this post was submitted on 26 Oct 2023
259 points (97.1% liked)

Technology

59374 readers
7113 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
259
1Password discloses security incident linked to Okta breach (www.bleepingcomputer.com)
submitted 1 year ago by [email protected] to c/[email protected]
46 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 51 points 1 year ago (26 children)

It wasn't 1Password that got breached, it was a 3rd party company called Okta, which 1Password was using in some capacity.

The attempted breach was detected and the hackers had only 1 set of Okta credentials from 1 member of the IT team. So they couldn't actually do much.

It was detected and immediately all the keys were changed so the hacker lost all access to Okta immediately.

No 1Password systems were affected at all.

Hypothetically even if the hackers somehow managed to get a customers vault, they would never be able to decrypt it because it requires 1. The master password AND 2. The very long and complex decryption key, which only the user posseses.

Even 1Password does not posses it so it's literally impossible for the vault to be hacked.

1Password is still by far THE most secure password manager.

[–] [email protected] 12 points 1 year ago (2 children)

Care to back up the last statement about last pass being the most secure? I'm having a really hard time seeing lastpass as more secure than a local only password manager like keepass or KeePassXC.

Honestly, this reads like a PR post.

[–] [email protected] 10 points 1 year ago

It really does read like a PR post.

There's some bold confident statements in there that are definitely not really accurate from the standpoint of software and system security.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

OP said 1password, not LastPass.

Something local with sufficient encryption will always win against a cloud service, until someone gets access to your computer.

load more comments (23 replies)