No credit card required
Browse credit cards from a variety of issuers to see if there's a better card for you.
Not good!
BBC Article - OneLogin Data Breach
@ChargedUp wrote:Not good!
BBC Article - OneLogin Data Breach
My company makes heavy use of OneLogin and many of us lost sleep when we were notified around 10:30 pm dealing with the issue.
Wasn't immediately critical but the entire organization will have a mandatory password change in the coming days; the full extent wasn't known but OLI told us to assume everything had been compromised, but I have to admit their notification to their customers was on point and they were forthcoming with information as it became available.
My Secretary uses one of those online services and I think she's nuts. About 3 years ago she put all my company passwords in there for "safekeeping" and I blew a gasket... terrible idea I think. Of course I was also mad at her a year ago for mistakenly setting up 2 autopays with BOA for my wife's truck (it wasn't on purpose) BUT I'm not so annoyed now that we got the title in the mail yesterday 2.5 years early so there's that.
Blessing AND malediction?
@805orbust wrote:My Secretary uses one of those online services and I think she's nuts. About 3 years ago she put all my company passwords in there for "safekeeping" and I blew a gasket... terrible idea I think. Of course I was also mad at her a year ago for mistakenly setting up 2 autopays with BOA for my wife's truck (it wasn't on purpose) BUT I'm not so annoyed now that we got the title in the mail yesterday 2.5 years early so there's that.
Blessing AND malediction?
Yeah, I think it's pretty terrible idea as well. With it being so publicly known what a treasure trove of data these kind of services have, they're a top target for hackers.
The company passwords printed on paper, safely locked up is more my idea of "safekeeping".
One Login isn't so much a password vault in the typical use case (Secure Notes notwithstanding and things like LastPass Enterprise are local anyway for personal data unless you choose to share it in the corporate vault, which is another terrible idea) as it is a single-singon authentication source, and can be tied to 2FA like in our case Duo. Effectively all of our SaaS provided applications in our entire enterprise besides Google services auths through OLI.
Problem is they stored passwords in a hash rather than storing a token for whatever (possibly sloppy) reason; would've figured they'd simply do it like anyone smart does with CC's and PCI these days: don't store that crap locally and delegate the authentication back. Presumably they saved money on bandwidth and some transaction costs, and this is what we get instead I guess.
I use Lastpass for personal home use.. I think something happened with them a couple years ago, not sure if severe or not.. but I'm comfortable with them. It beats having the same 1 or 2 ten digitit password for 50 sites..
Totally agree Dave