LinkedIn lost 6.5 million passwords to a group of hackers this week, giving us another reason to not use the same password on multiple sites.
LinkedIn is investigating the leak and taking action on accounts that may have been compromised, but if you use LinkedIn it’s a good time to go pick a new strong password that you don’t use anywhere else.
Sophos Naked Security specialist Graham Cluley tells the AP that hackers are trying to break encryption on the passwords, and that the real damage comes if the hackers also have the email addresses associated with the passwords.
This is the real threat.
Why Should I Care About LinkedIn Passwords?
Most people practice poor password security, re-using the same password across multiple sites. This means that the same email and password combination that logs a user sin to LinkedIn, might also access the user’s work email, bank account and Amazon shopping.
Hackers can use this data to take over user’s emails for phishing scams or to cause financial harm.
What Should I Do Right Now?
First off, change your LinkedIn password. Next, if you use the same password and email address combination, or similar combinations, change all of those.
I recommend turning on two-step verification security for your Gmail account. This uses a strong password and your iPhone, Android or BlackBerry to log in to Gmail. By requiring two items, one you know and one you have, hackers cannot access your account as early as one with just a password.
Check out a description of Gmail’s 2-step verification in the video below.
Unfortunately not all of our accounts use 2-step authentication, but it is possible to secure PayPal with a similar matter and some banks offer this more secure authentication.
What do I do Next?
The next step is practicing better security, especially on smartphones. Though it was not used in this breach, the fact that the address bar is hidden on many smartphone viewed webpages allows hackers to trick users into sharing credentials. Always be sure you are logging in to the right site on your smartphone.
When possible I recommend using an app for common websites so you don’t need to enter a password all the time.
To secure your accounts even better, look for password managers. These apps and services can create and remember super-long passwords for you.
Watch 1Password in action in the video below.
Did you lose your account info in this breach? What password security tips can you share?