LinkedIn woes put spotlight on password flaws

Here's the problem: Passwords may be the most imperfect security measure around, but it's tough to nudge out a practice that has been around for decades.

The years change, but the stories remain the same. Passwords are a crappy defense and most of us use poor ones in exchange for ease of use.

Scads of LinkedIn users have had their passwords stolen. Phishing attacks ensued to prey on LinkedIn users. Now eHarmony has had issues. Passwords are regularly swiped from Web mail accounts.

The problem: Passwords may be the most imperfect security measure around. Most users don't want to sacrifice usability for a good password.

Sure, there are encryption techniques, two-factor authentication and other enhanced security measures. The reality is that most of us stick with a password we may or may not remember.

LinkedIn stated the obvious on a blog about its password issues:

Our security team continues to investigate this morning's reports of stolen passwords. At this time, we're still unable to confirm that any security breach has occurred. You can stay informed of our progress by following us on Twitter @LinkedIn and @LinkedInNews.

While our investigation continues, we thought it would be a good idea to remind our members that one of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites. Use this as an opportunity to review all of your account settings on LinkedIn and on other sites too. Remember, no matter what website you're on, it's important for you to make sure that you protect your account security and privacy.

LinkedIn sounds like it has a handle on the issue. What LinkedIn can't control is whether a user goes from a password like "password" to something like "123456."

The password basics are well known:

  • Make your passwords eight or more characters;
  • Vary punctuation, symbols, letters and numbers;
  • Change passwords every three months;
  • Use different passwords for accounts.

That advice is obvious. But following those security practices also ensure that you won't remember your passwords.

In other words, passwords are imperfect. Users are even more imperfect. But we're stuck with them because no other security measure has gained critical mass on the consumer front.

This story originally appeared at ZDNet's Between the Lines under the headline "LinkedIn's security issue reveals obvious: Passwords, users always a weak link".

About the author

    Larry Dignan is editor in chief of ZDNet and editorial director of CNET's TechRepublic. He has covered the technology and financial-services industries since 1995.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    CNET's Christmas Gift Guide

    'Tis the season for a gadget upgrade

    Check out these 9 tablets you'll want to bring home for the holidays.