Troy Hunt

OCTOBER 28, 2020

Yet in the dev tools we see the href attribute of the hyperlink referring to an unrecognisable string of characters and the domain name within the <a> tag almost looking like a very familiar one, albeit for the fourth character. Specifically #1password ?? It won't match the faked domain, hence no password gets entered.

Phishing 145

Phishing Passwords Education IT 145

eSecurity Planet

OCTOBER 9, 2023

Researchers from Google’s Threat Analysis Group (TAG) and Project Zero uncovered the weakness, which is connected to unauthorized access to freed memory, possibly allowing attackers to corrupt or change sensitive data. Arm also published two additional vulnerabilities, CVE-2023-33200 and CVE-2023-34970.

Libraries 89

Libraries Ransomware Access Security 89

eSecurity Planet

MAY 14, 2021

Dashlane and 1Password are two of our top picks for password managers in 2021. Dashlane and 1Password comparison. Although Dashlane and 1Password are similar, there are a few distinctions worth making when it comes to: Mobility Security Administrative controls User friendliness Pricing Customer support. Image: 1Password iOS app.

Passwords 57

Passwords Encryption Authentication Access 57

Troy Hunt

AUGUST 7, 2020

I was reminded of this just yesterday when my friend from Cloudflare, Junade Ali, posted this: Now @LastPass has added breached password notifications using the k-Anonymity API design by me and @troyhunt - joining @1Password , Okta PassProtect, Apple, Google, etc. As soon as it got popular, I wrote about how I optimised it for performance.

Passwords 145

Passwords IT Privacy Libraries 145

Troy Hunt

JUNE 30, 2022

Later in 2018, I did the same thing with the email address search feature used by Mozilla, 1Password and a handful of other paying subscribers. Every time this very blog loads Font Awesome from Cloudflare's CDN, for example, it's verified against the hash in the integrity attribute of the script tag (view source for yourself).

Passwords 123

Passwords IT Mining Consumer Services 123

Troy Hunt

NOVEMBER 14, 2018

Some brief background first as I'll be sharing this post with a bunch of folks for which this may be new: A CSP is a response header or meta tag that allows you to declare a policy for your website declaring what sorts of content can be loaded from where. So I install it and am immediately taken to the signup page.

Security 85

Security IT Libraries Access 85

Troy Hunt

MARCH 3, 2021

For example, when I wrote about the Dropbox hack in 2016 , I was able to verify my own record simply by hashing the password I had stored in 1Password and comparing the output to the one in the breach. It matched, therefore verifying the legitimacy of the breach. " You login with your email address. Coincidence? Or real breach?

Passwords 145

Passwords Data breaches Mining Risk 145