LinkedIn stolen password analysis – password trends and mistakes

10 Aug

A good soul did research which was based on the 6 million passwords that were stolen from the LinkedIn servers and data provided by Gawker and found some startling trends in how users create passwords

  1. A lot of passwords had foul language which are easy to crack
  2. Passwords relating to the website keywords were used like “jobs, links”
  3. Religion based passwords are popular and easy to crack. The top 15 phrases included “god”, “angel” and “jesus”
  4. A lot of passwords were just numbers. They were made worse by using the digits in the right order like “123456” “456789” and “123789”. Most hackers would not need the password to hack such accounts.
  5. The size of the password phrases were small. A little more effort would have been better. It is recommended that passwords should be between 8 to 10 characters long.
  6. Usage of the phrase love was common for example “iloveyou” which is strict no no.

Here is the  infographic of the analysis that was done from Visually

LinkedIn Passwords Lifted

An introduction to Last Pass for non techies

10 Aug LastPass website Screenshot

With companies like Yahoo and Formspring , Diablo and  World of Warcraft and Apple being hacked in the span of last 6 months I have grown conscious about security. The first step advised by security experts is to created ambiguous passwords which contain alphanumeric and special characters. It is surprising that generally people are not very smart when it comes to creating passwords.

In this day and age one cannot do away with not generating passwords because we are increasingly storing more personal data, financial data, photos and files online and that is bound to grow when cloud storage becomes more popular.

How does Last Pass help?

One of the biggest challenges is to remember the passwords specially when you are advised to have 12 character passwords which contain alphanumeric and special characters. There is an interesting post by Mark Burnett about why the passwords longer that 12 characters do not make sense. With users signing up for multiple web based services it is tough to remember the passwords for every service. This is where Last Pass helps. If you are interested in knowing more about the features of Last Pass please read this post.

I started using LastPass about 3 years back but became an avid fan and started exploiting the full potential of LastPass after I  to hear Security Now podcast with Steve Gibson. For those who do not know Steve Gibson is a respected technology enthusiast and a security expert. The video of the episode is embedded below and the Steve Gibson discusses LastPass 50 minutes into the podcast.

Some of the features that I was not aware of before were

  1. All encryption and decryption happens on your computer – Each account has an encryption key which is saved on the computer of the user. When the user creates a new account the login information is encrypted using the encryption data and then the data is sent to LastPass servers for storage making it virtually impossible for anyone to decrypt the data while it is being sent for storage on LastPass servers.
  2. Sensitive data stored on LastPass servers is gibberish – Since the data that is stored in the user account has been encrypted before sending it to the LastPass servers if someone was to lay hands on that data it would be of no use since the data is encrypted using a strong encryption key. Therefore in case LastPass servers are hacked and the data is stolen there is very little possibility of someone being able to decrypt the data.
  3. The encryption key is never shared with anyone even LastPass – The encryption key that is used to encrypt the data is never shared with anyone including LastPass making you log in data safe. Due to this feature LastPass warns users that in case they loose their password LastPass cannot retrieve their data therefore you must remember your LastPass login details at all times.

If you have not never used LastPass I would highly recommend you to start doing so. In the next post I will be discussing how to install LastPass on different types of devices and software