Hello IT in Canada Forum World,

As this is my inaugural post, I should take the time to introduce myself. My name is Kevin and I am just finishing up my first week as a staff writer here with IT in Canada and Channels Insider. Now onto the forum discussion...

Two days ago the LinkedIn Twitter account broke news of a security issue with this message:

"Our team is currently looking into reports of stolen passwords. Stay tuned for more."

They quickly followed up with this(blog.linkedin.com/2012/06/06/updating-yo...rity-best-practices/) blog post explaining that their security team was investigating reports of stolen LinkedIn passwords posted to a list on a hacker website - approximately 6.5 million's worth to be more specific.

With over 150 million registered users, that only represents a small percentage of LinkedIn's profiles... but 6.5 million accounts with leaked passwords is still a huge number and represents a major security concern.

The LinkedIn Blog posted this (blog.linkedin.com/2012/06/07/taking-step...protect-our-members/) update on the problem yesterday which states that "most of the passwords on the list appear to remain hashed and hard to decode" and that to the best of their knowledge " no email logins associated with the passwords have been published" nor has LinkedIn "received any verified reports of unauthorized access to any member’s account as a result of this event."

I think LinkedIn has done as best a job as they can in handling the situation, but it's still unnerving that such a thing could happen.

So did you change your LinkedIn password? What's your take on the whole situation forum world?

You should also take a look at these steps that LinkedIn suggests take to protect yourself:

- Make sure you update your password on LinkedIn (and any site that you visit on the Web) at least once every few months.
- Do not use the same password for multiple sites or accounts.
- Create a strong password for your account, one that includes letters, numbers, and other characters.
- Watch out for phishing emails and spam emails requesting personal or sensitive information.

Hi Kevin,

Welcome to It in Canada - nice inaugural post.

I know that in a perfect world, everyone would use strong, different passwords for all sites, and change each of them regularly.

I have 90 (yes, 90!!) sites that require user names and passwords that I have bothered to keep track of. That doesn't count the ones that I don't really care if I forget the password, so I didn't bother to record them.

I can't create strong, unique passwords for 90 sites, and change them regularly to new strong, unique passwords. Not practical. And I don't feel like managing additional hardware, so I don't want to get a password vault. Especially since its failure would really leave me up the proverbial creek.

I expect that there are many people like me, with far too many secure site user names and passwords to maintain them properly.

So here's to another day of russian roulette with my user information. That being said, I think I will take the time to update my linked-in password

All the best,
Cheryl

Having written extensively on this topic, including in my first book (it's outdated so don't buy it), I'm unwilling to write much more on this topic.

It's like eating and exercise -- everybody knows what to do. Only about 4% (using Pareto and figuring 20% of 20%) actually do it, so there's no point preaching.

Cheryl, check out passwordsafe
sourceforge.net/projects/passwordsafe/

While I haven't used it, nor do I know the author, I've corresponded with him a couple of times, and I read his blog and newsletter. He's the real deal when it comes to security and privacy. FWIW he also invented one of the better algorithms used to encrypt data.

Wow I thought I had it bad trying to remember passwords for small set of email accounts, social media websites and things like online banking (maybe a dozen or two dozen password protected sites at most)... but 90! That's quite a few and I can completely understand your reasoning behind not keeping 90 separate, secure passwords and changing them every few months.

Dave is completely right, everyone knows what they SHOULD do in terms of keeping a variety of safe and strong passwords, but I am definitely not part of that 4% that actually exercises exemplary password practices.

I guess the vast majority of us are just a little lazy or we haven't had an experience - like getting hacked - that has woken us up to the importance of changing and maintaining our passwords the way we should be. (But you'll be kicking yourself one day when someone gets ahold of your one password and then gets access to a host of your accounts)

That 'passwordsafe' program looks really neat and maybe that's the right solution. If you get it though, you just have to make sure you remember your password to your password safe!

Always interesting discussions on this forum and yes, I changed my password.

The question I have is this ... is "James12345" a good choice

I heard "abc123" was quite good ...

If those don't do the trick then 'password' is always a good go-to...