Managing Passwords After the LinkedIn Breach

By Ryan L, Steve G and Ted G

By now, you probably know that the passwords of millions of LinkedIn and eHarmony users were stolen and published recently.

Even if you already changed your LinkedIn password, thieves could hack into any of your online accounts where you had used the same password as you had for LinkedIn. A lot of people do that because it's difficult to remember so many login names and passwords.

You can get around that problem by creating different passwords for your various account and then store all of them in one password-protected file on your computer. Then you really only have to remember one password.

Why Use Different and Long Passwords?

Password security is one of the most important and overlooked aspects of network security today, and one of the easiest for thieves to exploit.

Even if you have the latest security updates on every computer in your network, the use of short (for example, 6-letter) or obvious passwords puts your business or personal life in jeopardy. You compound that problem when you use the same, or even similar, passwords for all of your online accounts. A would-be thief can easily and quickly guess a different two-digit number at the end of your password.

While this may seem obvious, people still use weak passwords all of the time! According to this article posted on ArsTechnica, every entry from a list of the 25 worst passwords of 2011 were still being used on LinkedIn.

The following are some guidelines to help you protect yourself online.

Good Password Design

The longer your password is, the longer it would take for a thief to crack it. It's like the combination on a bank's vault. The more numbers there are in the combination, the longer it would take someone to open the vault. And the time it takes grows exponentially with each additional character.

At least 10 Characters

Without getting into too many details, 10 characters is considered to be a good length today. If you go from 8 to 10 characters (only using letters and numbers), there are 4,000 times the number, almost a quintillion, possible passwords! Add in symbols and it's even more.

Mix Cases, Numbers and Symbols

Make sure that you mix upper and lower-case letters, numbers, and symbols, in all of your passwords. You can also use numbers that look like letters. For example:

  • 1 instead of l
  • 3 instead of E
  • 5 instead of s
  • 6 instead of b
That makes passwords harder to crack using brute-force techniques and it limits the effectiveness of dictionary attacks, where the thief tries known words.

Don't just use common words with numbers or symbols as a substitute for letters (for example: pa$$w0rd). Those are fairly easy to crack.

For a more detailed discussion about password strength Wikipedia has a good article.

Unique for Each Account

You should use a unique password for EVERY login that you have on the internet. As demonstrated with the LinkedIn breach, if you use one password for all of your accounts, hackers can also guess your username (probably the same between all accounts as well!) and gain access to your private data.

Store Your Passwords in a Protected File*

It's difficult to remember passwords for every single account you use, let alone long passwords with a mix of letters, number and symbols. It also takes longer to type each one.

You can get around this problem by storing all of your passwords in one safe, encrypted, password-protected file on your computer. Then you can copy and paste your username/password for each account.

Microsoft Word

If you have Microsoft Word, you can easily encrypt and password protect all of your passwords. Simply type the username and password for each account on a separate line in a Word document, and then save the file with a password.

Remember the password for your Word document. If you forget it, you can never open the file. Microsoft can't even help you.

Here's how to save a Word document with a password:

  • Open or create the password file you want to encrypt.
    • On each line, you can type the URL of the site, followed by your login name and then your password. Follow current guidelines for safe passwords.
    • Save the file with a password. How you do that varies a little with the last few versions of Word.
  • Word 2007-2010
    1. Click the Open Office button (2007) or the File tab (2010).
    2. Click Info button, then press Protect Document and then Encrypt with Password
    3. Enter a password in the "Password" box. See above for guidelines on choosing a password.
    4. Press [Ok]
    5. Confirm the password by entering it again in the Reenter Password box (this helps prevent misspelling it).
    6. Press [Ok]
  • Word 2003
    1. Open or create the password file you want to encrypt
    2. On the menu bar, click Tools > Options, then click the Security tab
    3. Press the Advanced button
    4. Select "RC4 Microsoft Enhanced Crypographic Provider 1.0" or one of the choices below it.
      Do not choose the default "Office 97/2000 Compatible" selection. Also, note that the default key length should then be 128.
    5. Press OK.
    6. Enter a password in the "Password to Open" box. See above for guidelines on choosing a password.
    7. Press [Ok]
    8. Confirm the password by entering it again (this helps prevent misspelling it).
  • Your file is now encrypted. You will have to enter the password each time you open it before you can view it.

When you want to log in to an account and can't remember your login information, simply open the Word document you created (above) with the one password you need to remember; and then copy and paste your username or password into the login page.

Keep the Word document up to date. Every time you open a new online account or change a password, put the new information in your Word file and save it again, password protected of course. You should also keep a backup copy of the password-protected Word file somewhere safe.

If You Don't Have Word

This is a good technique because most users these days have a fairly recent version of Word. For those who don't, or for those of you who prefer a more robust solution, there are a few tools known as Password Lockers that you can use to manage your passwords. Here are two of them:

Each tool has many different features, one of them being a secure password generator. More information about both can be found at their respective websites. Make sure you backup your data (password protected, of course).

Conclusion

We hope this has been useful for you. Complex passwords are a necessity today, Problems like the one LinkedIn experienced could become more and more commonplace, as the skill of hackers and the power of computers make trivial passwords more and more of a risk for you or your business.


The various software products and services mentioned in this article are the property of their respective owners; and no endorsement by their owners is implied or should be inferred.

*This article is for informational purposes only. Nothing in it is intended to be an endorsement of the software products, companies, web sites, etc. discussed or a guarantee that software or security measures will work as described. You should always verify for yourself that software is safe and does not contain malware before using it.