The LinkedIn hack: What you need to do about it
Over six million user passwords may have been stolen from the social networking site in a recent hack. Now it's time to change your password.
LinkedIn is a popular site for people looking to make contacts, find a new job, or, apparently, steal millions of passwords.
Over six million user passwords may have been stolen from the social networking site in a recent hack.
Chester Wisniewski from the security firm Sophos says now it's your turn to step up. "If you're a LinkedIn user, and you follow good practices and you don't share passwords between websites and you don't use say a dictionary word that makes it easy to brute force guess what your passphrase might be, then you just need to go change your password -- no reason to panic. If you share that password on multiple websites, now you got a little more of a mess cause you got to try to remember all the different places you might have used it because you really ought to go change it now because it's going to be likely that whoever's behind this attack will know your email address and password."
People use the same password on several sites because remembering a different one for each site is a pain in the neck. Wisniewski uses a password locker.
Wisniewski: I just looked I have 482 passwords right now, and that's all stored in a program. I just memorize one password that unlocks this vault that contains all my passwords, and each one of those passwords in that vault is 24 characters long and numbers and symbols. I have no idea what any of them are.
Moe: What if somebody hacks into your vault?
Wisniewski: Well, then I'm really in a big mess if they hack into my vault, and that's why my one password I have to remember to enencrypt the vault, right, the vault itself is encrypted, I have to memorize one really good thing.
Is there a better way? An easy secure password system you won't forget?
Roy Maxion of Carnegie Mellon University says yeah: train the computer to know your typing rhythm.
Roy Maxion: You type your password in a rhythm that's particular to you. Even if I knew your password, it's very unlikely that I would be able to type it in the same rhythm that you would.
Moe: But if I had too much coffee or didn't get enough sleep the night before, couldn't that pattern change?
Maxion: Well, your rhythm could change and there's some evidence that your rhythm does change from day to day, but there's a concept that we call core rhythm.
Even if someone butchers the singing of "Happy Birthday," you still recognize the song. That's the same concept of core rhythm.
Other researchers are also coming up with innovative approaches to security. And you'll see that technology on popular sites starting... Never. Because of money.
Maxion: For a company like Google or Facebook who has 900 million users, it's going to be expensive to make the switch over.
So change your passwords often and make 'em hard to guess, because this is the system we're stuck with.
A new web service called Airtime has launched, started by the guys who built Napster. Connect through Facebook and video chat with friends and meet new people. Provisions are in place to keep creeps and naked people away.
I think Airtime will fail.
Here's why: we do not like looking at each other on screens in real time. If we did, Facebook's live video chat would be a big hit. Apple's FaceTime feature and similar products on Android devices would be huge. We use Skype, but generally? We'd rather text or call.
Alexander Graham Bell envisioned video calls back in the 19th century. Working models date back to the 1930s. Different approaches have been tried in decades since. None caught on. Clunky technology usually gets blamed.
Now the technology is pretty good: nice picture, easy, quick, free. Still, we'd rather not see each other. We'll write, we'll speak, not look. I don't see this as bad. I think it's a welcome sign that in a hyperconnected society, we still value privacy. Yay.