Is this possible with 1password?
http://www.zdnet.com/article/onelogin-hit-by-data-breached-exposing-sensitive-customer-data/
Thanks!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:account hacked
Comments
-
I just saw this and wondered if we are protected enough... Is this possible this could happen to 1password?
0 -
I just saw this and wondered if we are protected enough... Is this possible this could happen to 1password?
@floridabrits: That's a great question. There's a lot going on behind the scenes when it comes to 1Password securing our data that is not completely obvious. I think it's important that 1Password doesn't shove technical complexity in our faces. So I'd like to offer a few simple points that summarize how 1Password secures our data, and I'm happy to answer any followup questions you might have. In a nutshell, this is how 1Password works:
- Your 1Password data is encrypted on your device before it is transmitted.
- The vault itself is stored as an encrypted database.
- Your Master Password (and Secret Key, if you're using a 1Password.com account) is never transmitted.
Indeed, when you use 1Password, AgileBits never has access to your data, regardless of the setup you choose. Even with 1Password.com, your data is encrypted on your device, so all the server ever ends up with is an encrypted blob. And since the Secret Key is created locally, your Master Password is only known by you, and neither is ever transmitted, no one — including AgileBits — has the means to decrypt the data.
Suffice to say, if someone gains access to our servers and dumps the full database (we've designed 1Password.com with this in mind), they simply don't have what they need to decrypt it, as each individual user alone has the keys to their data. So an attacker won't have that and can't get it from AgileBits, even if they get everything else. The information in your 1Password vault(s) is useless to anyone (including you) without the "keys" to decrypt it (which only you possess).
So while there's a lot more that goes into making all of this work smoothly, this is something that I think all of us (I am not mathematician) can understand and appreciate. Let me know if that helps! :)
0 -
That makes me relax a bit ;-) Thanks for explaining... lets just say I'm glad I'm not on the receiving end of this right now ;-)
Cheers!
0 -
Likewise, glad that helped. Knowing 1Password has my back helps me relax too. Be sure to let us know if you have any other questions. Cheers! :)
0 -
And users info was decrypted.
So what happened? This is horrible.
http://thehackernews.com/2017/06/onelogin-password-manager.html?m=1
0 -
I think that it's always the fear of most users, that by placing 'all the eggs in one basket', you potentially risk an event of this nature. From what I've read regarding the 1Password security set up though, I feel pretty confident. One thing is for sure, it only takes one event of this nature to potentially put a password management company out of business.
0 -
:)
This post intentionally blank; fixing a visual glitch with the forum software.
0
