Steve Won: At 1Password, we have a zero-knowledge system, processing as much locally at the client as possible, not storing information in an unencrypted state anywhere. Karl Greenberg: How do password managers protect against this, or the kind of misfortune sustained by LastPass? Especially in the past 12 to 18 months, replaying MFA (multi-factor authentication) attacks and OTP (one-time password) codes from banks has become easier and easier for attackers.
Steve Won: Frankly, phishing for credentials is the easiest vector of attack. Karl Greenberg: How significant a threat is credential theft today? 1Password Chief Product Officer, Steve Won This transcript has been edited for brevity. TechRepublic interviewed Won about credential vulnerabilities, encrypted keys, vaults, and where it’s all heading. The report also found that stolen credentials accounted for 19% of breaches, costing organizations on average $4.5 million, or $150,000 more than the average cost per company of a data breach. Won sees this trend continuing, noting that IBM’s 2022 report on the cost of data breaches pointed to compromised credentials as the leading attack vector.
LastPass can vouch for that in a dark irony, in December 2022 a threat actor stole the credentials of a LastPass DevOps engineer, granting them access to an unencrypted vault. Image: Song_about_summer/Adobe StockġPassword Chief Product Officer Steve Won says credentials theft is ubiquitous and getting worse. With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely. 1Password is looking to a password-free future.
0 kommentar(er)
