Personal password policy was Re: FYI LinKEdln passwords hacked



On 7 Jun 2012 19:15:21 -0700, in bit.listserv.ibm-main you wrote:

On 6/6/2012 5:38 PM, Ed Gould wrote:
LinkedIn Users: Change Password Now
Attackers appear to have obtained--and may have already decrypted--at
least 6.5 million LinkedIn passwords.

http://www.informationweek.com/news/security/attacks/240001623?cid=nl_IW_daily_2012-06-06_html&elq=a86e12d6260b46e991eaf6fac15b1ab7



Ed,

Thanks for posting this. I did not know about the LinkedIn breach, and
I was able to react quickly.

Regards,
Tom Conley

I have had the following password policy for my use.

1. All passwords used to get to an employer's computer are unique to
that employer.

2. All password for logging on to my home PCs are common to all of
the home PCs and only those PCs.

3. My e-mail passwords are unique to the email vendor.

4. My financial passwords are split between credit cards and banking
so there is some sharing.

5. I have another strong password for a couple of sites.

6. For sites including LinkedIn, Yahoogroups, vendor sites, I have a
common relatively weak password because only the minimum amount of
information needed to register is on those sites (no picture and no
personal information other than what can be gotten from the phone
directory if that much).

7. I have only started using special characters such as '*' in
passwords since I am not confident that most special characters are
stable across code pages (the classic being currency symbol in EBCDIC,
did British users key the pound sterling symbol for JES2?).

8. I rarely change passwords unless forced since I have yet to see
the value except where the keying of passwords can be observed by
others.

With regard to items 6 and 8, what are my real vulnerabilities?
Assuming that my password is among the hacked passwords in LinkedIn,
since I have no truly personal information there and at most a links
to a VERY small group of friends on that site and on Facebook, is it
worth bothering changing the password.

Clark Morris

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: INFO IBM-MAIN
.