OneLogin breached, when will 1Password suffer the same fate?
So, now that LastPass and OneLogin has both been breached, when will 1Password get a front page spot on every tech blog out there?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
The difference between either of those solutions and 1Password is that only you have your encryption keys. This is why we can't help with password resets. AgileBits never has access to them.
1Password Security Design White Paper
:)
Ben
0 -
The great thing about 1PW is that even if the data gets stolen, AgileBits don't have access to the master password and secret key so those cannot get stolen. And so the data, even if stolen, cannot be decrypted.
0 -
Amen! Call us cowards, but we don't want to be in a position for an attacker to use us to get to 1Password users' data — yours or our own! So we've built 1Password with the assumption that someone could get the database at some point, and that it should be useless to them. Each of us alone has the "keys" to our data, and I sleep better at night knowing that — both as an AgileBits team member, and as a 1Password user myself. :yum:
0 -
This was on the news. Could this happen with 1Password?
http://www.bbc.com/news/technology-401186991Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
Good question. I want to know too.
0 -
Hi @BillSabatine and @Simon_and_Sharky,
I hope you don't mind, but I've merged your posts with another forum thread about the same topic. I think the replies above from Ben, danco, and brenty should answer your question.
If you have more questions about 1Password, just let us know. Have a great weekend! :)
0 -
Thank you Drew_AG! I feel better now :)
0 -
Yes definitely. 1Password has the keys to the kingdom.. it CANNOT be breached, or I'm doomed...... Great design guys!
0 -
Hey, I posted this and I can't find the post. Well I think I did :lol:
0 -
@prime, I'm not sure what you mean - what did you post? Do you mean you tried replying to BillSabatine and/or Simon_and_Sharky in their original thread but now you don't see it in this one? If so, I wonder if you were replying at the same time I merged their posts into this thread. If that's what happened, I apologize!
0 -
I am going crazy, I tagged the wrong person.
0 -
:lol: :+1:
0 -
Could someone please compare the two architectures for me? And explain how what happened to OneLogin can't happen with 1password. Thanks in advance.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
I've merged your thread into a similar one on the same subject. Please see above.
Does that answer your question?
Ben
0 -
I am confused about the statements that "only you have your encryption keys" and that the "master password" cannot get stolen. The master password for a 1 Password vault sure seems to behave as though it is syncing up and down with the vault. For example, when I sync or share a vault via dropbox access on the other device requires the same master password. Please explain.
Thanks!
0 -
Hi @dloranz,
That's a really good point. The master password does indeed look like it's syncing. But it's actually not. A while back I wrote a blog post that goes into the mechanics of how something like your Master Password can look as if it's syncing but technically it's not. You can read it here:
https://blog.agilebits.com/2015/04/28/how-1password-syncs-changes-to-your-master-password/This kind of stuff is what makes 1Password incredibly fun to work on. :)
Rick
0 -
Hi rickfillion -
Thanks for the link to your post. That answered my question.
Thanks.
0 -
That's great to hear. Let us know if you have any more questions.
Rick
0 -
@rickfillion I read that once and forgot about it. This is great for people who I talk about 1Password, and the pictures probably help the most :lol:
0 -
Indeed, folks often ask questions indirectly about how things work, and I'm always happy to explain. In many cases, I think I'm able to find a good way to sum things up. But with regard to Master Password "syncing", I always find myself linking to Rick's amazing bog post — "Seriously, check it out!" I just can't say it better myself. Cheers! :)
0 -
I recently wrote about a fundamental difference between how 1Password works and how it appears that OneLogin did things in How to be your own key master.
0 -
I forgot about this thread, thanks for good answers and the white paper. I'm happy to say that this is something I'd recommend to others as a password manager.
0 -
Thanks, @notwendy_appleseed!
Ben
0 -
This is one more reason of why I love your software (password manager). It has been build with the idea in mind that at some point a less smart person might try to breach in your database. You decided that we will hold no data of information about our costumers, therefore there is nothing to steal if a breach would happen. Very well thought and I am happy, I can support you guys through my annual subscription for 1Password account membership. ☺️
0 -
@Catalin1P: Indeed, this is really important to us not only since it protects our customers' data, but our own as 1Password users ourselves. Thanks for your support! :chuffed:
0
