The news broke early this morning that millions of LinkedIn passwords may have been leaked online. Hackers are currently working to decrypt a hash of over 6.4 million passwords and have, at last count, succeeded in getting upwards of 250,000 of them. Many of the passwords already decrypted were undoubtedly passwords that were not strong to begin with.
Though LinkedIn has not yet been able to confirm that its security has been breached, it has stated that an investigation is ongoing. In light of this news, the company has decided now might be a good time to refresh its users on the finer points of creating and protecting a good password. Vicente Silveria, director at LinkedIn, has provided some password security tips in a post over at the LinkedIn Blog. From the post:
While our investigation continues, we thought it would be a good idea to remind our members that one of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites. Use this as an opportunity to review all of your account settings on LinkedIn and on other sites too. Remember, no matter what website you’re on, it’s important for you to make sure that you protect your account security and privacy.
The post also contains specific, common tips for password security such as signing out of accounts on public computers, never changing a password through an email link, and changing passwords every three months. When creating a password, Silveria suggests that users make it longer than 10 characters and fill it with random capitol letters, punctuation, or symbols. He warns against choosing a password out of a dictionary or using the same password for multiple websites.
You can follow the ongoing developments in the LinkedIn password hacking story here. If the company does admit to a security breach, it will have many questions to answer about its server security measures.