Password security

Recently, there has been news coverage of the LinkedIn password breach.  In the battle for internet security, experts say there are ways to protect your passwords from being hacked.  Take a look at these tips from a timely CNN article.

How to check if your password was stolen — Password-management firm LastPass has released a secure tool to see if your password was among the more than 6 million stolen from LinkedIn. LastPass created a similar tool for people worried about the security of their eHarmony accounts.

Your password still matters — Even in cases such as the LinkedIn breach, when it’s a website, not a personal account, that’s being hacked, the strength of your password can still help keep you safe.

On sites such as LinkedIn, stored passwords are “hashed,” meaning the site uses an algorithm to encode them. So, even if hackers get the data, they still have to unravel them before they’re useful.

“Don’t give up. Don’t think this is all futile,” Cluley said. “Choose a long, hard-to-crack, unique password. Not dictionary words. Not a sequence of numbers — use something that basically looks like gobbledygook. Those will be tougher for the bad guys to crack.”

In the case of LinkedIn, there are reports that as many as 60% of the encrypted passwords stolen have been decoded, raising questions about the strength of its security system.

Be careful of post-hack e-mails — When there’s a well-publicized security incident on a well-known website, online crooks are more than happy to pile on.

In the wake of the LinkedIn hack, security professionals were already reporting incidents of users receiving “phishing” attempts — e-mails that look like official communications from LinkedIn. Instead, these messages try to get users to reveal personal data that identity thieves could be use. Or they include links that, when clicked on, can install malware on an unsuspecting user’s computer.

“We are investigating the exact details but in the meantime please DO NOT CLICK on links in email to change or verify account information, at or on any other membership site,” Cameron Camp of ESET Smart Security wrote on the company’s blog. “Instead, navigate to the site directly by typing in the address bar in your browser.”

Use different passwords for different sites — Cluley notes that the hackers who attacked LinkedIn and eHarmony may not have even been interested in information from those sites.

In many cases, they’ll be trying to use the passwords they find on other sites and accounts. Many banks require additional information to log in. But accounts such as Amazon, eBay and PayPal, for example, could be compromised if the user has one password across multiple sites.

“If you get hacked in one place, you get hacked everywhere,” he said.

Lots of folks complain about how hard it is to remember multiple passwords. But there are free online tools that will store and use them for you. Cluley mentioned several, including KeePass, 1password and LastPass.

Cluley recommends those tools over letting your Web browser store passwords for you, because there have been cases of security flaws in some browsers, which hackers have exploited to access user data.

How are you protecting your passwords?