How secure are our online logins?
You’ve probably heard about the LinkedIn password data breach. LinkedIn reports that approximately 6.5 million user passwords have been at least partially decoded and posted on hacker websites.
Partially decoded? Most companies encrypt and separate logins and passwords to prevent and minimize security breaches affecting user accounts. If my login is robin and my password is 1234 (1234 is purported to be the most common iPhone passcode key, and it is not a recommended password), that data is separated and encrypted. To oversimplify: Robin looks like ##### and is stored in one location, while 1234 is #### and is stored somewhere else.
According to the official message from LinkedIn, the password files were stolen and posted online, with the majority of the passwords still at least partially encrypted.
What does this mean for us?
Change your password now. Our accounts probably are safe, but our passwords may be at least partially uncoded. If this is a password we use for multiple accounts (LinkedIn, Facebook, Bank of America, etc.) all of those accounts just got a tad more vulnerable.
Following are suggested Do’s & Don’ts from MMI regarding our response to the LinkedIn password breach. #1 recommendation is change your password now.
IMPORTANT: Do’s & Don’ts for LinkedIn Response
- Don’t panic. Although password security was temporarily breached, most passwords were not fully decoded and according to LinkedIn, no email logins associated with the passwords were revealed. LinkedIn also says they have received no verified reports of unauthorized access to user accounts.
- Don’t click on url links in emails purporting to be from LinkedIn. While LinkedIn is contacting some users, most of us will not receive a legitimate email asking us to “click here” to reset our password. In general, emails asking us to click a link and update our user name and password are scams by thieves “phishing” for account access data.
- Do re-set your password.
- Do go directly to the site by typing in LinkedIn.com (Don’t click on a link provided by a third party).
- Do review overall password security – is your old LinkedIn password one you used for other accounts as well? We recommend updating any use of the old password.
- Do call us with any questions or concerns.
Don’t cancel your LinkedIn account simply because of this password breach. My personal assessment of LinkedIn is that it remains a valuable professional resource, and I hope LinkedIn will redouble its security protocols going forward.
One last thing: if your iPhone unlock passcode or debit card pin number is 1234 and this post has prompted you to change it, avoid replacing 1234 with 0000, 1111 or 9999. They’re on the Top Ten List, too.
Be safe out there, folks.