No Okta, it was senior management, not an errant employee, that caused you to get hacked
You still need the comma before Okta to be grammatically correct.
More correct would be to just use multiple sentences.
“No, Okta. It was senior management, not an errant employee, that caused you to get hacked.
That makes sense! I sometimes leave out commas that are probably necessary but feel excessive. I should just work on rephrasing things in a way such that commas aren't necessary to begin with
Commas, although sometimes omitted, should be used, and used often, as a means to clarify, and especially improve, long-winded statements, such as this one.
You could use a semicolon rather than a fullstop as well:
“No, Okta; it was senior management, not an errant employee, that caused you to get hacked.”
That may help elucidate the meaning better while maintaining a single sentence, as is par for the course with headlines.
For real, had to read it like 3x to understand. The amount of commas in the OP title is just unnatural. I might even do:
No Okta, it was senior management - not an errant employee - that caused you to get hacked.
If that's wrong, then I have no idea what hyphens are for lol.
In this case, those hyphens should be em dashes (a great punctuation mark).
Use them when trying to split up a sentence — like when you need to inject information that breaks the sentence flow — without splitting it into multiple sentences. They're like parentheses that emphasize their information instead of quietly setting it to the side.
On Windows, the alt code is 0151. On Android (and iOS?), just hold down on the hyphen key and choose the longest option. No clue how to get it on macOS.
I ended up learning about em dashes about a year ago on one of my random knowledge-for-writing binges I do! idk why but they're one of my favorite pieces of trivia to throw at people
Thanks for the correction and explanation!
I read both of those correctly.....then, I re-read the title with punctuation...ooof.
This is a case where I’d actually use parentheses.
No, Okta, it was senior management (not an errant employee) that got you hacked.
I like this one
No, Okta; senior management caused you to get hacked, not an errant employee.
Blocking the use of personal Google profiles with Google Chrome (Complete) Okta has implemented a specific configuration option within Chrome Enterprise that prevents sign-in to Chrome on their Okta-managed laptop using a personal Google profile.
This is one of the simplest things to achieve but it gets so much pushback from C-level it's frustrating. I tried to push this, once the personal @gmail.com accounts got revoked all hell broke loose, despite being a clear security vulnerability. It also doesn't help that they have these "sync" features nowadays that re-download all the extensions you have on other devices so only god knows what type of malware you're letting into your environment.
What s bunch of C-units
I mean if you're on GSuite, fundamentally isn't a loss of control of your personal Gmail account just as likely as a loss of control of your professional account?
It does show how browsers offering cloud-synched password vaults without mandating 2FA to use that feature is grossly irresponsible.
2FA is, in my experience, the thing that would be blocking 99% of this kind of attack. Which shows how if you're regularly using something that doesnt have 2FA that should be a red flag. In this case it was 2 layers of that:
Their google account probably didn't have 2FA, and neither did that service account. Now obviously a service account generally won't have 2FA, but if you're regularly keying in service account credentials into a web browser something has gone wrong.
Not necessarily 2fa only secures you from direct attacks to the google login, but attackers can gain access another way: session cookie stealing.
2fa only really exists because people aren’t using better & unique passwords
Number 2 isn't true. I could choose a super strong password, but if the company chose to roll their own security and the dev chose to store user passwords in plain text, then their database is hacked, my password is out in the open. This happens all the time, even with huge tech companies.
That cannot happen with MFA since the password never leaves your hardware key.
Using my company's network, access to Google (Gmail) authentication is blocked by the firewall. Why haven't they done similarly if employees aren't supposed to do so?
Based on a few DNS lookups, I see that Okta likely uses GSuite. Would it still be possible the block non-work related Google logins at the firewall level? Seems that would complicate things quite a bit.
Title seems correct but confusing
You still need the comma before Okta to be grammatically correct.
More correct would be to just use multiple sentences.
“No, Okta. It was senior management, not an errant employee, that caused you to get hacked.
That makes sense! I sometimes leave out commas that are probably necessary but feel excessive. I should just work on rephrasing things in a way such that commas aren't necessary to begin with
Commas, although sometimes omitted, should be used, and used often, as a means to clarify, and especially improve, long-winded statements, such as this one.
You could use a semicolon rather than a fullstop as well:
“No, Okta; it was senior management, not an errant employee, that caused you to get hacked.”
That may help elucidate the meaning better while maintaining a single sentence, as is par for the course with headlines.
For real, had to read it like 3x to understand. The amount of commas in the OP title is just unnatural. I might even do:
If that's wrong, then I have no idea what hyphens are for lol.
In this case, those hyphens should be em dashes (a great punctuation mark).
Use them when trying to split up a sentence — like when you need to inject information that breaks the sentence flow — without splitting it into multiple sentences. They're like parentheses that emphasize their information instead of quietly setting it to the side.
On Windows, the alt code is 0151. On Android (and iOS?), just hold down on the hyphen key and choose the longest option. No clue how to get it on macOS.
I ended up learning about em dashes about a year ago on one of my random knowledge-for-writing binges I do! idk why but they're one of my favorite pieces of trivia to throw at people
Thanks for the correction and explanation!
I read both of those correctly.....then, I re-read the title with punctuation...ooof.
This is a case where I’d actually use parentheses.
No, Okta, it was senior management (not an errant employee) that got you hacked.
I like this one
No, Okta; senior management caused you to get hacked, not an errant employee.
This is one of the simplest things to achieve but it gets so much pushback from C-level it's frustrating. I tried to push this, once the personal @gmail.com accounts got revoked all hell broke loose, despite being a clear security vulnerability. It also doesn't help that they have these "sync" features nowadays that re-download all the extensions you have on other devices so only god knows what type of malware you're letting into your environment.
What s bunch of C-units
I mean if you're on GSuite, fundamentally isn't a loss of control of your personal Gmail account just as likely as a loss of control of your professional account?
It does show how browsers offering cloud-synched password vaults without mandating 2FA to use that feature is grossly irresponsible.
2FA is, in my experience, the thing that would be blocking 99% of this kind of attack. Which shows how if you're regularly using something that doesnt have 2FA that should be a red flag. In this case it was 2 layers of that:
Their google account probably didn't have 2FA, and neither did that service account. Now obviously a service account generally won't have 2FA, but if you're regularly keying in service account credentials into a web browser something has gone wrong.
Number 2 isn't true. I could choose a super strong password, but if the company chose to roll their own security and the dev chose to store user passwords in plain text, then their database is hacked, my password is out in the open. This happens all the time, even with huge tech companies.
That cannot happen with MFA since the password never leaves your hardware key.
Using my company's network, access to Google (Gmail) authentication is blocked by the firewall. Why haven't they done similarly if employees aren't supposed to do so?
Based on a few DNS lookups, I see that Okta likely uses GSuite. Would it still be possible the block non-work related Google logins at the firewall level? Seems that would complicate things quite a bit.
It would indeed. "Problematic by design" then?