1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News OneLogin hit by major data breach

Discussion in 'Article Discussion' started by Gareth Halfacree, 2 Jun 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,129
    Likes Received:
    6,717
    Gareth Halfacree, 2 Jun 2017
    #1
  2. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,195
    Likes Received:
    2,770
    "security-enhancing tool"

    [​IMG]
     
    MLyons, 2 Jun 2017
    #2
  3. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    3,556
    Likes Received:
    646
    Have never and will never trust storing multiple passwords in the cloud and trusting the encryption to the same people that control the cloud storage. A data breach like this always has the possibility that the bad guys will get access to the lock and the key at the same time.

    (While slightly fearing that some horrible backdoor will make me eat my words), KeePass Cheesecake.
     
    wolfticket, 2 Jun 2017
    #3
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,129
    Likes Received:
    6,717
    I assume you're aware of the previous (mostly Windows-specific) vulnerabilities like KeeFarce?

    I've gone a step further these days and migrated all my passwords to a physical device: the Mooltipass Mini.

    [​IMG]

    Stores all your passwords internally, AES-256 encrypted and unlocked only when you insert a smartcard containing the private key *and* a four-digit hexadecimal PIN. Shows up to the system as a USB HID keyboard - so works with anything, including smartphones and tablets with USB OTG - and there's an open-source software package that allows for bidirectional management to add new accounts, autofill in the browser, and capture credentials. You can even use it entirely standalone: if you plug it into a USB battery pack, you can have it display your password for a given site rather than type it in for you.

    Lovely thing. Just bought a second as a backup, in fact.
     
    Gareth Halfacree, 4 Jun 2017
    #4
  5. Guest-16

    Guest-16 Guest

    That's really interesting. Mine is written down at home on a single scrap of paper.. somewhere. If you can break into my house and find it among the mounds of entropy my two kids create, can you let me know where it is because half the time I can't find it either.
     
    Guest-16, 4 Jun 2017
    #5
  6. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    3,556
    Likes Received:
    646
    wolfticket, 4 Jun 2017
    #6
Tags: Edit

Share This Page