Dupe: "1Password detects 'suspicious activity' in its internal Okta account" (107 points, 74 comments, 2 hours ago) https://news.ycombinator.com/item?id=37991863

Comments moved thither. Thanks!

It was a minor incident, but it does remind me that centralized password managers seem to have an awful amount of concentrated risk.

Is something like 1Password truly secure at its core, even if an attacker penetrates some layers of access?

Yep.

https://support.1password.com/1password-security/

This is why I picked self hosting this time.

My security may not be the best but I don’t have a giant “we store thousands of passwords” bullseye painted on my back.

Something akin to security through obscurity yes but I’ve concluded the central approach is even worse - it’s the “this system is unhackable” thing all over. May as well dare the best to hack it