Also, Lastpass is the big boy.. If nobody has breached it yet, or have any hack beyond proof of concept, then it's very secure. It's the Chrome, Windows, and Norton of password managers. Considering some very impressive password, security, and cryptographers use it, that tells us a lot.. Those guys are paranoid. As I said I know some pentest guys, some pretty big ones. They all use it, and those guys are epic paranoid. They don't even use decorated passwords.
Some of my pentester friends and I disagree, they won't touch it and I have for a long time. But I know many professionals who do.
What's the reasoning for them not touching it? I know one security firm full of 'pros', and it's all they will use. The most paranoid guy at work uses Keepass, and then 'carries around' a USB stick with the database on it. Or sometimes photographs passwords before leaving for work. Ridiculous hassle level if you ask me, with probably no benefit to security.
They just dislike the idea of having it stored elsewhere. I haven't really discussed it much with any of them in depth.
The guy at work I mention - same way.. Doesn't like stuff stored 'elsewhere'. But the irony is, 'elsewhere' is probably more secure than on his stick, or photos on his iPhone.
You can download all the passwords and encrypt that folder. Plus not keeping your banking and main email passwords on it.
Maybe you know malware using supersonic wave for communication too. I agree, most people are not aware of such espionage technologies and I don't think Snoden know or could bring out all of them. However I have to say completely blocking all of them is almost impossible if you're targeted by government agancies. At least it requires lots of money & help of experts, but that experts theirselves might be spy, even if you're very intimate with them! (most spy actually make or keep good personal relationship with victim) Snoden did? No, he managed to achieve exodus because many people including Russian gov helped him. If you are a good US citizen, completely block them is almost impossible. Aside from that, it is well possible LP includes many unknown vuln (including crypt one) and skilled attacker might circumvent all preventive measure by combining those exploits, but decoration method at least will give us a time to change those password as such incident will most likely make a fuss.
Not supersonic, I think you mean ultrasonic? I am quite well appraised of ultrasonic spying methods, also more importantly - countermeasures. Cavitation scrambling, ultrasonic saturation, whereas you saturate the ultrasonic bandwidths of a room so monitoring won't be effective, morphing the frequency to keep a stable frequency from being parsed away from the content they desire. 60hz home electrical wiring can be used to spy, a stable 60hz line - any variances of that link parsed, converted to actionable sigint, even subtle frequencies. Line conditioners (KVAR/Capacitor) prevent, and in many cases totally eliminate this from working. A bit more back on topic: But I agree, unless you invest the time/money, or have the right people on your side then there is little chance you can completely block them. Sheryl Atkinson found out how hard that is after she hired some techs to examine how she was being intercepted. Redundancy is a key for them, they want 5, 10, even 20-40+ methods to screw someone over. That's why NYT was hit with 40 pieces of malware at once so if a few are found, they still options. What most people can do is ameliorate the damage, and reduce their surface exposure. Simple things like encryption (not simple SSL heh), and strong passwords are a first step of course. Social engineering, public domain intelligence, and sigint all play into it. But the real problem with people these days are the first two. Those are ones where people need to be more cautious in my opinion. If the target is highly valued, then positioning social asset directly in the path of the objective is ideal of course, as you noted. You'd be surprised at how fast someone goes dark to them with simple encryption(not SSL, lol), and 'careful' moderation of social websites/interactions, and use of complex, rapidly changing passwords. Unless you tee-off someone really bad, it's unlikely your home is being saturated with ultrasonics, not impossible, but unlikely.
LastPass introduces 'Auto Password Change' feature How to use LastPass' Auto Password Change feature?
Ah, sorry for my wrong direct-translated English! I meant malware which use ultrasonic for communication, but your showing about espionage technique and prevention is more interesting. So it's a kind of an approach "If you want to hide a leaf, hide it in forest", right? But well, as you suggested in the last sentence, it's unlikely I will be targeted and I don't want to spend my life in ultrasonic saturated room as it might have long-term effect on my health! lol. I also didn't know about Sheryl Atkinson's incident, thanks for info!
LastPass has a free 6 month premium membership available. If you want to use a Yubikey for 2 stage authentication this is the way to go. https://lastpass.com/hbpromo.php?h=...ca94266e87768e0332f5470b1d0&n=Naritas Finance I always download all my passwords and encrypt that folder because imo worse than someone breaking in is me not being able to access my passwords. LastPass can't give them to you and there is a cookie or something that you can download but if that gets erased you may be out of well in my case about 800 passwords.
Being able to change passwords automatically would be really helpful. If you read the blog posts you see how challenging it is to get it working because of how much variability there is across sites, but they're working on it.
