Are you worried about the recent hack?
Should you be?
And when you are done worrying about your account being hacked, then get ready for an even scarier thought.
Consider this quote from Tom's Hardware blog:
"Last year, a major security breach at RockYou.com resulted in the release of 32 million passwords. With such a large data set available, security firm Imperva Application Defense Center (ADC) analyzed and found that, when given the chance, most users will choose a simplistic password."
The most common password? Over 290 thousand users had the password "123456". Almost 62 thousand used the password "password".
I'm not a psychic, (which would make me tele-"pathetic") but I would guess that of the millions of passords on LinkedIn accounts, there were millions of other online accounts that used the same password.
You know we all do it. We create these "utility" passwords that we use in multiple online accounts. Being human, we generally gravitate toward the path of least hassle - and hassle in this case is remembering multiple passwords.
As we move toward tablet and mobility computing, many of those wonderful apps we download require us to create accounts. I'm guessing that many people reading this will use the same password for all of the accounts they use, as well as those apps we quit using. As a CIO who allows tablets and mobile devices on my network (ala bring your own technology), this IS an issue to address.
LinkedIn's recent unpleasantness is a great reminder to review our password policies, as well as an opportunity to educate our users around privacy and protection.
Let's start with passwords. Simply Google (or Bing) "creating easy to remember secure passwords" and you'll see a number of bloggers and sites that provide great ways to create strong passwords that you will actually remember but are really hard to guess. My very favourite advice article is from LifeHacker - Geek to Live: Choose (and remember) great passwords.
Secondly, as you create these online accounts, use a utility account from Live.com, GMail, etc. NEVER use your work email or personal email account. If the hackers get your email and password (as in LinkedIn's case) then the problem is isolated.
So why would I take the time and space to blog to a bunch of IT professionals about such rudimentary security issues? There's the old maxim about the Plumber's pipes, the Mechanic's car, etc being neglected and in disrepair since s/he was busy fixing everyone else's problems.
Let's hope they don't start a maxim about the CIO's network security.
UPDATE: The comic strip XKCD has come out with the ultimate password generator. See below: