![]() People are lazy in general, if you tell 25 engineers at a startup they have to use two different tools just too handle credentials, the compliance rate of using 2fa will drop to nil, making accounts easier to hack. I understand what you are saying but part of security is making it easy enough that people will use it, but hard enough it isn't easy to break for bad actors. ![]() I don't think it should be considered enterprise software. To me, 1password feels like a small-time solution that tried to bolt on some enterprise features to retain customers. Again, other password managers allow more fine-grained control. You can't, for example, allow a user to initiate vault resets without giving them full admin access to the entire thing. This discourages password rotation, and increases the likelihood of orphaned passwords in other vaults.ģ. If you want to share a password across multiple teams/vaults, you need to know about and maintain those entries for the same account, which means you also have to have access to all those vaults to manage that entry. You can't create links to passwords, which would allow management of an entry from a single location. ![]() When I asked the 1password team whether they'd consider invalidating local cache on 2FA failure, they did not seem interested.Ģ. This seems like a really flawed design - a 2FA failure should prevent access. ![]() they just can't sync new/updated entries. If a user fails (or skips) 2FA, they still retain complete access to any passwords/vaults they previously locally synced. Three of the biggest issues I have with 1password:ġ. When compared to other offerings (LastPass, BitWarden) 1password consistently comes up short in enterprise features. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |