In the last month, the 2012 LinkedIn security breach resurfaced when news broke that the 164 million stolen records were for sale on a dark-web marketplace. The records were confirmed legitimate and an almost 25-times increase from the initial claim of 6.46 million records. LinkedIn is the most popular business-oriented social networking service and professional networking website in the United States, ranking in the top 20 globally by analytic provider Alexa.
Telecom Listings takes security very seriously, so we’ve put together this guide to help your Internet security initiative.
2012 LinkedIn Account Security Breach
- 2012, June 6 – An Update On LinkedIn Member Passwords Compromised (LinkedIn Official Blog): https://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised
- 2016, May 18 – Protecting Our Members (LinkedIn Official Blog): https://blog.linkedin.com/2016/05/18/protecting-our-members
- Have I Been Pwned? is a breach notification site. Enter emails and usernames that you’ve registered on various websites to learn if you’re a victim in their database. https://haveibeenpwned.com/
It cannot be said enough: PASSWORD STRENGTH IS IMPORTANT. 76% of data breaches are caused by weak passwords, according to a CIO report. If you have a LinkedIn account and haven’t changed your password since 2012, do it now.
Leaked Source, a collaboration of data found online in the form of a search engine, posted the top 49 passwords that were listed in the LinkedIn breach.
Microsoft has a list of banned passwords that accounts cannot use that’s updated in response to major breaches, protecting users from being an easy target.
Pros & Cons of Tips for a Strong Password
We all just want to be as secure as possible in the World Wide Web and reduce our chances of being hacked. Blogs and websites provide advice on the keys of password security, usually contradicting one another as a result. Telecom Listings isn’t going to tell you what to do and what not to do – but, we will tell you the common topics and compare their arguments so you can have insight for your own conclusion.
Frequently update passwords
- Pro: Even if hackers obtain your password, it will become useless once you change it.
- Con: Even if hackers obtain your password, they can immediately change it before you have the chance. Plus, you’re more likely to forget passwords by routinely changing them.
Unique passwords for different websites
- Pro: Prevents hackers from easily accessing all of your online accounts if you use one or a few passwords.
- Con: Depending on how many accounts you’ve registered for, creating a unique password for every single account and remembering each one can be difficult.
Passwords with C#@ra(+3r$!
- Pro: Adding numbers, characters, and symbols increase the possible combinations and decrease the simplicity of 123456 or passw0rd. Some people use online password generators, which is okay because the website doesn’t know how or if you use it.
- Con: Complex passwords are so unusual that they’re often saved elsewhere, listed in word processor or spreadsheet document.
The Pro these “tips” share: Password strength. Password cracking and brute-force attacks are less effective and more difficult with a variety of strong passwords compared to any use of abc123, password1, and 654321.
The Con these “tips” share: Password inventory. The more you update your passwords… The more passwords you have… The more creative and bizarre your passwords are… The less likely you’ll remember them. To overcome this obstacle, people store their credentials in a word processor or spreadsheet document. One intrusion and those passwords lose the security they were meant to keep.
Suggestions for Creating a Strong Password
In an effort to rid the world of weak passwords, we hope you get inspired for a new password beyond consecutive letters and numbers. You can always use a mixture if your ideas are on the shorter side, such as LeoTea or BlueCher. Again, Telecom Listings cannot promise and will not guarantee that these ideas will prevent anything; we simply want to discourage the use of the top 49 passwords.
- Use a family member or friend instead of yourself
- Astrological sign or Zodiac symbol
- Beverage, flavor, or scent
- Color or pattern
- Last name of: actor, artist, athlete, author, designer, fictional character
- Use dates that you shouldn’t forget but always do
- Phone number digits (first three; last four; area code of another city)
- Enter at the beginning (0229abc instead of abc0229) or in the middle (Leo0229Tea)
- Bookend dates (02abc29 for February 29)
You can only do so much, so do what you can
The Reality: If a hacker wants LinkedIn’s database and succeeds, you can’t prevent it because the servers and information belong to LinkedIn. What you can prevent is your own servers, database, and information.