Sync Security!

Reply to Sync Security! on Sat, 27 Aug 2016 08:46:43 GMT

genevalgene — Sat, 27 Aug 2016 08:46:43 GMT

guys, opera sync was hacked!

https://techcrunch.com/2016/08/26/opera-says-its-service-for-syncing-web-browser-data-was-hacked/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=sfgplus&sr_share=googleplus&%3Fncid=sfgplus

Reply to Sync Security! on Fri, 26 Aug 2016 19:29:45 GMT

[[global:former_user]] — Fri, 26 Aug 2016 19:29:45 GMT

Some people don't have cell phones, plus I saw a post on Slashdot recently that a government agency was advising against using SMS for authentication.
There's little that would be considered private on the web interface anyway - are your bookmarks embarrassing? Passwords are only in the browser.

You cant sync passwords without third party copy so passwords have to be also at Operas servers.

Reply to Sync Security! on Sun, 21 Aug 2016 09:09:41 GMT

stefano42 — Sun, 21 Aug 2016 09:09:41 GMT

There are "authenticator" apps for PCs too, I use "2 Factor Authenticator" on Windows 10 to access my team viewer account.
These apps don't use SMS, so they are not costly to implement.

Reply to Sync Security! on Sun, 21 Aug 2016 01:53:05 GMT

sgunhouse — Sun, 21 Aug 2016 01:53:05 GMT

Some people don't have cell phones, plus I saw a post on Slashdot recently that a government agency was advising against using SMS for authentication.

There's little that would be considered private on the web interface anyway - are your bookmarks embarrassing? Passwords are only in the browser.

Reply to Sync Security! on Sat, 20 Aug 2016 21:34:10 GMT

stefano42 — Sat, 20 Aug 2016 21:34:10 GMT

Since sending SMSs is costly I think Opera could implement RFC 6238, like in Google Authenticator and other apps.

Reply to Sync Security! on Thu, 28 Jul 2016 10:00:41 GMT

ahelg — Thu, 28 Jul 2016 10:00:41 GMT

2FA would be great, although I can see that it would be expensive. Opera aren't nearly as big as the others who offer 2FA (such as Apple, Twitter, Facebook, Google, etc).

Reply to Sync Security! on Mon, 25 Jul 2016 04:25:19 GMT

sgunhouse — Mon, 25 Jul 2016 04:25:19 GMT

If you are worried about your passwords, then don't sync them. You can choose what data to sync.

Reply to Sync Security! on Mon, 25 Jul 2016 03:41:40 GMT

leocg — Mon, 25 Jul 2016 03:41:40 GMT

But can't someone with those same credentials use them in any Opera browser to sync that browser to my account?

In theory, yes. But why someone would do it?

Reply to Sync Security! on Mon, 25 Jul 2016 02:54:03 GMT

[[global:former_user]] — Mon, 25 Jul 2016 02:54:03 GMT

Maybe, but what i'm saying is that if someone go to https://sync.opera.com/web/ and manage to login with your >credentials, your passwords can not be viewed.

But can't someone with those same credentials use them in any Opera browser to sync that browser to my account? Then they can read my passwords in "Manage saved passwords" can't they, providing I am syncing passwords?

This worries me because I recently found under Other Speed Dials, a device name I have never seen before so I wonder if someone was able to sync to my account and its data.

Reply to Sync Security! on Mon, 18 Jul 2016 02:42:46 GMT

leocg — Mon, 18 Jul 2016 02:42:46 GMT

That encryption doesn't mean anything if the account password is compromised.

Maybe, but what i'm saying is that if someone go to https://sync.opera.com/web/ and manage to login with your credentials, your passwords can not be viewed.

Implementing support for 2FA would help ensure that data is only accessible by the account owner.

Right, but it has costs.

Reply to Sync Security! on Sun, 17 Jul 2016 22:44:19 GMT

suppliedrelic — Sun, 17 Jul 2016 22:44:19 GMT

Sensitive data like passwords are stored encrypted. Other data transits encrypted between computer and servers.

That encryption doesn't mean anything if the account password is compromised. Implementing support for 2FA would help ensure that data is only accessible by the account owner.

Reply to Sync Security! on Sun, 17 Jul 2016 22:15:00 GMT

leocg — Sun, 17 Jul 2016 22:15:00 GMT

Sensitive data like passwords are stored encrypted. Other data transits encrypted between computer and servers.

Reply to Sync Security! on Sun, 17 Jul 2016 21:47:06 GMT

suppliedrelic — Sun, 17 Jul 2016 21:47:06 GMT

Is this something that is coming? Should really be standard at this point. I at least want a prompt if someone is trying to log into opera with my account and it is not me....

I would expect the team to know how important it is to protect the sensitive data of their users, which is being synced using the company servers.

Reply to Sync Security! on Sun, 17 Jul 2016 00:56:03 GMT

leocg — Sun, 17 Jul 2016 00:56:03 GMT

Is this something that is coming?

I don't think so.

Reply to Sync Security! on Sun, 17 Jul 2016 00:10:20 GMT

Deleted User — Sun, 17 Jul 2016 00:10:20 GMT

Is this something that is coming? Should really be standard at this point. I at least want a prompt if someone is trying to log into opera with my account and it is not me....

Reply to Sync Security! on Sun, 10 Jul 2016 19:02:33 GMT

leocg — Sun, 10 Jul 2016 19:02:33 GMT

Is it normal?

Yes.