The original LinkedIn hack dates back to 2012, but this new batch of data has only just been released. This means that many people who either didn’t know about the 2012 hack or assumed they hadn’t been affected by it are feeling the repercussions four years down the line.
Industry reports say that 90% percent of the passwords were cracked within 72 hours, and that some victims were still using the same password they’d been using in 2012.
The lesson? A reminder of password best practice wouldn’t go amiss for us all. So before you rush off to change your LinkedIn login, here’s advice from our head of third line IT support, Mohammed Shah, on what makes the perfect password:
Size does matter – password length is important. Make sure you use a mixture of letters, numbers and symbols when creating new passwords. Don’t just use ‘1234’ or ‘password’ – Microsoft is clamping down on easy to guess passwords following the LinkedIn hack, and it’s only a matter of time before others follow suit. The longer your password, the more secure it will be.
Change your passwords often – you should change your password on a regular basis to keep your accounts secure. Best practice says that changing passwords every 30 days or 60 days will make life much harder for would-be hackers.
Don’t rotate passwords – create a new one every time. A good system will use enforced password history, which means that old passwords can’t be re-used. This stops users from using the same password over and over again, but even when enforced password history isn’t in place, get into the habit of using something new instead of falling back on old favourites.
Don’t get personal - one of the most frustrating things about passwords is that you need to remember them. To make them easy to remember, the natural fall back for many of us is to use personal information. The trouble is, it’s very easy for hackers to obtain personal information about prospective targets, so you should avoid using it in your passwords. Steer clear of anything related to your name, nickname or the name of a family member or pet. And avoid easily recognisable numbers, such as your house number, phone number, address or other information that someone could guess by picking up your post.
If you’re worried about IT security, we can help. Contact us for more information.