Your SlideShare is downloading. ×
0
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
LinkedIn Breach: How to Make Your Passwords Stronger
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

LinkedIn Breach: How to Make Your Passwords Stronger

250

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
250
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. LINKEDIN BREACH:HOW TO MAKE YOUR PASSWORDS STRONGER
  • 2. Meet Sam2 Sam’s an up-and-comer who has active online accounts with his bank, credit issuers and social networking sites— including LinkedIn. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 3. Sam’s got a password problem3 Sam’s LinkedIn password was one of 6.5 million passwords posted on a Russian hackers’ website. His password was iAmSam. He used this password for his primary email and many other accounts. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 4. Sam’s not happy4 He reads on The Verge, a great source for tech news, that LinkedIn stored passwords as “unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but it is not foolproof if your password is simple and short. LinkedIn could have made the passwords more secure by ‘salting’ them.” Salt. Hash. Huh? © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 5. 5 Sam is confused What do passwords have to do with greasy diner food? © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 6. Sam does his homework6 He learns that many websites— including LinkedIn—encrypt passwords in an effort to protect them. The encrypted passwords are called hashes. The site stores the hashes on its servers instead of the passwords themselves. For example, a website could use an SHA-1 or Secure Hash Algorithm to convert iAmSam to c743bb2561f20745330122 dcc254abaf524e277d. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 7. 7 Sam learns why salt is good To make password hashes more secure, a system adds salt (or random characters) to the beginning of the password. Then it converts the new, salted password into a hash. So the iAmSam password would be salted to look like RoUTiAmSam, then hashed into ebc5047362323f1e29c1cb3d457594b1ca4ea2bc.© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 8. 8 LinkedIn didn’t add salt© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 9. How the hackers get in9 Hackers armed with your hashed password and username can: 1. Log in to your LinkedIn account 2. Lock you out 3. Spam your contacts When your contacts click on links in their spam email, they let the hackers in by downloading malware. This malicious software gives hackers access to their computers. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 10. Hackers love Sam10 Then the real trouble begins. Once they’re in your computer, hackers can gain access to your personally identifiable information, such as a birth date, look up your mother’s maiden name and launch serious identity theft. The real problem: Like so many people, Sam uses one password for most of his online accounts. Hackers love Sam because he used his LinkedIn password on his primary email account, so now they can access his email. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 11. 11 Sam’s password is his identity Sam’s email address is a key piece of his identity on the Internet. Often it is his username for an online account. Armed with his email address and password, hackers can enter his accounts, reset Sam’s passwords and gain control. To make matters worse, Sam saved copies of his printed identification—his passport and Social Security number—in his email account. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 12. 12 Sam’s vulnerable LinkedIn users are at greater risk for fraudbecause: 1. They have higher incomes. 2. Their profiles are meant to be viewed by strangers. 3. They are often lax with their privacy settings. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 13. Sam swings into action13 He follows these seven tips: 1. Change your password 2. Create a strong password 3. Make it even stronger 4. Use unique passwords 5. Consider a password solution 6. Alert others 7. Beef up security © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 14. Sam Smart greeneggsandham@smail.com14 1. Change your password Log in to your account. Go to settings and click on “Password Change.” © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 15. 15 2. Create a strong password It should be long. Think of a good quote or song and use the first letter in each word to make a long password. Sam uses a line from his favorite Dr. Seuss book. Quote: “You’re off to great places. Today is your day!” Password: yotgptiyd © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 16. 16 3. Make it even stronger Include numbers, upper- and lowercase letters, and symbols. For example, “3Dogz$$!” is better than “1006.” Or substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3” for “E”. Sam replaces the “o” with “0” and the “d” with “6.” Old password: yotgptiy6 New password: y0tgptiy6 © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 17. 17 4. Use unique passwords Avoid using the same password twice. If that old LinkedIn password is used on other websites, go to those sites and change the password immediately. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 18. 5. Consider a password manager18 Sam is annoyed. How will he remember his passwords? He checks out password managers like OneID, 1Password and KeePass. They make it easier for you to remember, manage and secure your passwords. Some are free. Others have monthly fees. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 19. 6. Alert others19 If your account is compromised, alert your contacts so they don’t become victims. Notify LinkedIn to regain control of your account or freeze it. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 20. 20 7. Beef up security • Sign out of website accounts after you use them. • Set your account information and privacy settings as tight as possible. • Keep your antivirus software up to date. • Don’t publically share personal information. • On social networks, only connect to people you know and trust. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 21. Sam is glad21 Now Sam uses strong, unique passwords for different online accounts. He feels good knowing he’s doing everything he can to protect his identity. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012
  • 22. 22 Be proactive If you suspect you’re a victim of identity theft, call your bank, credit union or insurer. They may offer identity theft protection. Or call Identity Theft 911 1-888-682-5911 Don’t be afraid to ask lots of questions. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 13, 2012

×