LinkedIn Breach: How to Make Your Passwords Stronger

LINKEDIN BREACH:
HOW TO MAKE YOUR PASSWORDS STRONGER

Meet Sam
2

Sam’s an up-and-comer
who has active online
accounts with his bank,
credit issuers and social
networking sites—
including LinkedIn.

© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012

Sam’s got a password problem
3

Sam’s LinkedIn password was
one of 6.5 million passwords
posted on a Russian hackers’
website.
His password was iAmSam.
He used this password for his
primary email and many
other accounts.


Sam’s not happy
4

He reads on The Verge, a great source for tech news, that
LinkedIn stored passwords as “unsalted SHA-1 hashes. SHA-1 is a
secure algorithm, but it is not foolproof if your password is
simple and short. LinkedIn could have made the passwords more
secure by ‘salting’ them.”

Salt. Hash. Huh?


5 Sam is confused
What do passwords have to do with greasy diner food?


Sam does his homework
6

He learns that many websites—
including LinkedIn—encrypt
passwords in an effort to protect
them. The encrypted passwords are
called hashes. The site stores the
hashes on its servers instead of the
passwords themselves.
For example, a website could use
an SHA-1 or Secure Hash Algorithm
to convert
iAmSam
to
c743bb2561f20745330122
dcc254abaf524e277d.

7 Sam learns why salt is good
To make password hashes more secure, a system
adds salt (or random characters) to the beginning
of the password. Then it converts the new, salted
password into a hash.

So the iAmSam password would be salted to look
like RoUTiAmSam, then hashed into
ebc5047362323f1e29c1cb3d457594b1ca4ea2bc.


8 LinkedIn didn’t add salt


How the hackers get in
9

Hackers armed with your hashed password and
username can:
1. Log in to your LinkedIn account
2. Lock you out

3. Spam your contacts

When your contacts click on links in their spam email, they
let the hackers in by downloading malware. This malicious
software gives hackers access to their computers.


Hackers love Sam
10

Then the real trouble begins.
Once they’re in your computer, hackers can gain access to
your personally identifiable information, such as a birth date,
look up your mother’s maiden name and launch serious
identity theft.
The real problem: Like so many people, Sam uses one
password for most of his online accounts.
Hackers love Sam because he used his LinkedIn password on his
primary email account, so now they can access his email.


11 Sam’s password is his identity
Sam’s email address is a key piece of his identity on
the Internet. Often it is his username for an online account.
Armed with his email address and password, hackers can
enter his accounts, reset Sam’s passwords and gain control.
To make matters worse, Sam saved copies of his printed
identification—his passport and Social Security number—in
his email account.


12 Sam’s vulnerable
LinkedIn users are at greater risk for fraudbecause:
1. They have higher incomes.
2. Their profiles are meant to be viewed by strangers.
3. They are often lax with their privacy settings.


Sam swings into action
13

He follows these seven tips:

1. Change your password
2. Create a strong password
3. Make it even stronger
4. Use unique passwords
5. Consider a password solution
6. Alert others
7. Beef up security


Sam Smart

greeneggsandham@smail.com

14 1. Change your password
Log in to your account. Go to settings and click on
“Password Change.”

15 2. Create a strong password
It should be long. Think of a good
quote or song and use the first letter
in each word to make a long password.
Sam uses a line from his favorite
Dr. Seuss book.
Quote: “You’re off to great places.
Today is your day!”
Password: yotgptiyd


16 3. Make it even stronger
Include numbers, upper- and lowercase letters, and symbols.
For example, “3Dogz$$!” is better than “1006.”
Or substitute numbers for letters that look similar (for
example, substitute “0” for “o” or “3” for “E”.
Sam replaces the “o” with “0” and the “d” with “6.”

Old password: yotgptiy6
New password: y0tgptiy6


17 4. Use unique passwords
Avoid using the same password twice.
If that old LinkedIn password is used on other websites,
go to those sites and change the password immediately.


5. Consider a password manager
18

Sam is annoyed. How will he
remember his passwords?
He checks out password
managers like OneID,
1Password and KeePass.
They make it easier for you
to remember, manage and
secure your passwords.
Some are free. Others have
monthly fees.


6. Alert others
19

If your account is compromised, alert your contacts so they
don’t become victims. Notify LinkedIn to regain control of your
account or freeze it.


20 7. Beef up security
• Sign out of website accounts after you use them.
• Set your account information and privacy settings as tight
as possible.
• Keep your antivirus software up to date.
• Don’t publically share personal information.
• On social networks, only connect to people you know and trust.


Sam is glad
21

Now Sam uses strong, unique
passwords for different online
accounts.
He feels good knowing he’s doing
everything he can to protect his
identity.


22 Be proactive
If you suspect you’re a victim of
identity theft, call your bank, credit
union or insurer. They may offer identity
theft protection.
Or call Identity Theft 911
1-888-682-5911
Don’t be afraid to ask lots of questions.


LinkedIn Breach: How to Make Your Passwords Stronger

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (15)

Similaire à LinkedIn Breach: How to Make Your Passwords Stronger

Similaire à LinkedIn Breach: How to Make Your Passwords Stronger (20)

Dernier

Dernier (20)

LinkedIn Breach: How to Make Your Passwords Stronger