LinkedIn Password Breach Insights Part 1: 3 Ways to Protect Yourself

LinkedIn Password Breach Insights Part 1: 3 Ways to Protect Yourself

Motty AlonJune 11, 2012, 11:05 am EDT

More than 50% of users use “password”, “secret” or “LinkedIn” as their password

Reading the latest news about LinkedIn and the discussions on the wire over the last few hours, two issues immediately struck me on how vulnerable plain passwords really are.

First issue is simple. You register to a social network, and use the same password that you use for your email account, online banking account or frequent flyer account. Banks are bound by robust data protection techniques that are supposed to keep your password safe. Even your favorite airline needs to have some control over its user database – mainly because of payment cards and other privacy regulations. But then, just because it’s easy to remember (and frankly, how many nonsense 14-character alphanumeric combinations can one person remember?) you use the same password for your social network and, just like that, your bank and email accounts are wide open. And by the way, once you personal email account is breached, a sophisticated hacker can replace all of your passwords just by pressing the “Forgot Password” link and following the email instructions.

But seriously, when reading the technical security discussion trying to analyze the LinkedIn stolen database, it seems that more than half of the passwords could be breached easily just by using words like “password”, “secret” or “linkedin”. Now that the hackers have the email account and password they can start creating more sophisticated attacks using the information that they already have.

So what can you do to protect your login information on other sites & in the future?

1. Don’t use good ‘ol simple “Password” as your password. Personally, I’ve been preaching this for more than a decade now but apparently 50% of users either neglect such warnings or just don’t care. Some of the best passwords are four unrelated, but common, words that create a funny mental picture, like CorrectHorseBatteryStaple.

2. If you access most of your accounts with just a username and password, be sure to use different passwords for different accounts.

3. Most importantly, push your organization to use One-time Passwords (OTP) for stronger authentication. OTPs provide a much more robust solution to all those weak passwords and could save you a lot of hassle.

You can read more password tips in our #securechat overview on password security. Stay tuned this week for Part 2: Protect Your Organization to learn what LinkedIn could (should?) have done to protect their users’ information.