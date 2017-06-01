OneLogin Says Breach Exposed Ability To Decrypt Customer Data (krebsonsecurity.com) 17
Reader tsu doh nimh writes: OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data, KrebsOnSecurity reports. "A breach that allowed intruders to decrypt customer data could be extremely damaging for affected customers. After OneLogin customers sign into their account, the service takes care of remembering and supplying the customer's usernames and passwords for all of their other applications."
You
Had
ONE
JOB
! ! !
Their entire reason for existing is security. How can you say you are a security company and you get hacked on a regular basis?
I remember the first time we were offered these kinds of services and I thought to myself that this would be a great way to find all of one's access compromised absolutely everywhere.
Sure, a security-company should by definition be the most secure business, but this has often proven to not be the case.
I don't need to have my account hacked to post obnoxious crap. I can do it on my own!
My passwords are in a little paper book on my computer desk. If a hacker has access to it, I've got bigger problems.
I've realized it's just safer to not discuss my password policy.
putting all your eggs in one basket makes the basket very attractive!
At one point I checked a lot of solution to keep my passwords, and PasswordSafe [pwsafe.org] (from Bruce Schneier) is certainly the best one, I can also put my database on gdrive or whatever without fear.