On 7 Jun 2012 19:15:21 -0700, in bit.listserv.ibm-main you wrote: >On 6/6/2012 5:38 PM, Ed Gould wrote: >> LinkedIn Users: Change Password Now >> Attackers appear to have obtained--and may have already decrypted--at >> least 6.5 million LinkedIn passwords. >> >> http://www.informationweek.com/news/security/attacks/240001623?cid=nl_IW_daily_2012-06-06_html&elq=a86e12d6260b46e991eaf6fac15b1ab7 >> >> > >Ed, > >Thanks for posting this. I did not know about the LinkedIn breach, and >I was able to react quickly. > >Regards, >Tom Conley > I have had the following password policy for my use.
1. All passwords used to get to an employer's computer are unique to that employer. 2. All password for logging on to my home PCs are common to all of the home PCs and only those PCs. 3. My e-mail passwords are unique to the email vendor. 4. My financial passwords are split between credit cards and banking so there is some sharing. 5. I have another strong password for a couple of sites. 6. For sites including LinkedIn, Yahoogroups, vendor sites, I have a common relatively weak password because only the minimum amount of information needed to register is on those sites (no picture and no personal information other than what can be gotten from the phone directory if that much). 7. I have only started using special characters such as '*' in passwords since I am not confident that most special characters are stable across code pages (the classic being currency symbol in EBCDIC, did British users key the pound sterling symbol for JES2?). 8. I rarely change passwords unless forced since I have yet to see the value except where the keying of passwords can be observed by others. With regard to items 6 and 8, what are my real vulnerabilities? Assuming that my password is among the hacked passwords in LinkedIn, since I have no truly personal information there and at most a links to a VERY small group of friends on that site and on Facebook, is it worth bothering changing the password. Clark Morris ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
