As this week's LinkedIn and eHarmony--and likely, Last.fm--breaches demonstrate, many website users continue to pick atrocious, easily cracked passwords. Are your passwords safe?
It's been a bad week for passwords.
So far, 6.5 million users of LinkedIn and 1.5 million eHarmony subscribers had their password hashes uploaded to a hacking forum on the InsidePro website, although security experts suspect that many more accounts may have been compromised.
Meanwhile, streaming music service Last.fm Thursday confirmed that it's "currently investigating the leak of some Last.fm user passwords." While it didn't detail how many of its 40 million users might be affected, security experts think about 17.3 million MD5 unsalted hashes were stolen, that 16.4 million have already been cracked, and that the breach may date from 2010 or 2011.
Needless to say, all three sites have recommended that every one of their users change their password on the site--just in case. But what's the best type of password to pick? Here are 7 best practices:
1. Pay Attention
2. Use Unique Passwords
3. Explore Life Beyond Letters
4. Use Uncommon Patterns
5. Lose The Biographical Details
6. Love Longer Passwords
7. Use Password Managers