[LINK] Millions of LinkedIn passwords leaked online
Richard Chirgwin
rchirgwin at ozemail.com.au
Thu Jun 7 16:02:35 AEST 2012
I prefer the XKCD approach to passwords:
http://xkcd.com/936/
"Through 20 years of effort, we've successfully trained everyone to use
passwords that are hard for humans to remember, but easy for computers
to guess."
My passwords are usually:
1. 30 characters long
2. Unknown to Google as a phrase
3. A memorable (to me) phrase, that
4. Might (for eg) enumerate some characteristic of paintings I can see
from my desk.
GumnutsFiveAntsCuttingSunflowers
RC
On 7/06/12 9:38 AM, Glen Turner wrote:
> On 07/06/12 08:36, Dr Bob Jansen wrote:
>> Reports on the BBC indicated that the file was encrypted and placed on a hacker site and asking for assistance in decrypting it.
> Yep. SHA-1. But not salted so a rainbow table of passwords from past
> hacks can be used :-(
>
> Note that LinkedIn wanting to hold your password is the direct result of
> their strategy -- they want to be an authentication provider, not an
> authentication client.
>
> That is, you can't use a secure option, such as authentication token
> against a OpenID provider to authenticate login into LinkedIn. Rather
> you have to give LinkedIn a password, apparently following infeasible
> guidelines such as the one they released today:
>
> http://blog.linkedin.com/2012/06/06/updating-your-password-on-linkedin-and-other-account-security-best-practices/
>
More information about the Link
mailing list