Unless you have been under a rock today, many news agencies spoke about the LinkedIn loss of user accounts and passwords. Even the local ABC affiliate news website had stories about this issue. So why should you be afraid?
Let's talk first about basic security on the internet. Most everyone uses the same password for all their websites. I even know my own mother does this. I have tried to talk with her about this but there is a problem with most people: they do not want to manage a lot of passwords for all the different sites. I see this with my family and friends and I see this at my job as an IT Professional. While it is easier for people to use one password, it is a danger for security in general to security on the internet. This is what we see in today's announcements. If you have a password that is being used by Internet service A and service B, not matter what they are (banking, e-mail, social networking, etc.), if company A gets hacked, your account at company B could be compromised fairly easy.
You might be asking me "Jared, what can I do?" Well, there are a few things you can do.
- Use a password management tool. - This is what I do. I utilize a service called LastPass to manage my passwords. I highly recommend it to anyone from the basic users to the most advanced. It has browser plugins and mobile applications to allow easy access to your information but it is very secure. The company has cloud (or online) storage of your information but they cannot decrypt it. Only you can decrypt the data on your client, be it a browser or mobile device. They offer free accounts for browsers only but cost $12/year to offer mobile system support too. Systems, programs and services like this allow a user to have a very complex password for each site.
- Use different passwords for specific types of sites. - Many people use this system to separate their account types to have 3 or 4 passwords. Each password is used for a certain level of access. For instance, one password could be used for only a few critical site types like banking and very private information, one password could be used for social networking only, one for e-mails accounts and one for other systems. Problem is that if any of the sites in that "security level" loses your data, you have to reset your password on all the sites of that level.
- Use password haystacks. - Originally brought up to me by Steve Gibson, of Gibson Research Corporation, the thought of adding atrophy to a password makes it more difficult to "crack". Going from a password of 6 characters to one of 12 characters can increase the complexity by factors of large numbers.
There are a lot more I could speak about on passwords and will probably write about again. Take the following action items:
- Change your LinkedIn password if you use that site.
- Change your passwords on other sites if it was the same as the LinkedIn site.
- Start to determine how many of your passwords are exactly the same.
- Own your security online and make sure to use some basic understanding of what is important.
Stay safe online.