Reports suggested that over 6 million passwords of the 161 million registered users had been potentially stolen by a hacker, who posted them online. LinkedIn quickly responded with promises to inform affected users and guide them through the process of setting new passwords. Included in LinkedIn’s response was a recommendation that all users update their passwords and consider other best practices to ensure their security.
Unfortunately, this event is not uncommon among sites such as LinkedIn and has been followed by more account compromises, such as Last.fm and eHarmony, both of whom are believed to have been done by the same hacker.
Password theft is a serious risk to all of us. Think of a password as a key to your home. Just as you take care not to let uninvited people enter your home, invade your privacy, misplace or mess up your possessions, or worse – steal your valuables, you need to take the same care with your online information. Once hackers access your accounts, they could get into your email, take your contact list (for spam), get banking information, find enough personal data to steal your identity, change or delete your files, or even use hijack your computer so to use it to send mass spam.
The question for users is how to best secure their passwords. Here are some tips:
Most importantly, make the effort to create passwords that are:
- changed often,
- not used repeatedly in multiple sites, and
- kept securely
Probably the most important aspect of password security is to use words that are not simple or obvious. Mashable (who are always an excellent source of social media news, tips and “how to”) posted an infographic that listed the 30 hacked passwords most often chosen by LinkedIn users. They noted that:
“Link” was the number one hacked password, according to Rapid7. But many other LinkedIn users also picked passwords — “work” and “job” for example — that were associated with the career site’s content.
Religion was also a popular password topic — “god,” “angel” and “jesus” also made the top 15. Number sequences such as “1234″ and “12345″ also made the list.
Bottom line: choose a less obvious password, preferably one that is:
- Over 8 characters
- Not simple enough to be found in the dictionary
- Has a mixture of characters (e.g. $,#,%), numbers and letters (lower case and capitals) — a useful tip is to use numbers to replace letters, for example – use 3 for E, 2 for Z, 0 for o, and l for 1 (that way “hello” would become “h3110”)
If you’d like to be sure your password is strong enough, test it on Microsoft’s secure Password Checker.
Change your passwords regularly and frequently:
The same way you change the batteries in your smoke alarms regularly, passwords are most safe if changed every 3 months or so.
Do not use the same passwords across various sites:
As tempting as it may be, make sure that you don’t use the same password for all the sites you visit, as this makes you even more vulnerable to losing a lot of data, after one site is hacked. This increases your risk of identity theft.
Keep your passwords in a secure way:
Make sure your passwords cannot be easily found by not sharing them with anyone, as well as not writing them down where they can be found (such as stickies on your keyboard!).
Some final tips:
- Obviously, many people do not follow these rules because of the challenge of remembering complicated, ever-changing words. One excellent tip is to create little memory tricks such as mnemonics, where you chose a sentence such as an expression, favourite song, book or poem title/line, and use the first letter of each word. For example “If You’re Happy And You Know It” could be IYHAYKI and if you mix capitals and lower case letters and add numbers and symbols, that could become 1yH&yK1@$.
- Also, there are some secure services to help our aging, ever challenged brains. LastPass comes highly recommended as a safe, easy to use, free service which will help you generate secure passwords, as well as keep them in a single password protected place.