There is a big hubbub in the social space about the recent, shall we say, “issues” that LinkedIn has had holding on to their user passwords. This came on the heels of the news that the popular music sharing site last.fm had a similar password problem and suddenly people everywhere were tossing around terms like salt and hash in everyday conversation.
Many people were a bit confused as to what all the fuss was about. After all, somebody getting access to your LinkedIn password may not seem like the worst thing in the world.
The problem stems from the fact that entirely too many users likely have a common issue; they use the same password for everything. Their LinkedIn password is their online banking password, is their credit card password, and so on. Sure, your bank has a serious responsibility to keep your information safe, but when you take that password and give it to a site that has a much more lax security policy as opposed to your bank, you’ve neutralized all the work your bank has done to keep that password safe.
So what can you do to keep your passwords safe? The first thing you can do is use separate passwords for every site you frequent. It may be inconvenient, but it’s also the best way to avoid crossover should one site become compromised. There are services like RoboForm that will keep all your passwords for you and fill in your login forms so you don’t have to remember all those passwords.
Also make sure that you are not using common words as passwords. These are the most simple kinds of passwords to crack. Use a combination of uppercase and lowercase letters, numbers and symbols. Once you’ve got a good secure password, the next step to keeping it safe is throwing it away. That’s right — every six months (at least!) toss that password out and create a new one. Keeping your passwords moving makes them harder targets to hit.
Keep these simple steps in mind and keep your information safe online; and seriously, don’t use “password1.”