Ad: Manage updates with the Download App
ie8 fix
  • CNET
  • How To
  • Do yourself a favor, don't check if ...

Do yourself a favor, don't check if your password was leaked. Ever.

Don't check if your password was leaked on some random Web site, simply change it.

by

Earlier today rumors started sweeping across the Internet that LinkedIn account passwords had been leaked online. A few hours later, LinkedIn confirmed that the rumors were true; millions of account passwords had been compromised and posted online.

(Credit: Screenshot by Jason Cipriani/CNET)

Almost just as fast as the story started spreading, a link to LeakedIn.org was being passed around as a way to check if your password was leaked in the security breach. To figure out if you're affected, LeakedIn requires you to enter your account password. Your password is then converted to its SHA-1 equivalent and then is compared to the list of leaked passwords.

A red light means your password appears on the list, a green light means you are in the clear. At least, in theory.

Before you jump at the chance to check your password, ask yourself if it's really a good idea to enter your password on some random Web site. The answer should be an unequivocal no. You have no idea what is really being done with the information you enter.

In the case of LeakedIn, when you enter your password on the site, JavaScript is used to convert your password to SHA-1, all done locally, before cross-referencing your password. This post over on ZDNet details the process a bit more, and may help put your mind at ease should you decide to enter your password.

Instead, do yourself a favor, don't check to see if your password was leaked. Don't pass go. Don't collect $200. Go directly to your account settings and change your password, just to be safe. If you use that same password on more than just your LinkedIn account, go and change those account passwords as well.

LinkedIn has stated the passwords for accounts associated with the leak have been invalidated. A series of e-mails will be sent to those members affected with further explanation of what steps need to be taken.

I'm sure LeakedIn was built with every honest intention of helping fellow LinkedIn users. However good-willed its foundation may be, stay clear. It's good practice and good ol' technology common sense.

Updated June 6, 2012 to include information about how LeakedIn handles your password.

Don't Miss

How to

Make your old iPhone run like new

Want to make your iPhone 4 run like an iPhone 5? Donald Bell has some easy tips.

Play Video

How to

Set up the ultimate home theater PC

From configuring your PC to choosing the right accessories, Sharon Vaknin shows you what you need to turn your PC into the ultimate TV companion.

Play Video

How to

Maximize your Galaxy S4's battery life

Stretch your S4's battery life with a few built-in features and lesser-known tricks that keep your phone from draining quickly. Sharon Vaknin shows you how.

Play Video

How to

Let guests DJ your party

CNET's Donald Bell shows you how to turn your iPhone into a shared jukebox that guests can access and control using a free app.

Play Video

How to

Take creative photos with the HTC One

The camera on the HTC One is capable of some pretty cool tricks. CNET's Donald Bell highlights some of this smartphone camera's slick features.

Play Video

 

Member Comments

Add Your Comment