LinkedIn data breach compromises 6m+ passwords
Posted in 'Identity Theft' by Barry Stamp
12 June 2012
Last week’s data breach at LinkedIn, which compromised the passwords of over 6m of its users, is a timely reminder to us all about the need to use different passwords for different websites.
The user names and passwords were published on sites used by hackers, and those hackers were most probably not just curious to find out who was connected to who. They know that many people use the same user names and passwords on several sites, and simply by fishing around they may well strike it lucky and access a bank account or a credit card account. And then empty it. After all, it’s far less risky than holding up a bank, or committing a burglary, and there’s a significantly smaller chance of getting caught either.
But how can you possibly remember the vast quantity of user names and passwords that are needed for everyday online activities, without committing the mortal sin of writing them down?
One answer is to use a password vault, but sadly some of the best of these have also been hacked. So, as usual with most things related to identity fraud, it’s down to you to strengthen your password disciplines.
Among the mortal sins of password disciplines include using ridiculously easy ones such as password or pa55word, or letmein, or sesame. Equally common mistakes are using puns such as Liverpool1 or England1, or in this year in particular, passwords such as London2012 or Jubil33. In the words of Michael Jackson, if you use these little beauties, you are not alone. And fraudsters will try those first.
So how can you protect yourself and use several unique passwords for different sites without having to write them down?
We’ve said before in these articles that the best passwords are those that are truly unique. An example of a unique password that we consistently give is based on lyrics from Hotel California by the Eagles: ‘Mirrors on the ceiling, pink champagne on ice’ – and add a ^ sign after ceiling, and a dollar sign to link the California aspect to give motc^pcoi$.
To use on several sites you then add the second letter of the website name in second place, and the last letter of the website name to the final letter of your new password. So for Checkmyfile your password would be mhotc^pcoi$e – and despite the complexity of the new password, you can easily retrieve it just by humming the tune, remembering the ‘personalisation’ to each website, and you’ll be rattling out unique and very secure passwords for each and every website you use in a matter of seconds. No paper lists. No forgotten passwords.
Simples, as a certain meerkat would say.
Barry Stamp is a co-founder of Checkmyfile and is the author of the industry acclaimed handbook, ‘Identity Theft Prevention and Victim Assistance’. He can be contacted at email@example.com.
More Articles by Barry Stamp