Change your password. Now.

LinkedIn's hashed set of passwords has leaked (6.5 million of them) and apparently they were doing Mickey-Mouse stuff in terms of password security (full details here).

So, public service message:
  1. Change your password for your email, online banking, and Facebook.
  2. Use three different passwords for each of the above.  You don't want to use the same password for each.
  3. An easy-to-remember, very secure password scheme is explained in this XKCD cartoon.
  4. Reuse a fourth, easy-to-remember password (abcd1234) for all the other junk, like newspaper subscriptions.
Some explanations:
  1. I think we all understand why your bank password should be secure. Your email should be even more secure because anyone who gets into your email can reset any password they please.  Why Facebook? So that people don't get into your social network and send letters claiming you are stuck in Madrid. You know that old aunt of yours might fall for that one. Protect her by choosing a secure Facebook password.
  2. Why use different passwords? So that a leak of one password, like the one on LinkedIn, does not compromise your other accounts.
  3. Passwords should be easy for a human to remember and hard for a computer to guess. One option is to create a catch phrase, rather than letters.  So, for example, a very secure password for Facebook would be  DontWorryImNot./Madrid  (I am using the Unix dot-slash instead of the word in).  The length of this password, along with the use of symbols makes it extremely secure.

No comments:

Post a Comment