Now that Linkedin has confirmed that there has been a security compromise in some of their user’s passwords, most security experts are advising that you change your LinkedIn password immediately. But can this security compromise affect your other accounts? Though it’s doubtful, it has caused this writer to change several passwords aside from Linkedin.
We’re always told that whenever we create a password, we should create a unique password for every account, and we should never write it down. As wonderful as that sounds in theory, it’s not very practical for those of us with a large number of accounts. What I do instead is keep a PGP-encrypted file with a list of my passwords in it. I realize this isn’t the most optimal way to keep track of passwords, but I’m also realistic that I’d never be able to remember over 200 strong, unique passwords.
So this leads us to today’s news that LinkedIn has suffered the compromise of over 6 million passwords. It’s certainly easy to go in and change your LinkedIn password, which I did as soon as I heard the news. But what about those people who use the same username and password for multiple accounts? It’s not unusual for a person to use the same username and password across several online accounts, simply for easy of memorization. So if my email address and password were stolen from LinkedIn and appear together, that could potentially mean all of my accounts with that password may be compromised.
If a hacker gets access to the username and password you used to LinkedIn, what would prevent him from trying that same combination on Google, Facebook, or Twitter?
I suggest changing the password for any online account which uses the same username and password as you used for LinkedIn.
Filed under: Scams & Deception