Thursday, 22 October 2015


LastPassがハックされてユーザーの皆様のアカウント&パスワードがダダ漏れのようですね。大至急マスターパスを変更して二段階認証を適用しましょう。というか、1Passwordに乗り換えて、keychainを自分で管理した方がいいんじゃね? クラウドに大事なパスワードを預けるなんて恐ろしいこと、とても僕にはできませんよ。

Password Manager LastPass Warns of Breach

Hack of cloud-based LastPass exposes hashed master passwords

LastPass Security Notice - LastPass Blog


1Password Leaks Your Data

When a Leak Isn’t a Leak


Here are some tips what I have done to make my 1Password security more robust:
  • Use OPVault format for your keychain file: for more info →
  • Hide your keychain file by changing the location, file name & extension: ie. If you change the keychain file name from 1Password.opvault to, it’s more difficult for hackers to notice that it's a keychain of 1password. Also I put my keychain file inside a hidden folder (just add dot at the head of the folder name).
  • Update your master password periodically: ie, if you include some numbers based on calendar, such as 'somepassword2015-10!', you can update your password monthly without forgetting your new password!
  • Apply 2 factor authentication on Dropbox if you'd like to put your keychain file on Dropbox to share on multiple devices. Also don't forget to hide the keychain file (as mentioned above) in your Dropbox.
  • Turn on the FireWall and FileVault on your Mac: System Preferences > Security & Privacy > Firewall > Turn On Firewall

Furthermore, in my case…
  • I completely block any network traffic (both incoming & outgoing) of by using LittleSnitch, as I don’t even trust (engineers in AgileBits could potentially implement some malicious code in their app to leak your passwords).

Do you think this is too much? Maybe it sounds like paranoia…?
However, I’m pretty sure that no cyber security measure is perfect; any encryption or passwords will be compromised sooner or later, and we cannot be too careful.


No comments:

Post a Comment