Contenu connexe Similaire à Turn Your LeakedIn Account Back Into a LinkedIn One (20) Turn Your LeakedIn Account Back Into a LinkedIn One2. Meet Sam
2
Sam’s an up-and-comer
who has active online
accounts with his bank,
credit issuers and social
networking sites—
including LinkedIn.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
3. Sam’s got a password problem
3
Sam’s LinkedIn password was
one of 6.5 million passwords
posted on a Russian hackers’
website.
His password was iAmSam.
He used this password for his
primary email and many
other accounts.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
4. Sam’s not happy
4
He reads on The Verge, a great source for tech news, that
LinkedIn stored passwords as “unsalted SHA-1 hashes. SHA-1 is a
secure algorithm, but it is not foolproof if your password is
simple and short. LinkedIn could have made the passwords more
secure by ‘salting’ them.”
Salt. Hash. Huh?
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
5. 5 Sam is confused
What do passwords have to do with greasy diner food?
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
6. Sam does his homework
6
He learns that many websites—
including LinkedIn—encrypt
passwords in an effort to protect
them. The encrypted passwords are
called hashes. The site stores the
hashes on its servers instead of the
passwords themselves.
For example, a website could use
an SHA-1 or Secure Hash Algorithm
to convert
iAmSam
to
c743bb2561f20745330122
dcc254abaf524e277d.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
7. 7 Sam learns why salt is good
To make password hashes more secure, a system
adds salt (or random characters) to the beginning
of the password. Then it converts the new, salted
password into a hash.
So the iAmSam password would be salted to look
like RoUTiAmSam, then hashed into
ebc5047362323f1e29c1cb3d457594b1ca4ea2bc.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
8. 8 LinkedIn didn’t add salt
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
9. How the hackers get in
9
Hackers armed with your hashed password and
username can:
1. Log in to your LinkedIn account
2. Lock you out
3. Spam your contacts
When your contacts click on links in their spam email, they
let the hackers in by downloading malware. This malicious
software gives hackers access to their computers.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
10. Hackers love Sam
10
Then the real trouble begins.
Once they’re in your computer, hackers can gain access to
your personally identifiable information, such as a birth date,
look up your mother’s maiden name and launch serious
identity theft.
The real problem: Like so many people, Sam uses one
password for most of his online accounts.
Hackers love Sam because he used his LinkedIn password on his
primary email account, so now they can access his email.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
11. 11 Sam’s password is his identity
Sam’s email address is a key piece of his identity on
the Internet. Often it is his username for an online account.
Armed with his email address and password, hackers can
enter his accounts, reset Sam’s passwords and gain control.
To make matters worse, Sam saved copies of his printed
identification—his passport and Social Security number—in
his email account.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
12. 12 Sam’s vulnerable
LinkedIn users are at greater risk for fraudbecause:
1. They have higher incomes.
2. Their profiles are meant to be viewed by strangers.
3. They are often lax with their privacy settings.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
13. Sam swings into action
13
He follows these seven tips:
1. Change your password
2. Create a strong password
3. Make it even stronger
4. Use unique passwords
5. Consider a password solution
6. Alert others
7. Beef up security
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
14. Sam Smart
greeneggsandham@smail.com
14 1. Change your password
Log in to your account. Go to settings and click on
“Password Change.”
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
15. 15 2. Create a strong password
It should be long. Think of a good
quote or song and use the first letter
in each word to make a long password.
Sam uses a line from his favorite
Dr. Seuss book.
Quote: “You’re off to great places.
Today is your day!”
Password: yotgptiyd
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
16. 16 3. Make it even stronger
Include numbers, upper- and lowercase letters, and symbols.
For example, “3Dogz$$!” is better than “1006.”
Or substitute numbers for letters that look similar (for
example, substitute “0” for “o” or “3” for “E”.
Sam replaces the “o” with “0” and the “d” with “6.”
Old password: yotgptiy6
New password: y0tgptiy6
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
17. 17 4. Use unique passwords
Avoid using the same password twice.
If that old LinkedIn password is used on other websites,
go to those sites and change the password immediately.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
18. 5. Consider a password manager
18
Sam is annoyed. How will he
remember his passwords?
He checks out password
managers like OneID,
1Password and KeePass.
They make it easier for you
to remember, manage and
secure your passwords.
Some are free. Others have
monthly fees.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
19. 6. Alert others
19
If your account is compromised, alert your contacts so they
don’t become victims. Notify LinkedIn to regain control of your
account or freeze it.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
20. 20 7. Beef up security
• Sign out of website accounts after you use them.
• Set your account information and privacy settings as tight
as possible.
• Keep your antivirus software up to date.
• Don’t publically share personal information.
• On social networks, only connect to people you know and trust.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
21. Sam is glad
21
Now Sam uses strong, unique
passwords for different online
accounts.
He feels good knowing he’s doing
everything he can to protect his
identity.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
22. 22 Be proactive
If you suspect you’re a victim of
identity theft, call your bank, credit
union or insurer. They may offer identity
theft protection.
Or call Identity Theft 911
1-888-682-5911
Don’t be afraid to ask lots of questions.
© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012