<p>Strongly recommend if you use Gmail that you take advantage of their double level of password security. It prevents anyone from accessing your account, even if they know the password, unless they also have access to either your computer or your cell phone.</p>
<p>This might be useful:</p>
<p>[LinkedIn</a> hacked: Fix your terrible, insecure passwords in one minute with this foolproof technique. - Slate Magazine](<a href=“http://www.slate.com/articles/technology/technology/2012/06/linkedin_hacked_fix_your_terrible_insecure_passwords_in_one_minute_with_this_foolproof_technique_.html]LinkedIn”>LinkedIn hacked: Fix your terrible, insecure passwords in one minute with this foolproof technique.)</p>
<p>
</p>
<p>give me a break. I have like 20+ online passwords. Not a chance I use different ones for all of my accounts. Honestly, I don’t even know what password I use for CC. I just stay logged in. If I log out, to log back in, I will type a bunch of passwords until I get the right one. Also, “strong” passwords are terrible. They are impossible for people to remember and easier for computers to crack. See: [xkcd:</a> Password Strength](<a href=“http://xkcd.com/936/]xkcd:”>xkcd: Password Strength)</p>
<p>I also probably have a double digit number of passwords for work, and they have to be changed every X number of days. Why do they have to be changed every X number of days? After X days someone is more likely to guess of force crack your password? It’s ridiculous.</p>
<p>“I email them to myself.”</p>
<p>I do this, too.</p>
<p>^^ When you email something that email transits several intermediary servers not to mention ending up sitting on Google’s (gmail) or Yahoo’s or Microsoft’s (hotmail), etc. storage - perhaps ending up with multiple copies of them in various places including in backups and replicated storage they keep. If the email isn’t encrypted at your PC before being transmitted it’s not really secure. </p>
<p>On top of that, all someone needs to do is hack into your email then they have the other PWs and usually the ability to ‘reset PWs’ at other sites including banking, FB, Amazon, etc. and then set a new PW. </p>
<p>Emailing a PW to yourself isn’t a good idea unless it’s encrypted first with good encryption and your email PW should be a strong PW due to what I indicated above about reseting PWs.</p>
<p>^ Really, GGDad says it. An ordinary person’s email is not secure. Even if you routinely clear out your home or office email inbox, the outside systems can hold the records, sometimes indefinitely. The only thing you can do is be vigilant about info you send into the public domain and any personal transactions online.</p>
<p>On financial accounts, look at your monthly statements. If you’re really paranoid, send yourself an email on every transaction if your financial institution has that feature.</p>
<p>
</p>
<p>I don’t have a LinkedIn account, and yet I can look up anyone’s profile (not the full one, but enough to see where they work, former jobs, etc.). I thought that was a feature, not a bug.</p>
<p>^^^That’s the whole point. Many head hunters use Linkedin to search for candidates, and you want them to find you if you are in the market.</p>
<p>If I email a password to myself, I don’t “spell it out”, I say something like “black dog number”.</p>
<p>I have a couple of “go to” passwords but I get hindered when a site requires 7 or 8 characters.</p>
<p>My passwords are typically 10 to 20 characters. Lately I’ve gone to mixed-case letters. Remembering is a bit of a headache - I have to carry my laptop with me if I need a password which is why I’m looking forward to getting a smaller and lighter laptop next week if Apple announces new MacBook Pros at WWDC next week.</p>
<p>is anyone else receiving these emails post LinkedIn hacking; oh and by the way I am not Bill</p>
<p>LinkedIn
Hi Bill,</p>
<p>Your LinkedIn password has been reset successfully.</p>
<p>Thank you,</p>
<p>The LinkedIn Team</p>
<p>This email was intended for Bill Groener. Learn why we included this. © 2012, LinkedIn Corporation. 2029 Stierlin Ct. Mountain View, CA 94043, USA</p>
<p>Warning to anyone who is emailing their password: once it goes “online”, your PW is not secure. It doesn’t matter who you send it to; you are sending confidential information online.</p>
<p>Here’s a site that will generate easy to remember, relatively secure passwords. There are many others. Google easy to remember passwords. They don’t–or claim not to–store any password they generate.</p>
<p>[Password</a> Generator For A Strong Secure Memorable Password - SafePasswd.com](<a href=“http://www.safepasswd.com/]Password”>http://www.safepasswd.com/)</p>
<p>And here’s a site where you can enter your LinkedIn password to see if it’s been compromised. They have a statement about why it’s safe to enter your password. </p>
<p><a href=“https://lastpass.com/linkedin/[/url]”>https://lastpass.com/linkedin/</a> </p>
<p>I operate under the assumption that my privacy has been compromised.</p>
<p>
</p>
<p>I have several levels of passwords but I don’t have a separate password for every site I use. Unfortunately my LinkedIn password was my oldest password, created back in the day when the internet was newer and before I’d started using a hierarchy of passwords for different levels of security. So although it wasn’t the password used for my bank accounts and suchlike high-security sites, it was indeed my password for social networking and a plethora of other sites where my login id is my email address. I’ve been spending a horribly tedious weekend changing passwords.</p>
<p>I started this exercise by extracting the list of saved passwords stored by Firefox on my computer. This turned out to be a list of 280 entries, 125 of which had the hacked LinkedIn password. I suspect many people don’t realize quite how many websites they use. I’m not comfortable with using an eWallet to store passwords of which I don’t have some kind of separate record or reasonable hope of recall. I’m appalled that others email passwords to themselves. That’s so insecure!</p>
<p>A lot of my websites I no longer use (e.g. the PTA website for my child’s former school) but there’s no apparent way to simply delete the account. That’s annoying. In a few cases - my electric utility, for example - there’s apparently no way at all to change the darned password. If you forget it, they email it to you in clear text! I guess I’ll call them on Monday.</p>
<p>
That’s another big security issue - having browsers save PWs on one’s computer. You should never do this.</p>
<ul>
<li><p>If anyone else gets ahold of your computer (like a thief, some worker in the house, the bad relative, etc.) then they now also have access to whatever you’re using those PWs for.</p></li>
<li><p>You don’t know how the application is storing them - whether it’s using strong encryption, weak encryption, whether it’s stored in the clear, etc.</p></li>
<li><p>You don’t know ‘whet else’ the app’s doing with the PWs.</p></li>
</ul>
<p>Makes one yearn for simpler times when we didn’t need passwords and computers were “exotic.” <sigh> H’s office is always having trouble with passwords, especially since folks are routinely required to change them and remember them. UGH! Fortunately, he’s been able to delegate staff issues about this to others.</sigh></p>
<p>S has a spreadsheet he regularly updates with his various passwords. I have a manual small index file container with the websites & passwords/account numbers listed on each card. OK, if I’m about to easily lay hands on the file container but tougher otherwise.</p>
<p>I don’t understand the reluctance to use eWallet. You create one very strong password for the wallet and let eWallet create the passwords for your sites. eWallet uses 256-bit AES encryption. It’s infinitely safer than a layered shared password method.</p>