That's a little disappointing — not only because LinkedIn could be doing more to help its users — but also because many users (alas, I am among them) use the same password on multiple sites.
It's stupid, it's wrong, and it's insecure, but we're human. And, as VentureBeat's own Sean Ludwig recently posted, when it comes to passwords we are all idiots.
So here's how to check if your LinkedIn password was among the hacked accounts that are already being used to generate phishing attacks. Go to LastPass.com/linkedin:
Enter your password, and the website will tell you whether or not your password is now out in the wild. The obvious question: is it safe to give LastPass your password?
Here's what the company says about their tool:
Only the hash of your password will be sent to LastPass.com's servers, not your actual password. This hash will not be stored or logged at all. Please view source the page if you're technically inclined.
LastPass is an established company that has a generally good reputation, and has been reviewed by CNet and others.
One caveat: because the search will look through all the passwords in the file, if you have a very common word or password, it will come up as compromised. For example, here's what LastPass shows when the all-to-common password "password" is entered:
This does not mean your account is compromised, necessarily. It does mean your password is too common and should be changed. Ultimately, of course, we should all be smarter about passwords and use a tool like LastPass or 1Password to make sure we have complex and unique passwords for every single service and site we use.
Image credit: ShutterStock
Filed under: security, VentureBeat
No comments:
Post a Comment