4 tips to protect yourself from the LinkedIn data breach

Privacy

Written by:

Reports surfaced today that a Russian hacker downloaded 6.46 million LinkedIn users’ passwords.  Even though the passwords were encrypted, hackers have already cracked more than 300,000 of them and are enlisting others to help decrypt the rest.  The weakest passwords are the easiest to crack, but hackers can figure out even stronger passwords with enough time and effort.

LinkedIn stated from its official Twitter account that it’s currently looking into these reports, and now’s the time to protect password security.

You’re already at risk if you’re a LinkedIn user, but your risk is significantly higher if you’ve reused your LinkedIn email and password combination on other accounts and sites.  Here are 4 tips to help protect your accounts from being compromised.

1.  CHANGE YOUR LINKEDIN PASSWORD

If you only do one thing, this should be it.  Follow our simple steps below to change your LinkedIn password:

Step 1:  Log into your LinkedIn account.

Step 2:  On the top right of your screen, you’ll see your name and a drop-down arrow.  Click your name to open that menu, then select “Settings.”  You may be prompted to re-enter your email and password.

Step 3:  Your settings page will open.  On the upper left of that page, you’ll see “Password” and a “Change” link beside it.  Click “Change.”

Step 4:  A “Change your password” box will open.  You’ll be prompted to enter your old password once and your new password twice.  When you’re finished, click the blue “Change password” button.

2.  MAKE YOUR NEW PASSWORD STRONG

Password strength is combination of length, content, and change frequency.  In general, longer passwords with a wider variety of capitalization, letters, numbers, and symbols are the most secure, and the more often you change them, the better.  The harder it is for others to guess, the safer it is.  A few examples of notoriously common (and therefore bad) passwords:

  • “password”
  • your first or last name
  • “123456”
  • “qwerty”
  • “letmein”
  • “master”
  • “abc123”

3.  USE THIS SIMPLE TIP TO CREATE STRONG, UNIQUE PASSWORDS YOU CAN ALWAYS REMEMBER

Here’s a pro-tip for remembering all your login information.  You’ll create a strong base password that you know you’ll remember, then apply a rule to it that will make slight variations of that password for each site where you register.  The result:  a unique password for all your accounts.  Here’s how it works:

Let’s say your base password is AbinePrivacyRocks!@#!  You’ll then make a rule that you’ll apply consistently whenever you make a password.  One example of a rule:  you’ll take the first letter of the site name and add it to the end of your base password.  If you’re signing up for Facebook, for example, you’d add the “F” from Facebook and end up with AbinePrivacyRocks!@#!F.

As long as you remember your base password and the fact that you add the new letter at the end, you’ll be able to remember all your passwords on every site you use.  Just be sure to never tell anyone either your base password or your rule.

4.  IF YOU’VE REUSED YOUR LINKEDIN LOGIN INFO ON OTHER SITES, CHANGE THEM

A 2003 survey found that 65% of us use the same password for different applications or services.  We’re only human; we can’t keep hundreds of different username and password combinations in our heads at all times.  But in our effort to try to keep things simple, we expose ourselves to a great deal of risk.  Think about it:  a spammer who discovers your password on, say, Facebook, can then access all the other sites where you use it:  PayPal, your online banking site, your phone service, your email, and everywhere else.

We recommend using your password creation rule, described above, to make new passwords on all your accounts.  Start with the most important ones (like email, online banking, shopping, and social networks), and move on from there.


We hope you found these tips helpful.  And remember:  you can use them for any password breach, not just LinkedIn’s.  Good luck, and stay private!

16 Replies to “4 tips to protect yourself from the LinkedIn data breach”

  1. Michael Durio says:

    I have found it worthwhile to invest in a password generator/manager application. I really like 1Password by agilebits.com. It operates on multiple platforms, has an encoded database that synchronizes easily with my other hard drives and mobile phone. It makes passwords of user-specified lengths (this can become pretty intense as they get longer and longer) and has other criteria that can be adjusted for the randomly-generated passwords.

    Even if you don’t use this particular software, there’s not much excuse these days for using same, similar and/or easy passwords for website logins. Variety=security.

  2. JustMyComments says:

    One thing I highly recommend that everyone use is a program called ‘KeePass”. It can store all your passwords encrypted, and it can generate passwords for you. With KeePass, you’ll never need to know any of your passwords again. It remembers them for you.

  3. Patricia says:

    I use SplashData’s SplashID and don’t even know most of my passwords. I keep it open on my desktop when I need to login to certain apps and sync to my BlackBerry and laptop. That way at least I don’t reuse passwords for several applications and sites. These days, the few bucks you spend on such applications can be lifesavesr.

  4. Adam Ghilchrist says:

    Thanks a lot. You’ve just make me sense. Truly I was not think never about my LinkedIn password. I was used my LinkedIn email and password into the many other sites. Now I’m in confused. I immediately need to change my password with more powerfully. Thanks once more time.

    best bank

  5. Patricia says:

    Solved my problem regarding the memorization of passwords. It’s been absolutely impossible until Abine came along. That plus your never fail memory tip is the best!

    • Sarah Downey says:

      So glad you like it! I’ve been doing this for years, and this was the first time I thought of sharing.

  6. jbirch says:

    Many accounts have their own valid password rules: at least 16 chars, at least one digit, at least one punctuation other than space, must be changed every 90 days, …

    • Sarah Downey says:

      Yep. That’s why I suggest choosing a base password that’s sufficiently complicated: it’ll survive most of those requirements. Another surprisingly secure way to generate a password is to come up with 4 separate, random words, so it’s more like a pass phrase than a pass *word.* The webcomic xkcd explains this really well: http://xkcd.com/936/

  7. jibberishname says:

    The main problem with password generators is that they often don’t keep track of all of your accounts.
    Also, no generator program lasts as long (eg. 3-5years) as some accounts (eg. 20 years), and when it dies, so does every password! Most are designed to be incompatible with any other generator, to prevent migration.

    My (imperfect) answer is to keep an encrypted log of my accounts. I have always used a process similar to your steps 1 & 2, & still have to remember the one log file password, and periodically back-up the log file to a local storage medium. (Carbonite is convenient for most stuff, but not dependable for several technical reasons.)

    I started with Word Perfect in the ’70s, and was forced to convert to MsWord, but this also allows me to keep track of other account related information like ‘security questions’, support #s, etc.

    • Sarah Downey says:

      Good advice. What do you do to make sure you have those passwords with you if you’re not at your computer? Do you have a version on your phone or something?

  8. jibberishname says:

    Warning: If you hit [Submit] before entering the Capcha words, your offering will be ERASED.

  9. Cackimondius says:

    Surely #4 illustrates why #3 is a bad idea – becuase if someone has hacked my LinkedIn password and it’s (for example) AbinePrivacyRocks!@#!L then they might reasonably extrapolate that my Amazon password is AbinePrivacyRocks!@#!A….

  10. SES21 says:

    I’m a fan of LastPass. It works cross-platform (Win/Mac/Linux) on all major browsers (IE/FF/Chrome/Opera/Safari) & all major phone OS’ (Android/iOS/BB/WinMoPhone/Symbian/webOS); your data is encrypted before it leaves your device & then it’s replicated to your other devices & accessible at the LP website. It has the convenience of a cloud solution with the security of local encryption!

    Disclaimer: I don’t have any interest in LP, financial or otherwise. I’m just a very satisfied user.

  11. […] at the Online Privacy Blog, I stumbled across an interesting image (that by the way has made it a challenge to save this […]

  12. […] at the Online Privacy Blog, I stumbled across an interesting image (that by the way has made it a challenge to save this […]

Leave a Reply