this post was submitted on 24 Oct 2023
65 points (98.5% liked)

Sysadmin

7467 readers
2 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
65
1Password discloses security incident linked to Okta breach (www.bleepingcomputer.com)
submitted 10 months ago by [email protected] to c/[email protected]
8 comments fedilink hide all child comments
all 9 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 10 months ago (1 children)

Fantastic, my company just switched to a new site that uses Okta for verification.

[–] [email protected] 13 points 10 months ago

That's fine. People don't read the article anyway and it was the support portal of Okta that was breached.

So you are effected if your IT team had a support ticket open with okta and provided a support file and even then only the user details in the support file was effected.

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (2 children)

Just use SyncThing or Resilio Sync and practice on an example dummy database with KeepPass rather than get all these random companies involved.

Practice with a keyfile but be very careful. Gets rid of all this "external authentication" bullshit that makes stuff like this even possible. Either you know and have the keyfile or you don't, no need for companies that acts as authenticators.

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago) (1 children)

1password is an amazing service. I use to use keeppass but the family, shared vaults and web extensions are worth it.

Nothing was really breached here in their end.

[–] [email protected] 1 points 10 months ago (1 children)

Thats ok but they're non-starter for me (if someone who's super non-technie needed a pm I would likely recommend it if they're really bad), I need to own everything and not have to worry about subscriptions or servers or whatever

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (1 children)

I understand the want to own all your data. But if there is any company I would stick up for it's the 1password folks. Even if your subscription expires you still keep access to your info and can export it. It goes into a read only mode.

I also have 2fa on my account. Is that possible with keeppass yet?

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

2fa

If it wasn't always so, it definitely is now.

The more important part to me is easy data portabillity but also that I wanna pay for it once and never have to worry. Actually bought 1Password 7 and that did not age well... :/ Bitwarden was actually a lifesaving stopgap measure and I vowed to never be dependant on a venture/startup/big player password managers ever again and I absolutely do not trust Keychain and also it sucks.