It wasn’t 1Password that got breached, it was a 3rd party company called Okta, which 1Password was using in some capacity.
The attempted breach was detected and the hackers had only 1 set of Okta credentials from 1 member of the IT team. So they couldn’t actually do much.
It was detected and immediately all the keys were changed so the hacker lost all access to Okta immediately.
No 1Password systems were affected at all.
Hypothetically even if the hackers somehow managed to get a customers vault, they would never be able to decrypt it because it requires 1. The master password AND 2. The very long and complex decryption key, which only the user posseses.
Even 1Password does not posses it so it’s literally impossible for the vault to be hacked.
1Password is still by far THE most secure password manager.
1Password is still by far THE most secure password manager.
Now that is a very confident statement. Any sources to back that up? Maybe even a comparison to other password managers like Bitwarden, LastPass, etc.?
Hmm. Why don’t you let everyone know what you know about encryption. Or, let everyone know how much you don’t know about encryption by just stating, “Nothing is unhackable”.
I mean… also, insecure things are eminently hackable and you don’t know until someone has tried. That’s the main reason companies hire penetration testers.
I think my knowledge suffices to say that equal to physical security no security is forever safe. At some point a weak point will be exposed.
And if you can get a hand on encrypted content and live long enough with the right ressources and determination you might be able to crack something.
Because afaik it’s all math at some point. Math is logic and logic can be cracked.
Interesting. Currently, I guess if you have hundreds of years to sit at the most advanced computers currently available you too can crack modern encryption…
Please don’t bring up LastPass in this conversation. They aren’t relevant to anything wrt security, and worse yet, they remain extremely opaque with their security protocols.
Yeah definitely not worth doing a comparison to LastPass but doing the comparison to bitwarden and then local only ones like keypass/KeepassXC may be worthwhile
Oh yeah. How secure is a local encrypted password safe that is synced via things like Dropbox/OneDrive/GDrive/Syncthing or Resilio in comparison to something like Bitwarden and 1Password.
Care to back up the last statement about last pass being the most secure? I’m having a really hard time seeing lastpass as more secure than a local only password manager like keepass or KeePassXC.
I can guarantee you they are not monitoring 30-message Lemmy posts on something that happened weeks ago for damage control. I’m sorry to say that your personal opinion is not that important.
It wasn’t 1Password that got breached, it was a 3rd party company called Okta, which 1Password was using in some capacity.
The attempted breach was detected and the hackers had only 1 set of Okta credentials from 1 member of the IT team. So they couldn’t actually do much.
It was detected and immediately all the keys were changed so the hacker lost all access to Okta immediately.
No 1Password systems were affected at all.
Hypothetically even if the hackers somehow managed to get a customers vault, they would never be able to decrypt it because it requires 1. The master password AND 2. The very long and complex decryption key, which only the user posseses.
Even 1Password does not posses it so it’s literally impossible for the vault to be hacked.
1Password is still by far THE most secure password manager.
Now that is a very confident statement. Any sources to back that up? Maybe even a comparison to other password managers like Bitwarden, LastPass, etc.?
Don’t compare it to last pass, you’ll have an answer very shortly
First password manager coming to mind because of such things.
Nothing is unhackable.
Hmm. Why don’t you let everyone know what you know about encryption. Or, let everyone know how much you don’t know about encryption by just stating, “Nothing is unhackable”.
Opsec is a treadmill. Everything is hackable. This is why companies hire penetration testers.
I mean… also, insecure things are eminently hackable and you don’t know until someone has tried. That’s the main reason companies hire penetration testers.
I think my knowledge suffices to say that equal to physical security no security is forever safe. At some point a weak point will be exposed.
And if you can get a hand on encrypted content and live long enough with the right ressources and determination you might be able to crack something.
Because afaik it’s all math at some point. Math is logic and logic can be cracked.
Interesting. Currently, I guess if you have hundreds of years to sit at the most advanced computers currently available you too can crack modern encryption…
Please don’t bring up LastPass in this conversation. They aren’t relevant to anything wrt security, and worse yet, they remain extremely opaque with their security protocols.
Yeah definitely not worth doing a comparison to LastPass but doing the comparison to bitwarden and then local only ones like keypass/KeepassXC may be worthwhile
Oh yeah. How secure is a local encrypted password safe that is synced via things like Dropbox/OneDrive/GDrive/Syncthing or Resilio in comparison to something like Bitwarden and 1Password.
Not sure if you’ve read this but it might help get started.
https://1passwordstatic.com/files/security/1password-white-paper.pdf
Considering we’re hearing about a lot of password managers getting hacked, saying you’re the most secure is not really that impressive.
Is it more secure than Bitwarden? (Genuine question)
Care to back up the last statement about last pass being the most secure? I’m having a really hard time seeing lastpass as more secure than a local only password manager like keepass or KeePassXC.
Honestly, this reads like a PR post.
OP said 1password, not LastPass.
Something local with sufficient encryption will always win against a cloud service, until someone gets access to your computer.
deleted by creator
I can guarantee you they are not monitoring 30-message Lemmy posts on something that happened weeks ago for damage control. I’m sorry to say that your personal opinion is not that important.