password management
Auto Added by WPeMatico
Auto Added by WPeMatico
1Password, the password management service that competes with the likes of LastPass and BitWarden, today announced a major push beyond the basics of password management and into the infrastructure secrets management space. To do so, the company has acquired secrets management service SecretHub and is now launching its new 1Password Secrets Automation service.
1Password did not disclose the price of the acquisition. According to CrunchBase, Netherlands-based SecretHub never raised any institutional funding ahead of today’s announcement.
For companies like 1Password, moving into the enterprise space — and managing corporate credentials, API tokens, keys and certificates for individual users and their increasingly complex infrastructure services — seems like a natural move. And with the combination of 1Password and its new Secrets Automation service, businesses can use a single tool that covers them, from managing their employee’s passwords to handling infrastructure secrets. 1Password is currently in use by more then 80,000 businesses worldwide, and a lot of these are surely potential users of its Secrets Automation service, too.
“Companies need to protect their infrastructure secrets as much if not more than their employees’ passwords,” said Jeff Shiner, CEO of 1Password. “With 1Password and Secrets Automation, there is a single source of truth to secure, manage and orchestrate all of your business secrets. We are the first company to bring both human and machine secrets together in a significant and easy-to-use way.”
In addition to the acquisition and new service, 1Password also today announced a new partnership with GitHub. “We’re partnering with 1Password because their cross-platform solution will make life easier for developers and security teams alike,” said Dana Lawson, VP of partner engineering and development at GitHub, the largest and most advanced development platform in the world. “With the upcoming GitHub and 1Password Secrets Automation integration, teams will be able to fully automate all of their infrastructure secrets, with full peace of mind that they are safe and secure.”
Powered by WPeMatico
Google says a small number of its enterprise customers mistakenly had their passwords stored on its systems in plaintext.
The search giant disclosed the exposure Tuesday but declined to say exactly how many enterprise customers were affected. “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” said Google vice president of engineering Suzanne Frey.
Passwords are typically scrambled using a hashing algorithm to prevent them from being read by humans. G Suite administrators are able to manually upload, set and recover new user passwords for company users, which helps in situations where new employees are on-boarded. But Google said it discovered in April that the way it implemented password setting and recovery for its enterprise offering in 2005 was faulty and improperly stored a copy of the password in plaintext.
Google has since removed the feature.
No consumer Gmail accounts were affected by the security lapse, said Frey.
“To be clear, these passwords remained in our secure encrypted infrastructure,” said Frey. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
Google has more than 5 million enterprise customers using G Suite.
Google said it also discovered a second security lapse earlier this month as it was troubleshooting new G Suite customer sign-ups. The company said since January it was improperly storing “a subset” of unhashed G Suite passwords on its internal systems for up to two weeks. Those systems, Google said, were only accessible to a limited number of authorized Google staff, the company said.
“This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords,” said Frey.
Google said it’s notified G Suite administrators to warn of the password security lapse, and will reset account passwords for those who have yet to change.
A spokesperson confirmed Google has informed data protection regulators of the exposure.
Google becomes the latest company to have admitted storing sensitive data in plaintext in the past year. Facebook said in March that “hundreds of millions” of Facebook and Instagram passwords were stored in plaintext. Twitter and GitHub also admitted similar security lapses last year.
Read more:
Powered by WPeMatico