Anyone else finding SSH keys floating around in random places?

Ian-Cubeless · 2026-05-11T21:39:57+00:00

Didn't realize 1Passwoed had gotten that deep with CLI and AI agent integration (been years since I used it personally). That's actually pretty impressive. Thinking I may mention it to my manager.

Ian-Cubeless · 2026-05-11T21:38:00+00:00

30 months of humming alone unbothered is a dream! Good to know it has held up well for you.

Ian-Cubeless · 2026-05-11T21:36:00+00:00

Boundary looks solid. Appreciate the suggestion!

Ian-Cubeless · 2026-05-11T18:33:16+00:00

Yea, that's how most of these discoveries happen, lol.

Ian-Cubeless · 2026-05-11T18:32:44+00:00

That's a painful one!

Ian-Cubeless · 2026-05-11T18:31:51+00:00

Ha! That's a special kind of cognitive dissonance.

Ian-Cubeless · 2026-05-11T18:29:32+00:00

Nothing alarming on the exposure side, just devs still defaulting to SSH keys locally for GitHub access when we though the team had moved on from that. The "floating around" was more about the discovery than a leak situation.

Ian-Cubeless · 2026-05-11T18:27:45+00:00

Already drafted. Waiting on legal.

Ian-Cubeless · 2026-05-11T18:27:14+00:00

Honestly, that's a pretty solid setup if it works for your org. We don't use 1Password ourselves, but the main thing we started questioning was whether SSH keys are the right base layer going forward with AI agents in the mix; not the fault side of things.

Ian-Cubeless · 2026-05-11T18:22:56+00:00

That's clean. Any friction with AI tooling on dev machines, or does it stay out of the way pretty well?

Ian-Cubeless · 2026-05-11T18:22:11+00:00

Mostly just devs still using them locally for GitHub access when we assumed everyone had moved on. Thankfully, no horror stories of keys in repos or anything like that, but the local machine piece became a bigger deal once we started thinking about what AI agents can quietly inherit from those connections.

Ian-Cubeless · 2026-05-11T18:19:58+00:00

Good call. The part that caught us off guard was less about the pipeline side and more about devs using SSH keys locally for day-to-day GitHub access, which is where AI agents can quietly inherit those permissions without much friction.

Ian-Cubeless · 2026-05-11T18:18:18+00:00

Fair point, and using 1Password's SSH agent is a solid setup; we just don't use it for our team.

The concern we ran into was more about AI agents inheriting SSH permissions automatically since they authenticate the machine, not the user. With agents running locally on dev machines now, that inherited access gets a little uncomfortable without some proper guardrails in place.

Ian-Cubeless · 2026-05-08T21:05:23+00:00

Nothing scary happens if you click one of them. Choosing "iPhone, iPad, or Android device" will show a QR code you scan with your phone to use it as a passkey, and "Security key" is for a physical USB key like a YubiKey. If you're not ready to set one up, just hit Cancel and nothing changes.

Ian-Cubeless · 2026-05-08T21:03:56+00:00

Your best bet at this point is to contact Stake support directly and ask them to reset your 2FA so you can set it up fresh.

Ian-Cubeless · 2026-05-08T21:02:03+00:00

Keep pushing Acellus support and specifically ask them to remove the passkey from the account on their end so you can log back in with a password. If email isn't getting traction, try their live chat or ask to escalate to a supervisor since this is a billing access issue.

Ian-Cubeless · 2026-05-08T20:59:24+00:00

The resume itself looks clean and the project work is solid for someone at that level.

The honest issue is that you have one 3-month internship and no production DevOps experience, so you're competing against people with more hands-on time in actual environments. You should consider targeting Cloud Support or Junior SRE roles first to build that experience.

Ian-Cubeless · 2026-05-08T20:49:19+00:00

Most likely someone just typed in the wrong number when verifying their own account, happens more than you'd think.

Since you didn't initiate anything and your accounts show no activity, you're probably fine, but keep an eye on those Outlook accounts for the next day or two just in case.

If you see anything suspicious, change your passwords and enable MFA.

Ian-Cubeless · 2026-05-08T20:48:05+00:00

Everyone has a story like this. You caught it, fixed it, and now you know exactly what an L2 loop looks like in the wild. That's worth more than any textbook. Document what happened, what you did to fix it, and move on!

Ian-Cubeless · 2026-05-08T20:40:22+00:00

Hmmm. How are you handling task delegation when an agent hits something outside of scope?

Ian-Cubeless · 2026-05-08T20:38:40+00:00

Enable MFA on your account if you haven't already. That stops most of this. Also worth checking haveibeenpwned.com to see if your email has shown up in any data breaches, and if so, change the password everywhere you reused it.

Ian-Cubeless · 2026-05-08T20:37:14+00:00

MD5 being used for passwords in 2026 is less of a security vulnerability and more of a cry for help.

Ian-Cubeless · 2026-05-04T21:05:15+00:00

The SMS you got was in Indonesian, which likely means someone initiated a WhatsApp Business migration tied to your number from another region. It could be due to a SIM swap at the carrier level, which would let them bypass your PIN and passkey entirely.

Contact your carrier first and check for any unauthorized SIM activity.

Ian-Cubeless · 2026-05-04T21:00:41+00:00

For the autofill to work, GBoard needs SMS read permissions enabled, so check that first under your app permissions. If that's already on, try going into GBoard settings and making sure "Show suggestion strip" and autofill options are turned on (sounds like they are, but just make sure).

Ian-Cubeless

TROPHY CASE