LinkedIn is the latest company to have it's data breached, and as six million account passwords flooded onto the internet, the real question becomes how to protect yourself and your company.
For starters, you should head to linkedin.com and change your own account password. Log in to your LinkedIn account, hover over your name in the top right corner, and click Settings. On the far left, under your email address, click the Change link for your password. Enter your old password, and then choose a new one and enter it twice into the popup window. Click the Change Password button and you're done.
But wait! Did you choose a good password? Is it a dictionary word, your anniversary, the names of your kids, or anything that someone could find by scrolling through your Facebook Timeline? What about a password you use on several different sites? If so, go back and change it again.
Unfortunately, the problem with passwords is that they're their own worst enemy. Every app, website and cloud service seems to require its own password. So rather than trying to remember 47 different passwords, you just pick one, and use it for everything. Easy…and incredibly insecure.
It might not seem that important to have a secure, complex password for a news site or web store that you shopped at one time, but when that same password protects your bank accounts, or your company's secure corporate networks, the problem is much bigger. Sure, your network has industrial strength data security practices, but what happens when someone gets your password from that flimsy web store…or even a big site like LinkedIn?
What you need to do is create unique passwords for each account. That way, even if a low-stakes account with lax security standards is compromised, your important, private data isn't also at risk.
The low-tech method
Remembering unique passwords for every account isn't realistic. But if you create passwords according to a system, you can have the best of both worlds—secure, unique passwords that are easy to recall when needed.
To start, think of a long sentence that will be the base of your passwords. Use something that you'll remember, but isn't easy for anyone to guess. If it's a bit nonsensical, all the better. For example, "My favorite Chicago-style pizza isn't from Chicago, it's from Paxti's in San Francisco." Now, shorten that sentence to MfChi-spifChiifPiSF. Pretty good, as far as passwords go. It's more secure than using your dog's name, and not much harder to remember.
To use that passphrase to create unique passwords for each site or account, add in a few extra letters related to the particular account. You could tack them onto the end, or mix them into your passphrase, so that your Amazon.com password becomes Am@MfChi-spifChiifPiSFzon (adding a number or symbol if you can is a good idea).
Using a passphrase system like this takes a bit of effort, but it pays off in secure passwords that you'll be able to recall when you need them.
The high-tech method
If using a passphrase to create passwords seems too complicated, you can take advantage of a wide variety of apps to help. One of our favorites is 1Password. It's available for iOS and Android devices, and syncs with Mac and Windows desktop versions of 1Password, so you'll have access to your stored passwords no matter what platforms you use.
1Password has a built-in Password Generator feature. Use it to create random complex passwords for every account you have. All of your passwords are stored securely in the 1Password, and can be retrieved when needed. It's simple and secure, but keep in mind that you're not entirely off the password hook.
1Password encrypts your passwords using a Master Password that you set the first time you use the app. And since that Master Password is the key to all your data, you're going to have to make it a good one. Make it long and difficult to guess (but easy to remember—see above), and don't use your Master Password for anything else.
In addition to usernames and passwords, 1Password can also store other important data like software license keys, credit card numbers, and bank account information.
Whether you take the high- or low-tech road to managing your passwords, it will be worth the effort in security and peace of mind. LinkedIn isn't the first—and certainly won't be the last company to suffer a data breach. Using strong, unique passwords for each of your accounts won't protect you from data theft entirely, but they will help contain the damage the next time some company's user data starts leaking all over the internet.