Reports recently surfaced that 6.4 million LinkedIn passwords were stolen. LinkedIn confirmed that some of their members’ passwords were compromised, and asked the affected members to change their passwords.
The LinkedIn password hacking news emerged after a file containing 6.5 million unique hashed passwords was posted on an online forum.
According to reports around 200,000 of these passwords were already cracked, which means that the hackers had access to the plain text password which could be used to access the member’s account.
A site called LeakedIn.org was set up where users can check whether their LinkedIn passwords are part of the list of compromised passwords. The service creates a SHA-1 hash of an entered password, and then checks it against the hashed password list to see if your password was leaked (or even cracked).
One of the negative effects of the LinkedIn security breach, explains web expert Chris Shiflett, is that the growing list of hundreds of thousands of cracked passwords will be used to seed rainbow tables that can be used to crack future password leaks in SHA-1 hash format.
Because it is very difficult to reverse engineer an SHA-1 hash string, but very easy to check whether a certain password corresponds to a SHA-1 hash string (which can hence be used to access an account), it is important to select a strong password.
You must make sure that your password is unlikely to be represented in any password list or dictionary, and is also difficult to fall victim to any brute force attack.
A good starting point is to make sure your password is not among the list of most used (and hence worst) passwords.
SplashData, a provider of password management applications, provided a list of the “25 Worst Passwords of 2011”.
SplashData suggests making passwords more secure with these tips:
- Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
- Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online e-mail, social networking, and financial services. Use different passwords for each new website or service you sign up for.
- Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites.