2 thoughts immediately arise. Why were they using an unsalted hash?
I use a password vault, KeePass, that has an invaluable tool that shows me all accounts that use the same password. It was a matter of minutes to change them once identified. I highly recommend it or any tool. I used LastPass before, but even they had a breach which turned me off to the whole online password tool, despite its advantages. This is all most likely preaching to the choir. I can't even get my wife to use secure passwords let alone a password vault. On Wed, Jun 6, 2012 at 8:49 PM, Corey Quinn <[email protected]> wrote: > > > On Jun 6, 2012, at 5:38 PM, unix_fan <[email protected]> wrote: > > So, no one has said boo about the LinkedIn breach? > > > They have on ~5 other lists I'm on. > > > The bell curve predicts that our community will have people with breached > passwords on that site, and some percentage of those people reuse those > same passwords elsewhere. If not true for you, it is likely true for the > user community you serve. > > > Mine was there, but was unique to LinkedIn. It has since been changed. > > What I have passed on to our communications folks about getting a message > out: > > > I remain somewhat unconvinced that this is necessary when my elderly > mother has seen the media coverage-- it's been VERY well publicized. > > Thoughts? > > --Corey > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
