You might have seen some articles online recently saying a hacker has offered 112 million usernames and passwords for sale that were obtained from LinkedIn in 2012. The passwords are encrypted, but in such a way that they are relatively easy to decrypt again.
The first thing I wanted to say to you, then, is this: if you have a LinkedIn account it would be wise to change your password, especially if you haven’t changed it in the last four years! Just to be safe, I would recommend changing your password anyway; I have, and I last changed it just a few months ago.
But what was I talking about when I mentioned password “hygiene” in this post’s subject? Well, it’s difficult to remember lots of different logins so people tend to reuse their usernames and passwords across multiple sites. That’s why criminals are often happy to pay good money to get hold of the details in these breaches; they will try the same username and password combinations on other sites and services and there’s a good chance a fair few of them will work.
Instead of reusing login details between sites, you should have a unique password for each one. Yes, it’s a pain to have to do that, but it’s by far the most secure practice. So here are some general principles for secure passwords.
Firstly, don’t use your pet’s name, children’s name, or date of birth. A little research can soon turn up these details about you, and are one of the first things hackers will try to guess.
Secondly, your password should be at least 8 to 10 characters long, and longer if at all possible. You should also use a combination of letters and numbers.
So, how can you come up with those passwords? Here’s a technique that might help:
- Try thinking of a phrase that you will remember, such as “you don’t know the password for my online banking and I won’t give it to you”.
- Take the first letter of each word from that phrase. So the example above would give us “ydktpfmobaiwgity”.
- Good start, but let’s change the vowels for numbers, so we end up with “ydktpfm0b41wg1ty”.
- Finally, a few capital letters to make things a little more secure… let’s just capitalise the first and last letters to keep it simple, “Ydktpfm0b41wg1tY”.
We now have a secure password that nobody would be able to guess without knowing your longer phrase. The thing is, it’s still difficult to remember a phrase for every service you use! So what’s the solution?
The way I deal with this is by using a password manager. These are programs that will generate passwords for you, and securely store them so that you just need to remember the password to the password manager (remember to make it a good one!). There are several password managers available, including the free Dashlane. The one I use is a paid option called 1Password but there is a free trial if you want to try it out.
Whether you choose to use a password manager or do it all by memory, please, please make sure your passwords are secure and that you don’t reuse them on more than one site. And remember, if you have a LinkedIn account… change your password.
This article was first sent to my email list members. If you would like to get the latest articles first, please sign up to receive them via email. I won’t spam you, and I will never pass your details on to anyone else.