Leo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 1 year ago1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comexternal-linkmessage-square46fedilinkarrow-up1260arrow-down16cross-posted to: technologynews@lemmy.linuxuserspace.showsysadmin@lemmy.worldhackernews@derp.foo
arrow-up1254arrow-down1external-link1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comLeo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 1 year agomessage-square46fedilinkcross-posted to: technologynews@lemmy.linuxuserspace.showsysadmin@lemmy.worldhackernews@derp.foo
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up4·1 year agoIt’s not as simple as brute forcing the password, it’s also encrypted using a secret key. You essentially have 2 factor encryption on the vaults.
minus-squareAppoxo@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2arrow-down3·1 year agoIf a user was social engineered, not very tech savy to catch on to it and revealed the master password, you’d only need to guess the encryption key, no?
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up3·1 year agoYes, but the encryption key is very likely more secure than the users password to begin with.
It’s not as simple as brute forcing the password, it’s also encrypted using a secret key. You essentially have 2 factor encryption on the vaults.
If a user was social engineered, not very tech savy to catch on to it and revealed the master password, you’d only need to guess the encryption key, no?
Yes, but the encryption key is very likely more secure than the users password to begin with.