+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

If your password was affected by the LinkedIn hack, here's what you should change it to

May 27, 2016, 20:51 IST

Twin Design/Shuttershock

Hundreds of millions of account credentials for LinkedIn recently showed up for sale on a dark web forum, four years after hackers grabbed them.

Advertisement

And on Wednesday, the service was emailing users to tell them their account may have been affected and it had invalidated a number of passwords. It also said you should change your password immediately.

Fortunately, there's an easy way to come up with a complex password that you won't end up forgetting five minutes later.

"One of the easiest ways to give yourself a strong password would be using a full sentence," said Kurt Muhl of RedTeam Security.

Based in St. Paul, Minn, the cybersecurity firm of ethical "white hat" hackers helps companies find security flaws before the bad guys do.

Advertisement

The full-sentence technique works like this: Think of an everyday phrase that you can remember, like "My #1 favorite thing in the world is my family," or as Muhl gives as an example, "I bought my house for $1."

Then you take that sentence and convert it to a password by grabbing the first letter of each word. "I bought my house for $1" then becomes Ibmhf$1.

"That's going to give your uppercase, lowercase, a number, and special characters in there," Muhl said. "It's something that's easy to remember. All you gotta do is remember that sentence."

It seems simple, yet many people still resort to weak passwords, which hackers can easily guess using free software tools like John the Ripper. A password that has a word found in a dictionary with a number thrown on the end is something that a tool like "John" could break in about an hour, Muhl explained.

Passwords like "123456" or "password" - consistently found on worst password lists - would only take seconds to crack.

Advertisement

"That is the first thing that we try to go after," Muhl said.

As Muhl explained, John works off dictionary lists - massive text files you can find on any number of hacker forums - that contain words, phrases, numbers, and other password possibilities. It basically keeps trying combinations of words and numbers until it gets it right, which wouldn't take long if the password is particularly weak.

But Muhl's technique makes a dictionary attack fairly impossible, since it's not a word at all. The password becomes even stronger if you have more characters, since the added length ups the number of possibilities.

"The longer your passwords could possibly be," Muhl said. "The more guesses it's gonna take for me to get it right."

NOW WATCH: Hackers showed us how to break into the grid - and it was shockingly easy

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article