You should all know by now that LinkedIn got hacked. The hacker released a file containing millions of password hashes. A hash is not the password itself, but how websites store your password in its database. It is supposed to be secure, and to guarantee that no one can know what you password is. So you may think that it does not really matter after all. You are wrong.
In an article published Monday, a security analyst explains how he was able to crack 2 million passwords from the LinkedIn file released by the hacker. It took him less than a day using an old computer and a free password cracker called John The Ripper.
What you should take away:
1- Don’t use the same password on every websites
2- Don’t use the same rule to create your passwords. Example:
myPW4Linkedin, myPW4Facebook, or myPW4mybankaccount.
3- When changing your password, also update your security questions.
4- If allowed, make your password more than10 characters,mix of letters, symbols and numbers.
5- Make your password random. Use this site if you run out of ideas.
6- Change your password every month (I know it is a PITA).
7- Consider not using the same username on each website. Usernames are after all part of the security as you need both the username and
password to log in.
8- Don’t wait, do it now.