1Password discloses security incident linked to Okta breachLeo@lemmy.linuxuserspace.show to Technology@lemmy.world – 257 points – 12 months agobleepingcomputer.com46Post a CommentPreviewYou are viewing a single commentView all commentsShow the parent commentI hope they don't have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked? Also, you can go multi-factor with every password manager I know.They don't have your password in any form. The random key is generated with a CSPRNG, we don't know how to crack those. They aren't hiding behind secrets: it's all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf 1Password is quite good.Not good enough clearly.You clearly don’t understand what happened, nor what it would take to get into a users password store.Not as clearly as you seem to think. You'll struggle to find qualified people with criticism of their response.
I hope they don't have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked? Also, you can go multi-factor with every password manager I know.They don't have your password in any form. The random key is generated with a CSPRNG, we don't know how to crack those. They aren't hiding behind secrets: it's all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf 1Password is quite good.Not good enough clearly.You clearly don’t understand what happened, nor what it would take to get into a users password store.Not as clearly as you seem to think. You'll struggle to find qualified people with criticism of their response.
They don't have your password in any form. The random key is generated with a CSPRNG, we don't know how to crack those. They aren't hiding behind secrets: it's all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf 1Password is quite good.Not good enough clearly.You clearly don’t understand what happened, nor what it would take to get into a users password store.Not as clearly as you seem to think. You'll struggle to find qualified people with criticism of their response.
Not good enough clearly.You clearly don’t understand what happened, nor what it would take to get into a users password store.Not as clearly as you seem to think. You'll struggle to find qualified people with criticism of their response.
You clearly don’t understand what happened, nor what it would take to get into a users password store.
Not as clearly as you seem to think. You'll struggle to find qualified people with criticism of their response.
I hope they don't have your master password either. The decryption key sounds like just a longer password or salt with extra steps. What if the generation algo is cracked?
Also, you can go multi-factor with every password manager I know.
They don't have your password in any form. The random key is generated with a CSPRNG, we don't know how to crack those. They aren't hiding behind secrets: it's all documented right here https://1passwordstatic.com/files/security/1password-white-paper.pdf
1Password is quite good.
Not good enough clearly.
You clearly don’t understand what happened, nor what it would take to get into a users password store.
Not as clearly as you seem to think. You'll struggle to find qualified people with criticism of their response.