How much do encrypted passwords actually help when companies let our information get hacked?

Options
onidraug
onidraug
Community Member
in Lounge

I recently received one of those emails:

Dear User, your information may or may not have been recently downloaded and you must change all passwords, IP addresses, phone number, bank account, physical address, and legal name.

What I'm wondering, how safe is generated encrypted passwords through 1Password in that scenario? I imagine a hacker with an organized spreadsheet detailing all of our information, and he just glides his finger across a row to see exactly what our login name and password is. Is there really a point these jumbled letters, numbers, caps, and symbols?

Paulie G
Curious 1Password Customer

Comments

  • RichardPayne
    RichardPayne
    Community Member
    Options

    Dear User, your information may or may not have been recently downloaded and you must change all passwords, IP addresses, phone number, bank account, physical address, and legal name.

    That's hilarious. "We may have been hacked. Please move house and change your name. Don't panic!"

    If a website is storing your credentials insecurely then you having your credentials stored securely will make no difference. The best you can do is make everything as secure as possible. It is about minimising the attack surface rather than trying to guarantee absolute security.

    There's two major types of weakness:

    1) Insecure web server configuration. Gives the attacker access to data they shouldn't have.
    2) Insecure database structure. Means storing sensitive information in plain text or easily reversible encryption.

    Number 1 has privacy implications but number 2 is a massive security problem.

    Of course, using a password manager has other benefits. You can keep unique passwords for each site. Then if one site is insecure then their compromise does not compromise all of your other sites too.

  • Ben
    Ben
    Options

    Of course, using a password manager has other benefits. You can keep unique passwords for each site. Then if one site is insecure then their compromise does not compromise all of your other sites too.

    This is the key benefit in cases like this. :)

This discussion has been closed.