Change your LinkedIn password

[Nutcase]

I'm probably jinxing myself here, but I've had the same password (or variation of if the site insists on certain rules) since 1989 and to the best of my knowledge it's never been hacked/guessed/whatever...

[Fayshun]

Quote:

Originally Posted by Nutcase

I'm probably jinxing myself here, but I've had the same password (or variation of if the site insists on certain rules) since 1989 and to the best of my knowledge it's never been hacked/guessed/whatever...Posted by Faysh from Nutcase's account.

[Nutcase]

[Kitten]

Quote:

Originally Posted by LeperousDust

Saying that most users don't take password security seriously either *sigh*...

I think it's also partially down to silly rules on certain sites that say must be a 'Memorable' 10-12 letters/characters, involve 1 capital letter, 3 symbols, 3 numbers, a hat reference and the 3rd letter of your milkman's cat's name. And you must not write it down. So, to meet all of that criteria, and keep your password different for every single site, you'd have to be frickin' Rainman to manage it.

I think they got my password, they've changed my years of work at my previous company from June 2001 to July 2001. Devastated.

[Blighter]

Quote:

Originally Posted by Kitten

I think it's also partially down to silly rules on certain sites that say must be a 'Memorable' 10-12 letters/characters, involve 1 capital letter, 3 symbols, 3 numbers, a hat reference and the 3rd letter of your milkman's cat's name. And you must not write it down. So, to meet all of that criteria, and keep your password different for every single site, you'd have to be frickin' Rainman to manage it.

I think they got my password, they've changed my years of work at my previous company from June 2001 to July 2001. Devastated.

Just have one password that contains a capital letter, symbol and number and you can use it everywhere. It's amazing how easy passwords that are just dictionary words are easy to crack.

[Belmit]

I use song titles and the year that song was released to create passwords. From that I can instantly recall the password by associating a particular song to a particular website. Works well, until my itunes account gets hacked I guess.

[Stan_Lite]

Quote:

Originally Posted by Belmit

I use song titles and the year that song was released to create passwords. From that I can instantly recall the password by associating a particular song to a particular website. Works well, until my itunes account gets hacked I guess.

That sounds like a good idea. Not as secure as a randomly generated password with letters, numbers and symbols but a damn sight better than 'password' or '1234567890'.

I might adopt that (or a similar) system for myself - much better than my current system.

[Kitten]

Quote:

Originally Posted by Blighter

Just have one password that contains a capital letter, symbol and number and you can use it everywhere. It's amazing how easy passwords that are just dictionary words are easy to crack.

Hah, not with my memory, assuming the number is different everytime? I spend more time having to recover 'secure' passwords than anything else because I've changed a number and can't remember which site has which number assigned to it.

Belmit, I used that - used the first letter of each word of the song, followed by a year with a symbol on either end. Always had a mix of capitals, numbers & symbols. Still didn't work, by the time it rolled around for me to use non-regular websites, I'd forgotten them all. I've basically resorted to abusive words/phrases recently as it's either a system, that can usually be easily cracked depending on the site you've used it for, or completely random, in which case, I forget.

[leowyatt]

I saw this on twitter before and probably explains how the passwords were retrieved.

[Garp]

Quote:

Originally Posted by Blighter

Just have one password that contains a capital letter, symbol and number and you can use it everywhere. It's amazing how easy passwords that are just dictionary words are easy to crack.

I'm sorry, but that's extremely bad advice. The only safe way is one password per site.

What you're talking about is still vulnerable to brute force has cracking, something that is getting easier and easier as GPUs and CPUs become more powerful. Worse you're entirely gambling on the security precautions of the site. The eHarmony dump of passwords, for example, was relying on straight MD5 hashing which is ludicrously cheap computationally and extremely vulnerable to straight brute force. A number of sites are even stupider and keep passwords in plain text, even ones that should know better.

Yes it's a pain in the arse to keep a separate password per site, but it's the only way to be even remotely safe. Quite franlkly you should operate on the assumption that every website you use IS going to get hacked, and that people will get your password from the site that way. If you use one password, regardless of how secure it is and someone gets it because a website is stupid, that's it. Game over, your entire online identity is compromised. You can use tools like 1password, or keypass to help, and they're cross platform & browser.

Also use a random password generator, most of these tools include them. The longer the password the better.

If you want to be extremely paranoid, use a combination of something like PasswordSafe (http://passwordsafe.sourceforge.net/) for storing passwords securely in an encrypted file, and SpiderOak (https://spideroak.com/) for encrypted file sharing where only you hold the decryption key.