LinkedIn password hacking and password security

You probably heard about the LinkedIn password leak. Apparently 6.5 million passwords were hacked.

These were apparently hashes, but non-salted, making them less secure than salted passwords. They are not clear text passwords, but depending on your password it is conceivable that an exhaustive lookup can reveal the actual, legible password.

I don’t use my LinkedIn password at any of what I consider my “really important” sites (like bank accounts or credit cards) but I do use the same password at what I consider “less important” sites, like diet forums.

So I’m changing all my passwords that are the same as my LinkedIn one today and recommend everybody who uses LinkedIn do the same.

If you have trouble keeping track of different passwords, I recommend a utility like PasswordWallet (or 1Password) on the Mac to keep track of them. There are similar utilities available for Windows users.