Given the confirmation by LinkedIn yesterday that their account information has been compromised we are recommending to all of our clients that they change their password ASAP. And furthermore, any other sites where they may have used this password should be changed as well.
Our partners over at ClearTech Solutions put together a wonderful blog post on this topic and password management in general.
Here’s a snippet:
According to this report 6.4 million user passwords out of approximately 150 million total users have been leaked to the web in encrypted form. Please note that the encryption can be and is being cracked as I type. The simpler the password the faster it will be decrypted.
- If the password is in a dictionary consider it already decrypted
- If the password is a dictionary word but spelled backward consider it already decrypted
- If the password is a dictionary word with one or two numbers at the beginning or end then it has probably been decrypted
Password management is a miserable fact of today’s connected life. My personal password rules are as follows:
Where a website will let me I like to use a nonsensical English language phrase composed only of lower case letters. There are only three stipulations:
- Must be composed of at least 4 different words
- Length must be at least 16 characters (mine are usually longer)
- The phrase must not be found in any quotes or books (i.e. it is not searchable)
Source: ClearTech Solutions