It doesn’t matter how great your password is when hackers steal account information straight from the source.
LinkedIn recently revealed that a 2012 security breach thought to have exposed the passwords of more than 6 million users actually involved upward of 100 million users. Though LinkedIn is actively trying to contain the information, millions of passwords have already been bought and sold on the dark web.
What does this mean for the everyday LinkedIn user? Change your password, for sure, just in case your account is targeted. Four years after the leak, it’s very likely that if nothing has happened yet, it never will — but it isn’t guaranteed.
Next, you’ll need to make sure that your entire online identity is secure. Users have to create secure logins for their accounts to have a chance of protecting their credit cards, banking information and emails from prying eyes.
It’s not difficult to follow the rules of internet security, though it can be time consuming, but the payoffs are immense. Here are a few tips we’ve picked up about protecting yourself from big data leaks:
Use multiple passwords
People take security for granted. There’s generally a single key to get into your home, a single key to your car and a single passphrase to get into that spooky underground dance club you love so much. Even if someone stole your car keys, they’d still be locked out of your house because the locks are different. It’s likely that you didn’t choose this system; it’s just how the world works.
The internet isn’t structured that way, at least not yet. Every time you sign up for an account online, you pick the lock and key. No one wants to remember dozens of passwords, so we tend to stick to just one that we’ll use for every account we make. It’s convenient, but it’s like using the same locks for your car, house and lockbox at the bank. One stolen key can open everything.
Example: your online banking, email and LinkedIn accounts share a password. LinkedIn has a data leak and your username and password combo are sold online. Hackers can now log into your LinkedIn account and do (probably limited) damage. With a single password across all services, though, they can now log into your email account, identified from your LinkedIn login.
Once they’ve logged into your email service, they’ll scan everything you’ve sent and received. Do you have receipts from Amazon or notifications from your bank? If so, your hacker now knows to at least try logging in at those sites, where they have something meaningful to gain. They’ll change your passwords to keep you from logging in and regaining control, and send password reset requests to sites where you’ve used alternate passwords, if there are any.
Using a different password for every account — every single one — makes a total takeover of your life much more difficult. In the example, the the breach of your security is contained to LinkedIn if your email address simply has a different password.
Creating and memorizing dozens of passwords is inconvenient at best. Password managers like 1Password and LastPass make security a bit easier by storing your passwords securely, suggesting new ones and, with a plugin, automatically logging you into sites you’ve saved. These apps can be pricey, but they keep passwords secure in a convenient way.
When picking a password, we tend to pick a single word. It’s right there in the name, after all.
Single words are weak to brute force attacks by hackers, using programs that try every word in the dictionary and thousands of variations on each. Adding numbers helps, though obvious replacements like switching “A” to “@“ don’t make much difference, and jumbles of numbers and letters are more secure, but difficult to remember. The best passwords are actually phrases.
According to howsecureismypassword.net*, a site that estimates password security, it would take 5 million years for a brute force program to crack the passphrase “quick brown fox.” It’s simple, unlikely to be guessed by anyone trying to break into your account by hand, and you can tailor it to individual websites by adding a word or two, like “Amazon quick brown fox,” which howsecureismypassword.net estimates would take 2 quintillion years to be cracked by a computer. It’s worthwhile to add a number or two anyway for safety’s sake, but even without digits it’s still a far cry from using your kids’ birthdays or, heaven forbid, “password123.”
* Don’t enter your actual password. While the site is almost certainly on the up-and-up, it’s best to avoid the risk. Use a password with similar qualities to yours and you’ll be fine.