That’s the finding of a new report from the Government Accountability Office (GAO)—a non-partisan agency that investigates issues at Congress’ request. In a report published on Tuesday, the GAO found “mission-critical cyber vulnerabilities in nearly all weapon systems that were under development.” According to the report, software-enabled functions that are “potentially susceptible to compromise” include targeting missiles and flying aircraft.
I'm not surprised in the least. Not changing default passwords seems to be the norm in Washington.
I have been meaning to change mine just 'cause it's time and I should do it routinely. One of my passwords is from 'dial-up' days.
Just switch to lastpass, it's free and integrates/syncs with all browsers and Android/iPhone. Every website I have an account on has a completely different and randomised password to every other site, all I have to remember is my master password. So if one site gets compromised it doesn't matter, they can't then login to my email or other sites I have an account on .
Yeah I worry about password managers. Some store passwords on a server that can be hacked, some use browser extensions which can break during an update, others have just gone out of business and stopped updating their software. I worry...
Lastpass uses end-to-end encryption. E.g., your device encrypts all the data with your password before sending it to their servers, then your device decrypts all the data from their server with your password. They don't store your raw passwords just the garbled ones. Obviously if someone was to hack them they could push out a rogue version of the app/browser extension that stole your master password when you entered it, but I doubt it.. stop being paranoid
(Lastpass does let you export your passwords to a CSV or something if you want a fully offline backup, which is worth doing every so often)
Transient wrote:Yeah I worry about password managers. Some store passwords on a server that can be hacked, some use browser extensions which can break during an update, others have just gone out of business and stopped updating their software. I worry...
It's one of the reasons why I still use Keepass. It stores passwords in a local database that's under your own control.
My Keepass database is protected with both a password and a 256 bit private key (file). I put the database in Dropbox and keep the private key file on my own devices. That way the DB is synced across all devices and even if Dropbox is hacked, they'd still need my private key and the password to open the database.
.
