Following yesterdays news regarding the leak of 6.5 million LinkedIn password hashes, it’s once again important for individuals and businesses to look at their password security.
The first priority for any LinkedIn user is to log in to the site and reset their password – this should be done as soon as possible. For many users though, there are additional steps that may need to be taken.
If, like many people, you “recycle” passwords across many sites, then you should reset passwords for all sites that share the same password. This might include passwords for webmail, banking and high profile e-commerce sites (such as Amazon, Ebay and Paypal) as the highest priority. We also recommend that you avoid allowing websites to store card details/payment information if possibile.
You should use a different password for different sites and services to limit your exposure following a leak of data from any site. It’s important to note that many security breaches occur and are not noticed/reported – this case is slightly unique in that the hashed passwords have been publicly released onto the internet, allowing people to take steps to prevent further damage.
What makes a Strong Password
There is a common misconception that a strong password must be a random string of characters that is illegible. The reality of this is that these passwords are usually short and are difficult to remember – subsequently, they are written down or stored somewhere easily accessible. It’s mathematically easier for a computer to brute force or “guess” a short random password than a long password made up of a string of dictionary words. Single dictionary words should definitely be avoided:
- XKCD – Password Strength
We recommend the following steps with regard to storing (and using) passwords:
- Never write down a password or store in an unencrypted document.
- If you are only likely to use a website once, use a completely random password. You can always request a password reset from the site.
- If you need to save a password list, encrypt it using gnupg , PGP or store it within a password safe such as Keypass (which is particularly useful as it has Android, iPhone, Windows and Mac clients and is free and open-source)
- Construct passwords from long passphrases (around 20 characters). An example of a strong, but memorable password would be penguinheadsetscrewdrivercardigan^ which is memorable as it can be visually represented
- If you suspect someone knows your password, change it immediately – this is much easier though if you have unique passwords for each service – rather than having to change passwords on all sites that you use.
As ever – if you need support or guidance and are an existing Skipton Systems customer, contact support@skiptonsystems.co.uk. If you have not used us before, contact sales@skiptonsystems.co.uk