Operational security researcher. Opsek founder. SEAL member.
This article is not meant to be an exhaustive checklist, but some of the most common mistakes we find when auditing password managers in web3 organizations, and how they can be fixed. For this example we will be fusing in 1Password, but this applies to all password managers. * Not configuring 2FA as mandatory for users to login into their 1Password accounts. The password manager is one of the most important
Operational Security in Web3: a review of major OpSec incidents State of Web3 Security This year has started quite badly. I’m thinking of Ledger and Safe. Combined, that’s $1.4B stolen, and one finger lost. More than 98% of stolen funds in the Web3 ecosystem are taken not by breaking code, but by breaking people. DeFi Security Summit Webinar If you haven’t watched it yet, now’s
Subscribe to get the latest updates, straight to your inbox.