GirlsGuideTo | Daily Distraction: How to Check if Your LinkedIn Password Was Stolen

Worried that your LinkedIn password may be a part of the nearly 6.5 million compromised on Wednesday? There’s an easy way to check. Password management firm LastPass has released a secure tool to see if your password was among the stolen.

Here’s the deal: A Russian hacker said he stole 6,458,020 encrypted LinkedIn passwords and posted them online (without usernames) to prove his feat. Do we thing he has a big ego, or what?

LinkedIn confirmed that some passwords had become compromised and said it would contact affected users with details on how to change their password. Although usernames associated with the passwords were not released, the passwords themselves will surely be used to help reverse-engineer other cryptography systems. Remember, they were posted…so anyone and everyone has access to them.

In other words — if you’re a LinkedIn user, no matter how strong your password seemed — it’s a good idea to go ahead and change it.

How This Works
If you’re a cynical web user when it comes to privacy and security — of course you are, right? — then you’re probably asking yourself whether or not a site where you type in your password to see if it’s been compromised could possibly be legit. But the folks at LastPass ensure that the tool is safe and does not store passwords.

Here’s how it works: After typing your LinkedIn password into LastPass’s tool, the service computes its SHA-1 hash and sends the result to LastPass.com. I don’t know what that means, but I assume it’s some sort of algorithm or something like that. It then searches the list of 6.5 million leaked password hashes.

The “hashes” are not stored on servers. LastPass only does the check and then deletes it.

If your password is among the millions stolen, you should not only change it as soon as possible but also update other accounts you have that use the same password.

Here’s how to make a super-strong new password!
1. Do not use words or phrases that have personal significance.

2. Mix letters, numbers and symbols, and use case sensitivity (upper and lower case letters). This mixture is known as "pseudo-random alpha-numeric combination"; using this, it is almost impossible to "crack" somebody's password. (i.e. instead of "password," try "pAsS34%(6*2woRd," etc.)

3. Find a good way to remember. A good way to do this is to choose the first letters of a sentence that you will remember. e.g. "I have 2 dogs called Rover and Fido" gives: Ih2dcRaF

Use punctuation to your advantage. To incorporate a colon into the previous example, remember the sentence as "I have 2 dogs: Rover and Fido", which would give: Ih2d:RaF

4. Try to memorize the password, and avoid writing it down. Somebody could very easily find the slip of paper that the password is written on.

5. The longer the better. Don't make a password that's less than 6 characters. Anything less can be cracked from brute force software.

6. Take the street you grew up on, and your first pet/something hard to guess from your past, put a number sign in between, substitute some letters for numbers, and, voila! A great password. For example: Bill grew up on Ocean Avenue, and his first pet was Rocky. His password would be: 0c3an#r0cky You can add random capitals to make it more secure.

7. Do not use the same password for everything. If someone finds this password, they would have access to everything. At the very least, make at least one password for sensitive things (i.e. online banking, etc.) and one for everything else (AIM, email, etc.). Here is an example:

Let us suppose you have 5 email accounts, 3 operating system passwords, 3 bank accounts (each with user name, password, extra security pin), 10 internet forum user/passes, 1 cellular phone (uses 2 to 4 pins). (If you are a programmer or db administrator, multiply the total by 3). Say for each of these, you chose a variation of "pAsS34%(6*2woRd,". Try to memorize 20 of those gibberish sequences! It's quite difficult, but if you make your sentences relevant to each situation, it will be easier - for example, for banking, your sentence could be "I want to have 1 million pounds every day" (Iw2h1m£ed), and for your emails it could be "I hope no one reads my emails or hacks in!" (Ihn1rmeohi!).

Use something you see whenever you need this password to generate the password. Federal Security Bank might lead to FsBmA3456.

Use a telephone keypad or 10 character phrase (i.e. blackstump) to encode numbers as letters or vice versa.

8. One other way is to use a word, for example, wikihow, and move your fingers up one row on the keyboard. Wikihow becomes 28i8y92.

9. One more way is to create a random syntax (eg. 2 numbers, 5 letters, 1 punctuation mark and 2 more numbers) and randomly populate it with the characters you have said - 94IdmTg;66 could be a password created in this way. The downside of this method is that it is often difficult for most people to memorize passwords created in this way, but if you use it often enough it should become easier over time. This method is only really useful if you believe other people may overhear/attempt to find out your password, as computers will not find such a password any harder to crack than a password holding some meaning!

{Tips from WikiHow}