Cloud based password manager OneLogin hacked

Another password security site hacked which could have repercussions for it’s users in the future . Check link below for details .
https://www.bestvpn.com/onelogin-password-manager-hack/

4 Likes

That is why it is really important to use a password manager with end to end encryption, from a reputable provider. Here are some…cNet.

We use Norton Identity Safe and had concerns about how data was stored. After doing some research, it appeared to be in the better basket with AES 256 bit encryption.

It is also important to have a strong master password to the password manager.

3 Likes

If you want to be secure, don’t go with a cloud-based password manager. The fact that you can access it from anywhere in the world also means anyone else in the world can access it.

Instead, use a password manager that resides entirely on your own computer - and don’t let anyone near that computer. (Even if other people do use it, your password manager is locked - right?)

Sometimes convenience is not your friend - and passwords are one of those times.

On the bright side, SQRL may be coming soon to a website near you.

2 Likes

If you’re interested in the technical details, here’s the source: https://www.onelogin.com/blog/may-31-2017-security-incident

2 Likes

Interesting. Reading between the lines it appears onelogin are not overly confident in how it stores its ‘encrypted’ data as if high level encryption is used, the data would be little use to a hacker unless the hacker had access to an individual access key/password.

The cloud is just someone else’s computer - if the provider has the key to your password file it is inherently insecure

The CNet recommendation is highly dubious - looks like they are spruiking a paid service

KeePass is a free open source password manager highly regarded by experienced IT people

The recommendation for a strong password for your password file is sound

1 Like

Security is always a trade-off. Always. People who say otherwise are living a dream. Nothing is secure, there are just varying degrees of insecurity … and the people who really want to know, probably already do. OneLogin has been hacked today. The one you use may be tomorrow. If you don’t use one, then who is protecting your notebook - if it’s all in your head, what would it take to get it out? There is always something … it’s always a trade-off … just need to balance risk vs loss.

2 Likes