If you can’t get into your LinkedIn account today it’s because your password is in the hands of Russian hackers. A file containing some 6.5 million LinkedIn passwords was placed on a Russian website similar to a Dropbox account.
LinkedIn have posted on their blog that they’ll be emailing all affected users with instructions of how to reset their passwords. There will be no links to LinkedIn in this email.
LinkedIn have been criticised that their password protection security wasn’t up to scratch, they’ve already enhanced their security with hashing and salting of our their password databases. The compromised passwords were hashed but not salted which is a much stronger form of encryption.
If your LinkedIn password was compromised and you’ve used the same password on other sites then you need to change them all. Don’t forget it’s easy to follow a user from LinkedIn to your website, your blog, Twitter, Facebook and any other linked accounts. We’d recommend that you don’t use the same password again.
How to generate a strong password
Many sites (including LinkedIn) suggest that you not only use a long complex password but that you also change it every few months. Realistically that’s not going to happen for most people but at the very least we’d recommend you generate one very long complex password that you won’t forget but that you never write down. One of the biggest security breaches comes when you have a notebook full of passwords laying around to be copied or stolen (admittedly more of a problem in an office than at home).
A good way to generate a secure password is to take a memorable song or poem, take the first letter of each word, and then exchange some letters for number and symbols with a mix of lower and upper case. For instance from the nursery rhyme “Jack and Jill went up the hill to fetch a pail of water” an easy password to remember would be “J&Jwuth2f@pow”.
2 Responses
We all new this would happen sometime. If it isn’t linked in it’ll be some other.
About the advice on passwords protection I don’t quite agree that it is a solution, though it’s one of the best I’ve seen. The problem is that we cannot generate dozens of strong passwords – our memory just isn’t taylored for that. We can generate a couple good or a lot of simple ones. If IT guys force us, either we repeat them or we note them down. And the mathematical strenght goes down again.
Good luck you guys from linked in, google, facebook, … And remember we are human!