@lemmy.world⁩

https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/

source

Comments

Sort:hotnewtop
  • KairuByte@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago

    Save you a click: No user data was compromised.

    source
    • pingveno@kbin.social ⁨1⁩ ⁨year⁩ ago

      Regardless, I'm glad they are being open about this. I use 1password, so I want to know absolutely anything that could be a threat, especially after the debacle with LastPass.

      source
      • ziggurism@lemmy.world ⁨1⁩ ⁨year⁩ ago

        1password user data is encrypted, right? so even if a hack had allowed a bad actor access to user pw databases, it’s not like they would’ve just scored everyone’s passwords… right?

        source
        • -> View More Comments
  • danielfgom@lemmy.world ⁨1⁩ ⁨year⁩ ago

    It wasn’t 1Password that got breached, it was a 3rd party company called Okta, which 1Password was using in some capacity.

    The attempted breach was detected and the hackers had only 1 set of Okta credentials from 1 member of the IT team. So they couldn’t actually do much.

    It was detected and immediately all the keys were changed so the hacker lost all access to Okta immediately.

    No 1Password systems were affected at all.

    Hypothetically even if the hackers somehow managed to get a customers vault, they would never be able to decrypt it because it requires 1. The master password AND 2. The very long and complex decryption key, which only the user posseses.

    Even 1Password does not posses it so it’s literally impossible for the vault to be hacked.

    1Password is still by far THE most secure password manager.

    source
    • Appoxo@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago

      1Password is still by far THE most secure password manager.

      Now that is a very confident statement. Any sources to back that up? Maybe even a comparison to other password managers like Bitwarden, LastPass, etc.?

      source
      • Lime66@lemmy.world ⁨1⁩ ⁨year⁩ ago

        Don’t compare it to last pass, you’ll have an answer very shortly

        source
        • -> View More Comments
      • ram@bookwormstory.social ⁨1⁩ ⁨year⁩ ago

        Please don’t bring up LastPass in this conversation. They aren’t relevant to anything wrt security, and worse yet, they remain extremely opaque with their security protocols.

        source
      • douglasg14b@lemmy.world ⁨1⁩ ⁨year⁩ ago

        Yeah definitely not worth doing a comparison to LastPass but doing the comparison to bitwarden and then local only ones like keypass/KeepassXC may be worthwhile

        source
        • -> View More Comments
      • qqq@lemmy.world ⁨1⁩ ⁨year⁩ ago

        Not sure if you’ve read this but it might help get started.

        1passwordstatic.com/…/1password-white-paper.pdf

        source
      • dangblingus@lemmy.world ⁨1⁩ ⁨year⁩ ago

        Considering we’re hearing about a lot of password managers getting hacked, saying you’re the most secure is not really that impressive.

        source
    • hillbicks@feddit.de ⁨1⁩ ⁨year⁩ ago

      Care to back up the last statement about last pass being the most secure? I’m having a really hard time seeing lastpass as more secure than a local only password manager like keepass or KeePassXC.

      Honestly, this reads like a PR post.

      source
      • douglasg14b@lemmy.world ⁨1⁩ ⁨year⁩ ago

        It really does read like a PR post.

        There’s some bold confident statements in there that are definitely not really accurate from the standpoint of software and system security.

        source
      • isVeryLoud@lemmy.ca ⁨1⁩ ⁨year⁩ ago

        OP said 1password, not LastPass

        source
    • BowserDelta@lemmy.world ⁨1⁩ ⁨year⁩ ago

      Is it more secure than Bitwarden? (Genuine question)

      source
      • danielfgom@lemmy.world ⁨1⁩ ⁨year⁩ ago

        In theory yes because Bitwarden only uses your master password to unlock your password collection. If someone were to brute force the password and figure it out, or if bitwarden servers were hacked and the password acquired, they could access all your passwords.

        With 1Password your vault (database with all your passwords) is encrypted on the server. To open it you must provide 2 things:

        1. The master password
        2. The decryption key

        1Password do not have any record of the decryption key. They give it to you as a pdf when you create your account, and only you have it.

        So even if someone cracked your master password, they still cannot decrypt the vault to get your info. They would have to come to your house and try find that pdf with decryption key. Which they don’t do.

        So you are at significantly safer on 1Password

        source
        • -> View More Comments
    • Melco@lemmy.world ⁨1⁩ ⁨year⁩ ago
      [deleted]
      source
      • StereoTrespasser@lemmy.world ⁨1⁩ ⁨year⁩ ago

        I can guarantee you they are not monitoring 30-message Lemmy posts on something that happened weeks ago for damage control. I’m sorry to say that your personal opinion is not that important.

        source
  • scarabic@lemmy.world ⁨1⁩ ⁨year⁩ ago

    Fucking Okta. Or as I call it Okra.

    source
  • dangblingus@lemmy.world ⁨1⁩ ⁨year⁩ ago

    Imagine trusting a 3rd party to keep every single one of your passwords. That literally defeats the purpose of using passwords if you keep them all centralized. You’re supposed to MEMORIZE your passwords. Kindergarten shit.

    source
    • dinckelman@lemmy.world ⁨1⁩ ⁨year⁩ ago

      I have 1400 passwords saved at the moment. You really expect me to memorize all of them?

      source
    • Theharpyeagle@lemmy.world ⁨1⁩ ⁨year⁩ ago

      There’s a tradeoff between security and convenience that has to be dealt with. You’re not supposed to reuse passwords, but most sites/apps require a login. How do you memorize a couple hundred passwords? An offline vault is safer, but also a real hassle to keep synchronized between devices and locations.

      I’ve settled on memorizing passwords for financial sites and emails and storing the rest in a password manager. All I can hope is that, should a breach happen and my passwords somehow get decrypted, I’ll retain control over the most critical accounts.

      source
  • NeoNachtwaechter@lemmy.world ⁨1⁩ ⁨year⁩ ago

    Interesting to learn how to open up not just one PC but a whole infrastructure of passwords, tokens etc.

    source