Protect your sensitive information with end-to-end encryption and enjoy the benefits of a centralized, secure #secretsmanagement solution. Get started today: https://bitwarden.com/products/secrets-manager/

#cybersecurity #security #datasecurity #secretsmanager

@portainerio Hi there! Any plans in the future to support upcoming @bitwarden #secretsmanager

Tnx!

Get an introduction to the secrets management industry and the #developer challenges that shaped it in this quick guide: https://bitwarden.com/resources/presentations/a-quick-guide-to-secrets-management/

#cybersecurity #security #datasecurity #secretsmanager

Upon prompting from my buddy at GH, wanted to check out #Github Access using #OpenID Connect (OIDC). Today, I covered setting up federated #OIDC to #Azure, #AWS and #GCP. In all three cases, I tackled secrets using #AKV, #ParameterStore and #SecretsManager, respectively. The key feature of OIDC is the use of OAuth flow; meaning no persisted Access Secret needs to be in your #CI for #Cloud access. https://freshbrewed.science/2023/02/09/gh-secrets.html

Last night as I was finishing part 2 of my blog post series "Protecting against a password manager breach" (https://justinpagano.substack.com/p/protecting-against-a-password-manager-8f6), I saw the news that LastPass had updated their security incident notification stating that customer data had been obtained by attackers, including encrypted password vault data (https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/#:~:text=Update%20as%20of%20Thursday%2C%20December%2022%2C%202022%C2%A0%C2%A0)

While they did a good job explaining the nuances of which of their customers are most vs. least at risk of their decrypted vault data being accessed, I think they are a little too overconfident in their implementation of PBKDF2 to protect their customers against offline brute-force attacks against their encrypted vault data, as Dan Goodin from ArsTechnica explains in his article here: https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

So I guess now is as good time as any to check out the hot-off-the-presses part 2 of my blog post series where I go over specific steps to take to ensure online accounts are protected in the event of a password manager breach (or really any kind of compromise of your passwords): https://justinpagano.substack.com/p/protecting-against-a-password-manager-8f6

If you're lazy (i.e. "efficient") and just want the checklist that's in the guide, you can check it out in GitHub here: https://github.com/p4gs/online-account-and-password-manager-hardening-guide/blob/main/README.md

#passwordmanager #passwordvault #lastpass #data #breach #1password #bitwarden #authy #yubikey #webauthn #passkey #mfa #2fa #credentials #vault #secretsmanager

Last night as I was finishing part 2 of my blog post series "Protecting against a password manager breach", I saw the news that LastPass had updated their security incident notification stating that customer data had been obtained by attackers, including encrypted password vault data (https://lnkd.in/eHCx3xyq)

While they did a good job explaining the nuances of which of their customers are most vs. least at risk of their decrypted vault data being accessed, I think they are a little too overconfident in their implementation of PBKDF2 to protect their customers against offline brute-force attacks against their encrypted vault data, as Dan Goodin from ArsTechnica explains in his article here: https://lnkd.in/enx5U7dY

So I guess now is as good time as any to check out the hot-off-the-presses part 2 of my blog post series where I go over specific steps to take to ensure online accounts are protected in the event of a password manager breach (or really any kind of compromise of your passwords): https://lnkd.in/emazfY47

If you're lazy (i.e. "efficient") and just want the checklist that's in the guide, you can check it out in GitHub here: https://lnkd.in/eRNXKKDC

#passwordmanager #passwordvault #lastpass #data #breach #1password #bitwarden #authy #yubikey #webauthn #passkey #mfa #2fa #credentials #vault #secretsmanager