Leo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 8 months ago1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comexternal-linkmessage-square46fedilinkarrow-up1267arrow-down18cross-posted to: technology@lemmy.mlnews@lemmy.linuxuserspace.showsysadmin@lemmy.worldtechnews@radiation.party
arrow-up1259arrow-down1external-link1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comLeo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 8 months agomessage-square46fedilinkcross-posted to: technology@lemmy.mlnews@lemmy.linuxuserspace.showsysadmin@lemmy.worldtechnews@radiation.party
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up4·8 months agoIt’s not as simple as brute forcing the password, it’s also encrypted using a secret key. You essentially have 2 factor encryption on the vaults.
minus-squareAppoxo@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2arrow-down3·8 months agoIf a user was social engineered, not very tech savy to catch on to it and revealed the master password, you’d only need to guess the encryption key, no?
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up3·8 months agoYes, but the encryption key is very likely more secure than the users password to begin with.
It’s not as simple as brute forcing the password, it’s also encrypted using a secret key. You essentially have 2 factor encryption on the vaults.
If a user was social engineered, not very tech savy to catch on to it and revealed the master password, you’d only need to guess the encryption key, no?
Yes, but the encryption key is very likely more secure than the users password to begin with.