WIth today’s (alleged) password breach of LinkedIn, it made me think to change some passwords. Why? Because I had a few accounts that use the same passwords. Yes, I know that’s bad. But they were “unimportant” to me at the time I was checking them out, but later they because more important and yet I still had a week password.
If you don’t know why it’s bad here’s why: Now that they’ve got your login and password, the bad guys are going to start plugging in that password into every computer system out there (Facebook, Amazon, Google, the USPS, Twitter, etc.) and knowing many of you, they’re probably all the same. Some variation doesn’t count, having your google password is gary1234google means someone’s probably going to guess for Facebook it’s gary1234facebook. There are computers out there trying to guess your password all day long, I promise you.
A few of the sites I could log into, but couldn’t find where to change my password. So I logged out and clicked “I forgot my password” and it sent information to my e-mail account on how to reset the password.
They’ve mentioned it’s only a small number of the passwords stolen (6 million), it’s assumed the other 150 million users were also compromised, they just had easier passwords to crack. They also believe that a bunch of eHarmony passwords were breached also, because many of the passwords consisted of the words “harmony” or eHarmony”. I think most of this is done for money, but do you really want some bored hacker posting your eHarmony information to your LinkedIn profile?
To clarify about my accounts, most of my accounts that deal with money all have unique passwords (and unique logins) the same goes for my places that I shop. But a few older accounts still had some older shorter passwords. Does it matter to me if someone hacks those passwords? Maybe not, but still I want my Flicker photos right where I put them.
With a site like “www.HowSecureIsMyPassword.net” you can punch in some passwords and it’ll tell you how long they might take to hack. FYI, most 8 character (letter and numbers) are about 3 hours. Try it, you don’t have to give them your password (if you don’t trust it), if you use a word, year or name, just try a different name and year, just so you can see (how many minutes or seconds it takes).
Also, keep in mind if someone has access to your e-mail, they can have your password reset at many sites and have the change password information sent to the compromised e-mail (that someone else has access). Some sites are smart, Ticketmaster when resetting your password, also deletes your credit card information.
Back to my passwords: Keep in mind some sites the function changes. Maybe when I created that password at the Post Office or FedEx, I just used it for tracking alerts or vacation holds. But now they might let me purchase postage or other things that I just couldn’t buy when I set it up with a non-complicated example.
And I know some people don’t worry about shopping accounts, because they don’t keep their credit card information on-line. But all your receipts are in there, you might want that someday (and where you had all that stuff sent). What if you sign up for that Amazon card with the $50 bonus and it automatically puts it into your account?
And when your computer remembers passwords for you, that’s great, but who else uses your computer? You trust them, but do you trust they won’t download a virus or something that will steal that information? What happens if you lose that computer or it’s stolen?
Personally, I keep passwords on my computer just to wake it up from sleep mode. Passwords on my iPhone (10 tries and it deletes all the data on it). I even keep a password on my Kindle, why? Because I occasionally check my mail or access my Amazon account on it.
I was surprised that some of the apps on my phone didn’t need new passwords. They had already authenticated to the other accounts so many seemed okay. I’m not sure I liked that…