Hacker News new | ask | show | jobs
by HtmlProgrammer 963 days ago
Now, will 1Password pull a Lastpass and slowly and silently keep updating their blogpost, each time growing from “a lil bit compromised” to “oopsie we lost all your data through negligence but we care about your privacy we swear”
2 comments
hn_throwaway_99 963 days ago
This is am unwarranted comparison. First, one only need to look at the respective issue reports to see that 1P is much more operationally mature than LP.

More importantly, 1Password's architecture is fundamentally more secure than LastPass' given how password vaults are encrypted with essentially master password + uncrackable random string, vs LastPass' sole use of the master password when generating the encryption key. Not saying there aren't other avenues for attack (e.g. supply chain attacks in the 1P apps), but if 1P reported that there was a big theft of encrypted vaults, I wouldn't even bother changing my passwords, as opposed to what happened with LastPass.

link
trvz 963 days ago
> 1P is much more operationally mature than LP.

Oh, is that why they removed Wi-Fi sync in 1Password 8?

As a customer since version 4 I'm disappointed they use cloud crap like Okta and Notion. While those have their uses, if there's any company that shouldn't be doing so, 1Password is it.

link
smileybarry 963 days ago
Because they removed local vaults (OPVault) entirely in 1P v8 and Wi-Fi sync relies on OPVault, yes.
link
NegativeK 963 days ago
I took it entirely as an opportune dig at Lastpass, not an actual expectation that 1Password will actual fall that low.

That said, I am happy that 1Password's salespeople will (hopefully) finally stop saying "we haven't been hacked like that other company."

link
AceJohnny2 963 days ago
In this case, Okta deserves more of your scorn. They're the ones who've been slow to disclose their failures.

For example: https://blog.cloudflare.com/how-cloudflare-mitigated-yet-ano...

link
schainks 963 days ago
This. Okta leadership is asleep at the security wheel because printing money is the name of their game.
link
FBISurveillance 963 days ago
They print money at -111M loss per quarter; I wouldn't say they are succeeding at that either, technically speaking!

Edit: when time comes rolling their debt at a higher interest rate (post-ZIRP) I expect them to trim down their workforce and start costcutting. They currently have 6k+ employees.

link
ilyt 963 days ago
I think we'd be in far healthier society if corporations not turning profit for half a decade would just die instead of entangling more users into their failure. via investment money...
link
trvz 963 days ago
1Password shouldn't be using Okta in the first place.
link