LinkedIn is believed to have suffered a password hash breach (updated: LinkedIn has confirmed the breach), thanks to a forum post that quickly caught the attention of security researchers on Twitter and other social outlets. The posted archive contained a 270+ MB text file of SHA-1 hashes, and forum discussions suggested that it was related to the popular business-centric social site.
At the moment, little is known and speculation is running wild. LinkedIn has not finished investigating whether they have been breached, however many security pros are confirming for the media that the SHA-1 hashes of their passwords are found in the file. The file is constructed in a hash-per-line fashion, with no evident plaintext that suggests it is anything other than passwords (such as usernames, etc.). However, it’s possible that anyone gaining the original access to hashes had or has access to additional details.
I obtained a copy of the hash list, produced a SHA-1 hash of my old LinkedIn password, and did indeed find it in the list. I have also spot-checked several other hashes posted by security pros on Twitter, and have found them as well. Given the nature of my own password (16 random characters comprised of A-Z, a-z, and 0-9) the likelihood that my SHA-1 hash of my password (that was unique to LinkedIn) would be present in a file that did NOT come (at least in part) from a source that had access to hashes of LinkedIn passwords is statistically impossible.
Read More »
Tags: best practices, Breach, Hash, infosec, it security, linkedin, password breach, passwords, security, SHA-1
A password manager can encourage users to adopt unbreakable passwords
As users, we know that we should use complex, secure passwords that aren’t easily guessed words from the dictionary like ”admin” or personal dates to protect our systems. Nonsensical words and phrases that substitute digits and symbols for letters, such as ”45Monk3y t1m3 fun!,” are the most secure. But we also know how difficult it can be to create several unique, strong passwords—and even harder to remember them all.
To encourage employees to create passwords that are hard to crack but easily remembered and used, you can provide them with a password management system. Password management is both a standard company-wide policy for developing passwords, and, for many companies, a password manager application you add to your security arsenal as part of your small business security policy.
Read More »
Tags: passwords, password_management, security, small_business
Shore up your organization’s password security by following these easy guidelines
Dozens of times every day, your employees perform a simple, yet crucial, task: They enter their passwords to log in to their computers, your local network, and the Internet. Just a few brief keystrokes stand between your company’s network and cybercriminals, identity thieves, and disgruntled employees. Unless employees’ passwords are complex, they’re easily guessed by experienced attackers or by their password-breaking computers. Creating meaningful and secure passwords isn’t as difficult as many people think, and it’s critical to the security of your small business network.
Read More »
Tags: passwords, security, small_business, wireless