Password security

Recently, there has been news coverage of the LinkedIn password breach.  In the battle for internet security, experts say there are ways to protect your passwords from being hacked.  Take a look at these tips from a timely CNN article.

How to check if your password was stolen — Password-management firm LastPass has released a secure tool to see if your password was among the more than 6 million stolen from LinkedIn. LastPass created a similar tool for people worried about the security of their eHarmony accounts.

Your password still matters — Even in cases such as the LinkedIn breach, when it’s a website, not a personal account, that’s being hacked, the strength of your password can still help keep you safe.

On sites such as LinkedIn, stored passwords are “hashed,” meaning the site uses an algorithm to encode them. So, even if hackers get the data, they still have to unravel them before they’re useful.

“Don’t give up. Don’t think this is all futile,” Cluley said. “Choose a long, hard-to-crack, unique password. Not dictionary words. Not a sequence of numbers — use something that basically looks like gobbledygook. Those will be tougher for the bad guys to crack.”

In the case of LinkedIn, there are reports that as many as 60% of the encrypted passwords stolen have been decoded, raising questions about the strength of its security system.

Be careful of post-hack e-mails — When there’s a well-publicized security incident on a well-known website, online crooks are more than happy to pile on.

In the wake of the LinkedIn hack, security professionals were already reporting incidents of users receiving “phishing” attempts — e-mails that look like official communications from LinkedIn. Instead, these messages try to get users to reveal personal data that identity thieves could be use. Or they include links that, when clicked on, can install malware on an unsuspecting user’s computer.

“We are investigating the exact details but in the meantime please DO NOT CLICK on links in email to change or verify account information, at or on any other membership site,” Cameron Camp of ESET Smart Security wrote on the company’s blog. “Instead, navigate to the site directly by typing in the address bar in your browser.”

Use different passwords for different sites — Cluley notes that the hackers who attacked LinkedIn and eHarmony may not have even been interested in information from those sites.

In many cases, they’ll be trying to use the passwords they find on other sites and accounts. Many banks require additional information to log in. But accounts such as Amazon, eBay and PayPal, for example, could be compromised if the user has one password across multiple sites.

“If you get hacked in one place, you get hacked everywhere,” he said.

Lots of folks complain about how hard it is to remember multiple passwords. But there are free online tools that will store and use them for you. Cluley mentioned several, including KeePass, 1password and LastPass.

Cluley recommends those tools over letting your Web browser store passwords for you, because there have been cases of security flaws in some browsers, which hackers have exploited to access user data.

How are you protecting your passwords?

This entry was posted in Useful Tips and tagged , by CMCA ~ The Essential Credential. Bookmark the permalink.

About CMCA ~ The Essential Credential

CAMICB is a more than 25 year old independent professional certification body responsible for developing and delivering the Certified Manager of Community Associations® (CMCA) examination. CAMICB awards and maintains the CMCA credential, recognized worldwide as a benchmark of professionalism in the field of common interest community management. The CMCA examination tests the knowledge, skills, and abilities required to perform effectively as a professional community association manager. CMCA credential holders attest to full compliance with the CMCA Standards of Professional Conduct, committing to ethical and informed execution of the duties of a professional manager. The CMCA credentialing program carries dual accreditation. The National Commission for Certifying Agencies (NCCA) accredits the CMCA program for meeting its U.S.-based standards for credentialing bodies. The ANSI National Accreditation Board (ANAB) accredits the CMCA program for meeting the stringent requirements of the ISO/IEC 17024 Standard, the international standards for certification bodies. The program's dual accreditation represents compliance with rigorous standards for developing, delivering, and maintaining a professional credentialing program. It underscores the strength and integrity of the CMCA credential. Privacy Policy:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s