Leo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 2 years ago1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comexternal-linkmessage-square46linkfedilinkarrow-up1267arrow-down18
arrow-up1259arrow-down1external-link1Password discloses security incident linked to Okta breachwww.bleepingcomputer.comLeo@lemmy.linuxuserspace.show to Technology@lemmy.worldEnglish · 2 years agomessage-square46linkfedilink
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up4·2 years agoIt’s not as simple as brute forcing the password, it’s also encrypted using a secret key. You essentially have 2 factor encryption on the vaults.
minus-squareAppoxo@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2arrow-down3·2 years agoIf a user was social engineered, not very tech savy to catch on to it and revealed the master password, you’d only need to guess the encryption key, no?
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up3·2 years agoYes, but the encryption key is very likely more secure than the users password to begin with.
It’s not as simple as brute forcing the password, it’s also encrypted using a secret key. You essentially have 2 factor encryption on the vaults.
If a user was social engineered, not very tech savy to catch on to it and revealed the master password, you’d only need to guess the encryption key, no?
Yes, but the encryption key is very likely more secure than the users password to begin with.