“I don’t have anything in there that anyone would
steal want, anyway.”
LinkedIn and eHarmony recently revealed that some 8 million passwords were compromised. This is a problem, mostly because people + passwords usually suck. True, no hacker really gives a rip if they get into my LinkedIn and … what, they can edit my online resume?
Except, it’s tied to my email address. Which might be the same email and password I used for PayPal, which is tied to my bank account. For that matter, my email password might be the same. If you can get into my webmail, you can search it for banking records. Find out where I bank, what username I use. Even if I use a different password for online banking, a fairly common cracker could visit my online banking site, hit Forgot Password and get it reset – through my email. Yikes.
So, in light of this, let’s do a little refresher.
Longer is better
Mix them up
Change them regularly
I do my passwords based on how much I trust the site to keep my data safe, or how much I value that data. I keep three passwords. There are others, but I only use them once.
I have one truly unique password, on my web based email account. I do not use this password anywhere else. It’s a passphrase – a full sentence. I can type it, remember it, quickly and easily. But it’s over 35 characters long.
All my online banking / PayPal / money-type accounts share a password, and since it’s a small number, I can change all half-dozen or so relatively quickly. It is a long, complicated password, over 20 characters long.
My heavily-used sites share my easier, 10 character password.
Sites I will possibly never visit again, I use a throwaway password. After all – if I come back, I’ll just do a password reset. Otherwise, I don’t trust that site to protect my security, why should I share a password with them that links to other websites I DO care about?
What should you do now?
- Change passwords, in order of sensitivity. If you use the same password in all locations, and you have a LinkedIn or eHarmony account, do this:
- Change your online banking passwords
- Change your web based email password
- Change your LinkedIn / other passwords, as best you can
Some interesting write up on the Linked In breach. I love how this site shows you how to search the leaked password hashes; brilliant. Oh, and you can get the passwords from The Pirate Bay via torrent.