1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News OneLogin hit by major data breach

Discussion in 'Article Discussion' started by Gareth Halfacree, 2 Jun 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,993
    Likes Received:
    2,118
  2. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    2,982
    Likes Received:
    1,093
    "security-enhancing tool"

    [​IMG]
     
  3. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,960
    Likes Received:
    237
    Have never and will never trust storing multiple passwords in the cloud and trusting the encryption to the same people that control the cloud storage. A data breach like this always has the possibility that the bad guys will get access to the lock and the key at the same time.

    (While slightly fearing that some horrible backdoor will make me eat my words), KeePass Cheesecake.
     
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,993
    Likes Received:
    2,118
    I assume you're aware of the previous (mostly Windows-specific) vulnerabilities like KeeFarce?

    I've gone a step further these days and migrated all my passwords to a physical device: the Mooltipass Mini.

    [​IMG]

    Stores all your passwords internally, AES-256 encrypted and unlocked only when you insert a smartcard containing the private key *and* a four-digit hexadecimal PIN. Shows up to the system as a USB HID keyboard - so works with anything, including smartphones and tablets with USB OTG - and there's an open-source software package that allows for bidirectional management to add new accounts, autofill in the browser, and capture credentials. You can even use it entirely standalone: if you plug it into a USB battery pack, you can have it display your password for a given site rather than type it in for you.

    Lovely thing. Just bought a second as a backup, in fact.
     
  5. Guest-16

    Guest-16 Guest

    That's really interesting. Mine is written down at home on a single scrap of paper.. somewhere. If you can break into my house and find it among the mounds of entropy my two kids create, can you let me know where it is because half the time I can't find it either.
     
  6. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,960
    Likes Received:
    237

Share This Page