Wall Street Journal reports security breach against LinkedIn passwords

[Tom Buskey]

On Thu, Jun 7, 2012 at 8:36 AM, Brian St. Pierre <brian at bstpierre.org>wrote:

> On 06/07/2012 07:33 AM, Lloyd Kvam wrote:
> > Today's WSJ reported in the Digits column that encrypted LinkedIN
> > passwords had been leaked.  Decryption efforts have been successful
> > against some subset of these passwords.
> >
> > I was disappointed to see no acknowledgement on the LinkIn site.  (I
> > just found it buried in the clutter.  Its a link to CBS news??)
>
> Bottom line: go change your LinkedIn password right now.
>
>
This kind of thing will happen again.  It's important to use different
passwords for each site/account you have.  I recommend using a "password
safe" of some sort with long, random passwords.  If you must, a card in
your wallet will work unless you lose your wallet often.

There are rainbow tables out there with every combination of 8 character
passwords.  You type in the hash & it spits back the password that
generated it.

I use KeypassX.  It runs on Linux, Windows, Macintosh, iphone, android and
there's a blackberry app that gives read only access.

If you're a Google user, there's a 2 factor system called Google
Authenticator.  It's like the RSA SecureID with an app that runs on all of
the above.  It can also use SMS or even call your phone and read the number
to you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20120607/fa7f91d5/attachment.html