Thursday, June 7, 2012

Password Protection: LinkedIn Passwords Hacked

This week, LinkedIn reported that about 6.5 million of its customers' passwords were hacked by a Russian pro hacker and shared online.

You might be thinking, "What's he going to do with that? Add bogus duties to my job descriptions?" Probably not. But more likely what a hacker will do is trace those passwords to any other accounts you might have with the same email address and try and go for your bank account, or something equally valuable.

Before you freak out, here's what you need to do.

Go change your password on LinkedIn right now.

Changing Your LinkedIn Password

How do you change your password? It's not that hard. First, visit and login. Then, in the top right corner, where you see your name, hover your mouse to activate the drop down menu and click Settings.

Once inside your settings menu, you'll see your main account information, and right by the word password, click Change.

The next step is simple. A menu will pop up and ask you to input your current password, and your new password (reiterated for security).

Simple, isn't it? Phew.

But wait. There's more you should do.

Was Your Password Hacked?

As reported by Mashable, a company called LastPass has set up a secure tool that lets you see if you old password was one of the ones that was compromised. After changing my password yesterday, I ran the old one through the tool this morning:

Uh oh. So my password was in that batch. That meant if I used that password anywhere else, on any other site, it needs to be changed. It took a while to locate them all, but they're safe now.

Protect Your Passwords

Password hacking is a fairly common occurrence, but there are some steps you can take to keep your passwords safe.

  • Use different passwords. This should be common sense, but I know plenty of people who use the exact same password for everything: Facebook, bank account, email, news sites, etc. Don't do this, because if someone hacks that password, they can get to everything you wanted kept safe online. 
  • Don't use your birthday, SSN, or address numbers in your password. Lots of people do this, and it makes it very easy to guess their passwords. 
  • Create difficult to hack passwords. My favorite trick is to create acronymic passwords. Take a sentence that you'll remember, like "My first dog's name was Fido." Now take the first letter of each word or substitute numbers for words, and you get a password that you'll remember and a hacker will have trouble figuring out: m1dnwF. It fits the six letter requirement, plus has a number and a capital letter in it, so it will pass most password requirements.
  • Don't share your password. If someone needs to access your account, don't give them your password. Log in yourself, and then watch everything they do.
  • Check your spam filter and trash folders on a regular basis. Recently, Jessie Cross of the Hungry Mouse blog fell prey to someone who hijacked her domain name after hacking her email. She missed the change of ownership on the domain name because that person had set up a filter to get rid of any notices of the changes. Every two weeks, take a quick scan of your trash and spam folders in your email account--who knows, you might have even missed some real mail thanks to over-zealous filters. 
  • Change your password regularly. I know, I know, this one is a big hassle. But really. Do it. Make a reminder in your calendar, say, every three months, and change all your passwords. You'll thank me later.
Do you have any tips or tricks to share about keeping your passwords secure? Please share in the comments.