A password manager has decided to take cybersecurity into its own hands by releasing a feature that conducts covert surveillance of any hacker who tries to access your accounts.

LogMeOnce is password management solution that works with PCs and Macs, as well as Android and iOS devices, to store passwords so that do not have to remember multiple passwords every time you try to log in to services online.

Hackers have been trying to gain access to online accounts since the beginning of the internet when it was just webmail, and these attempts have not abated in the slightest, so LogMeOnce has come up with a new feature called MugShot.

Hacking the attacker's camera to take secret photos

Whenever the service detects someone is trying to gain access to one of the many accounts you might have registered with it, it will then hack into the cybercriminal's webcam, whether it is attached to a PC or the front-facing camera on a mobile device, and secretly take a photo of the user.

An alert is sent to the owner of the LogMeOnce account, together with the hacker's IP address, and you then have the opportunity to take control of the rear-facing camera on the hacker's device, and use it to take a look at the hacker's surroundings.

Of course, this solution relies on the hacker using a mobile device, a desktop PC with a webcam attached, or a laptop with a built-in webcam, but it does offer users the option to proactively take action to protect their online accounts.

Protecting your assets is legal, to a point

"It is very legal to protect your assets, passwords, or access to your online banking credentials," LogMeOnce CEO Kevin Shahbazi told the Washington Post. "But, if they use a public library computer, a stolen phone, or their own phone, and try to get into someone else's account, then we can alert the rightful owner that someone from Ukraine, China or Fairfax, is trying to access their account."

As the service only collects the IP address and photo of the user, there is a limit to what you can do with that information, but since often repeated attacks can come from individuals who actually do know you, such as a former acquaintance, ex-partner or a former colleague or employee, this information could be useful to pass on to your company or the police.

Besides this, security experts now recommend users make sure their passwords are strong enough, and this means they are longer than eight characters in length, feature capital letters, numbers and special characters, and do not refer to personal details.