Have you changed your LinkedIn password yet? As we wrote yesterday, the popular social network for professionals has been through a major data breach. To sum it up, 167 million compromised accounts, of which 117 million credentials with hashed passwords were up for sale on the Dark Web.
Read more about LinkedIn’s major data breach
LinkedIn’s Data Breach 49 Weakest Passwords
Leaked passwords were hashed with the SHA1 algorithm. The widely used secure hash algorithm has been the center of controversy, as more and more security researchers revealed its weaknesses throughout the past years.
As pointed out by both experts and advanced users, one of LinkedIn’s primary mistakes – not salting the passwords when the 2012 data breach was disclosed. What does salting mean? Adding “salt” to a password means adding random buffer bits to the encrypted data, making it harder to crack.
LeakedSource has already released a list of passwords that they succeeded to crack. They even published the top 49 most used passwords. It’s obvious that the frequency of data breaches hasn’t improved users’ password habits. Among the top passwords are “combinations” such as “123456”, “12345678”, and obvious choices like “linkedin”, “qwerty” and “password”.
Here’s the full list of released passwords:
In addition, LinkedIn has made a statement saying that:
We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts.
What should I Do to Secure My Passwords?
Option 1: Use a Password Manager
The average password manager would install itself as a browser plug-in and take care of password capture.
How will it work? When you log in to a secure website (HTTPS), the password manager would offer to save your logins. When you come back to that page, the manager will automatically fill in your credentials, and sometimes web forms. Most password managers offer a browser-toolbar menu of all saved logins to make it easier to log in to saved sites.
However, password managers are applications, and applications can be hacked as well. Nothing is completely secure nowadays. So we get to option 2.
Option 2: Improve Your Habits
Perhaps the best way to secure your passwords is the most obvious one – change your passwords frequently and use combinations of letters, numbers, symbols, and upper cases. Complex and long passwords make it difficult for attackers to carry out bruteforcing attacks.
Also, if your credentials have been compromised in a data breach, don’t recycle your old password. Make sure to create brand new passwords, following the tips above. You can check your passwords’ strenght via websites such as PasswordMeter.