|
|
|
|
|
|
by stcredzero
3304 days ago
|
|
|
If they are storing the password and pushing it to the connected service on the user's behalf, then they have to be able to decrypt it somehow By storing so many passwords in one system, they made that system a high value target, all while not having the security chops they thought they had. Password vaults should be distributed. This prevents the conglomeration of password secrets that creates a high value target. They would've been wise to have a series of password vault apps that are integrated with their system. They could have done this by leveraging Password Safe. |
|
|