If you can’t get into your LinkedIn account today it’s because your password is in the hands of Russian hackers. A file containing some 6.5 million LinkedIn passwords was placed on a Russian website similar to a Dropbox account.
LinkedIn have posted on their blog that they’ll be emailing all affected users with instructions of how to reset their passwords. There will be no links to LinkedIn in this email.
LinkedIn have been criticised that their password protection security wasn’t up to scratch, they’ve already enhanced their security with hashing and salting of our their password databases. The compromised passwords were hashed but not salted which is a much stronger form of encryption.
If your LinkedIn password was compromised and you’ve used the same password on other sites then you need to change them all. Don’t forget it’s easy to follow a user from LinkedIn to your website, your blog, Twitter, Facebook and any other linked accounts. We’d recommend that you don’t use the same password again.
How to generate a strong password
Many sites (including LinkedIn) suggest that you not only use a long complex password but that you also change it every few months. Realistically that’s not going to happen for most people but at the very least we’d recommend you generate one very long complex password that you won’t forget but that you never write down. One of the biggest security breaches comes when you have a notebook full of passwords laying around to be copied or stolen (admittedly more of a problem in an office than at home).
A good way to generate a secure password is to take a memorable song or poem, take the first letter of each word, and then exchange some letters for number and symbols with a mix of lower and upper case. For instance from the nursery rhyme “Jack and Jill went up the hill to fetch a pail of water” an easy password to remember would be “J&Jwuth2f@pow”.