It’s all over the web today… Something like 6.5 million LinkedIn passwords “may be” in the hands of Russian attackers.
Their advice is to change your password, and our’s is, if you are using the same login/password on multiple sites, then change all of those passwords too.
Corey Nachreiner over at our firewall security partner, WatchGuard, suggests the following actions:
- Change your password(s) after a security breach – If a site you use ever has a security breach where attackers gain access to passwords (hashed or not), change your password immediately.
- Use strong passwords – I believe passwords should be greater than 10 characters. One easy way you can create long passwords, with enough entropy, is by using passphrases, or more specifically something I call pass-sentences. WatchGuard’s Bud Logs In video talks about these concepts in more detail (and is good for basic end users).
- Use different passphrases on different web sites – This is crucial aspect of password security, especially when considering these types of web breaches. If you, like most people, use the same password for many different web sites, attacker could be able to gain access to all those accounts. If you have been using the same password everywhere, you should change it to a different password on every site. That said, many people find this advice hard to implement in practice; which brings me to the next tip…
- Leverage password vault software – Password vaults make it easier for you to manage multiple passwords securely. They are not perfect. If you use multiple machines and OSs, you may have trouble finding password management software that meets all your needs. Plus, password vaults become a single point of potential failure, as they almost literally store all the keys to your kingdom. It’s extremely important to use secure password vaults, and protect them. That said, they offer the only practical solution to managing multiple passwords today. This article suggests a few good ones to use (I have used 1password myself).
— Corey Nachreiner, CISSP (@SecAdept)
If you need assistance with password policies, password vault software or any other computer or network security related matter in the Greenville or Upstate, SC area, please call us at 864.990.4748 or use the CONTACT form above.