Personal password policy was Re: FYI LinKEdln passwords hacked



On 7 Jun 2012 19:15:21 -0700, in bit.listserv.ibm-main you wrote:

On 6/6/2012 5:38 PM, Ed Gould wrote:
LinkedIn Users: Change Password Now
Attackers appear to have obtained--and may have already decrypted--at
least 6.5 million LinkedIn passwords.

http://www.informationweek.com/news/security/attacks/240001623?cid=nl_IW_daily_2012-06-06_html&elq=a86e12d6260b46e991eaf6fac15b1ab7



Ed,

Thanks for posting this. I did not know about the LinkedIn breach, and
I was able to react quickly.

Regards,
Tom Conley

I have had the following password policy for my use.

1. All passwords used to get to an employer's computer are unique to
that employer.

2. All password for logging on to my home PCs are common to all of
the home PCs and only those PCs.

3. My e-mail passwords are unique to the email vendor.

4. My financial passwords are split between credit cards and banking
so there is some sharing.

5. I have another strong password for a couple of sites.

6. For sites including LinkedIn, Yahoogroups, vendor sites, I have a
common relatively weak password because only the minimum amount of
information needed to register is on those sites (no picture and no
personal information other than what can be gotten from the phone
directory if that much).

7. I have only started using special characters such as '*' in
passwords since I am not confident that most special characters are
stable across code pages (the classic being currency symbol in EBCDIC,
did British users key the pound sterling symbol for JES2?).

8. I rarely change passwords unless forced since I have yet to see
the value except where the keying of passwords can be observed by
others.

With regard to items 6 and 8, what are my real vulnerabilities?
Assuming that my password is among the hacked passwords in LinkedIn,
since I have no truly personal information there and at most a links
to a VERY small group of friends on that site and on Facebook, is it
worth bothering changing the password.

Clark Morris

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: INFO IBM-MAIN
.



Relevant Pages

  • Re: LinkedIn Was Hacked
    ... LinkedIn user passwords were stolen by hackers who then published the ... stolen hashes online. ...
    (alt.2600)
  • Re: FYI LinkedIn passwords hacked
    ... Hammers, football games, and panties don't usualy have passwords. ... LinkedIn isn't as pervasive as Yahoo, but does serve a higher value clientel, at least in the US. ... Major portals such as Yahoo, Google+, Hotmail, etc all do and I would say that getting the word out about a major breech is a service to the community and a slap to the bad guys. ... let's say you cop a million passwords, but before you can exploit them, most all are changed. ...
    (bit.listserv.ibm-main)
  • Re: LinkedIn Was Hacked
    ... "In June 2012 cryptographic hashes of approximately 6.4 million LinkedIn user passwords were stolen by hackers who then published the stolen hashes online. ...
    (alt.2600)
  • Re: LinkedIn Was Hacked
    ... "In June 2012 cryptographic hashes of approximately 6.4 million LinkedIn user passwords were stolen by hackers who then published the stolen hashes online. ...
    (alt.2600)
  • Re: LinkedIn Was Hacked
    ... "In June 2012 cryptographic hashes of approximately 6.4 million ... LinkedIn user passwords were stolen by hackers who then published the ...
    (alt.2600)