LinkedIn Posts Update on Password Breach

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
We reported Thursday about LinkedIn’s security breach on Wednesday and six million user passwords being taken from the site. The passwords were later found published on a Russian website. The FBI is investigating the breach, but no information on how access was gained or who was responsible has been forthcoming. LinkedIn posted an update on Saturday answering the most common concerns of its members.

In this post, we want to address questions we’ve been receiving and share what we’ve learned so far about the incident, how we’ve responded, and what we’re doing to protect our members going forward.
Click to expand...
 
Sounds to me like someone got access to a bunch of hardware, I'm guessing through a con job or something like that.
 
I still think they took a long time before telling everyone that this happened. It was on every news site, yet they didn't hurry and report to everyone that it did happened and they are working on investigating.
 
So the slashdot article today was eye opening for me if nothing else. Basically some guy proved how easy it is to get millions of passwords just by using a dictionary attack and then applying "rules." He got some pretty weird looking passwords - but because they were based on a word, they were compromised. For example - stuff like lstl!nk3d.!n2 would get nabbed because it's a variant of linked in.

My problem with this is that he's essentially saying you HAVE to use something that generates and stores random passwords (say lastpass). If you don't, then you're forced to come up with something that you can remember. This means words, modified by "rules" - numbers and symbols attached to it. And he basically proved that strategy doesn't work.

What about my current strategy of using obscure model numbers of things I like, and then modifying them? Is this safe or just as stupid as making a password "!pa$$w0rd"? The thought of having to look up a password every single darn time I want to log into something just kills me. Nevermind that every website has different damn rules - some don't allow special characters, some can't be longer than a certain amount, etc. The whole thing is annoying and makes me want to /ragequit the internet lol

There has to be an easier way...
 
Speaking of passwords, does anyone know a good multi-platform cloud syncing free password manager?
 
wiseoracle said:
Chrome does a good job. If you link it to your gmail, it will sync your passwords and bookmarks for you.
Click to expand...

Are they viewable in some way? Chrome saves them I know, but i didnt know it had an actual manager to it.
 
You must log in or register to reply here.
Back
Top