OneLogin (ID management) Breached 31st May

http://www.bbc.co.uk/news/technology-40118699

"Apps and sites integrated into the service include Amazon Web Services, Microsoft Office 365, Slack, Cisco Webex, Google Analytics and LinkedIn."

 

I think I may have asked this question before and received an answer but ....

Can Norton IS, or any of the others under discussion, deal satisfactorily with computers with more than one user desktop -- in our case two -- with different logins to the same website eg for banks or credit cards?

If so, how simple/complicated is it? My wife is not as old as I am so doesn't count as an antique but she is slowing down and does not easily adapt to changed ways of doing things and at present we log in manually or from desktop shortcuts often with the website remembering our ID but not our Password.

Is it possible say for me to use the system on my desktop and get automatic logins while she on her desktop is not even aware that say Norton IS is installed? The number of websites she goes to is minimal so for her the only real problem is the danger of forgetting a password. This is largely dealt with by my manual PasswordKeeper utilitity -- although that gives me the difficulty of keeping it uptodate.

BTW Is there a good readable guide to the Norton Internet Safe utility that is not part of the installed version. That would be something I'd study and hopefully find some of my answers, as I did with  LASTPASS on YouTube although I didn't try to find the answer to the multiuser question.

 

Indeed Krusty. One very important thing stands out for me with IS. Most of whatever bugs that may occur seem to be getting worked out here in the forums..I don't see that with most of the other products. I can deal with a bug...data breeches in my view are just plain laziness on the part of engineering teams and coders who aren't doing the proper work to ensure those don't take place. Nevertheless nothing is ever 100% guaranteed. Sticking with IS. lol Cheers!!

SoulAsylum:

LastPass was breeched recently too. On a personal level these third party catch me alls don't seem to be doing so great. I will stick with my trusty Norton vault.

https://blog.lastpass.com/2017/03/important-security-updates-for-our-users.html/

At least LastPass bugs are reported.  Who knows what bugs may exist unreported in Norton Identity Safe?

OneLogin is an enterprise product that lets employees log in only once to then have access to multiple password-protected apps used by the company.  Apparently, the hacker in this case was able to use OneLogin's AWS credentials to get into its backend servers and roam around undiscovered for several hours.  I'm not sure if a Norton Identity Safe user's data would be vulnerable to a similar attack, since the user's password would be required to decrypt the stored data, and Norton does not have that password.  But unfettered access by a hacker is never good, so I assume there are potential risks to using any online password manager - nothing is ever 100% foolproof.  All I can say is that, under strict orders, I spent about half an hour Thursday changing my OneLogin password, along with the passwords to all of the associated apps to which I have access.. 

SA

Maybe you are right ... I should try it even if I gather it's entirely cloud-based.

LastPass was breeched recently too. On a personal level these third party catch me alls don't seem to be doing so great. I will stick with my trusty Norton vault.

https://blog.lastpass.com/2017/03/important-security-updates-for-our-users.html/

I know that from trying to install LastPass and giving up through not understanding immediately what its in-house terminology meant. Their onscreen instructions did not, to me, make it at all clear how it was meant to deal with already in use login data and why at one point it proudly said we have detected and list 4 logins already in existence -- far fewer than I have.

My query related to safety of the LastPass cloud and of their specific encryption.

 

LastPass is online similar to Norton Identity safe.

Follow the links within the BBC article and you go back via a few different sources, which is always a bit dubious so far as I am concerned, but at the end this by ONELOGIN themselves 

And on a registration-required support page the threat is described as follows:

“All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.”

Decrypt data? Woah! That's a bit more than mere unauthorized access.

 Ouch -- maybe I should stick to my old (WIN98 and still working) on disk vault.

I wonder how it differs from LASTPASS that I was thinking of trying......

I've just been asked what does OneLogin actually do? It's their equivalent of our Norton Vault/Identity Safe.