LinkedIn hacked: How to protect yourself online
(MoneyWatch) COMMENTARY Last week, LinkedIn (LNKD) (along with unrelated sites like eHarmony and Last.fm) suffered a massive data breach when millions of user accounts and passwords were leaked and posted to hacker sites. Is there a way to know if you were affected? And what should you do about it?
First, the good news: The odds are in your favor. Even though a staggering 6.5 million passwords were stolen from LinkedIn, that represents only about 4 percent of the site's 150 million users. And if you were one of the unlucky few whose information was lifted, you should have been informed by now. LinkedIn sent messages to affected members last week indicating that their passwords had already been invalidated, with instructions on how to set up new passwords.
If you're still worried, password manager company LastPass has set up a Web page where you can enter your LinkedIn password to find out immediately if it was one of the ones which were compromised. (Worried about the security of entering a password into LastPass's Website? There are copious details on the page about the technical considerations, but it does indeed appear to be safe.)
Now the bad news. This is the latest string of hacks that illustrate the dangers of using the Web in 2012. LinkedIn bears a significant amount of responsibility in this case, since the site didn't properly encrypt its password database (Read the LinkedIn blog for their response to the issue.) But security problems are pervasive, and any site that requires a password is susceptible to this sort of thing -- or worse -- from cloud storage to social media to job sites.
That's why it's time to review the essential requirements to keeping your passwords safe and secure:
Make your password strong. The first passwords to be cracked from the LinkedIn theft were simple, single-word passwords that could be found in a dictionary, or basic word-and-number combinations.
Make your password unrelated to you personally. Don't use names of spouses, pets, or old high schools. Also, no birthdays or social security numbers.
Mix upper and lower case. And if possible throw in at least one non-alphanumeric symbol, like !, @, or ?. That's what we mean by a strong password.
It's a good idea to base your password on an extended phrase rather than a single word. You can then abbreviate the phrase and mix up the case, such as: 2bon2b*Titq. Discerning Shakespeare lovers will recognize that mouthful of gibberish as coming from Hamlet's memorable line, "To be or not to be; that is the question."
Make all of your passwords different. I can't emphasize this enough --- even if you have a great password, don't use it in more than one place. Every password you generate should be unique, so if someone hacks your LinkedIn account, they don't also get your bank account login at the same time.
Use a password manager like RoboForm or LastPass. Neither you nor I can track and manage dozens of unique passwords. Rather than taking shortcuts in password quality or using the same one over and over, use a manager to store them all for you.
Popular on MoneyWatch
- Reverse cell phone lookup service is free and simple
- Chrysler expected to make Jeep recall refusal official
- 6 ways to pay off your student loans
- Chrysler agrees to recall of Jeeps at risk of fire
- Why geniuses don't have jobs
- The Internship: 6 real-life lessons from the movie
- Top 10 professional life coaching myths
- Chrysler continues its refusal to issue a Jeep recall
4 Comments Add a Comment
- linkicon reporticon emailicon
- You can't be too careful nowadays with what you put on the internet because your accounts can be so easily hacked. I used NetworkClean the other day and was shocked at the security threats my Facebook account had. Everyone needs to take precautions to protect themselves.
- reply
- linkicon reporticon emailicon
- The problem is that the emailed instructions from LinkedIn for how to change one's password don't work (they simply circle one back around to "check your email for instructions"). And there is no way to contact LinkedIn (nor any way to even comment on their blog). My account's simply left wide open!
- reply
- linkicon reporticon emailicon
- You are aware of the irony in this post, I presume? :-)
- reply
- linkicon reporticon emailicon
- People spend too much time on the internet. I have nextdoor to me the third young mother in as many years who have moved into this neighborhood, and whose preschool kids are inside all day while Mommy is on facebook. I kid you not. These moms try in various and sundry ways to get their kids over to my house so my son can play with them and I can be unwitting daycare because I do stuff with my kids. No thanks. Get off your butts, get outside with your kids, get off the darn net. "Net" is right...you're all caught in it.
- reply
