The problem could be much bigger than simply Linked-In though. Of course most people know the advice about not using the same password across multiple sites but I bet a lot of people do so. Given the work connections that people have in Linked-In, this suggests the potential of some corporate security problems in addition to all the other ecommerce web sites (Amazon, EBay, etc.) and social sites (Facebook, Google, etc.) and others (dropbox, box.net, etc.). Easy to think of the major damage that can be done by one concerted attack.
As for picking passwords, much has been written and tools for checking password strength. Personally, I would be careful about typing in passwords into an online tool for checking password strength for a number of reasons:
- Your computer might already be compromised
- The internet connection might be insecure and could be "overheard" - particularly if hackers think that a lot of passwords are going to be updated, they might listen in and add tested passwords to their "dictionaries" of passwords to try.
- The sites might be spoofed by hackers to use to collect the same information.
Having said that, it is helpful to see how they "score" a password and you can also enter a variation of a password you are actually considering.
Here is a screen capture from PassWordMeter.com where I test the strength of my last name. Obviously it is a very weak and easy to guess password that I've never used.
There are tradeoffs for security vs. remembering since it is a huge security hole to write down passwords. Make sure not to rely on just words in the dictionary. A mix of letters and numbers are helpful. Adding symbols is even better but not all systems accept this.
Tim
No comments:
Post a Comment