LinkedIn Failed To Take This Simple Step To Protect User Passwords

David HenkeSVP David Henke is in charge of LinkedIn security.

Photo: LinkedIn

Hackers stole the passwords of six million LinkedIn users last week.The New York Times’s Nicol Perlroth says the reason this happened is simple: Experts tell her LinkedIn took a rather lax approach to protecting user passwords.

On a grading scale of A through F, experts say, LinkedIn, eHarmony and would get, at best, a “D” for password security. The most negligent thing a company can do with users’ passwords is store them in plain text.

The most basic step they can take to protect passwords is camouflage them with basic encryption — what is known as “hashing” — in which they mash-up a password with a mathematical algorithm and store only the encoded, or “hashed,” version.

To make hackers’ jobs more difficult, diligent companies will append a series of random digits to the end of each hashed value, a process known as “salting,” which requires only a few more lines of code and can be done at no cost.

Salting passwords, security experts say, is Security 101 — a basic step that LinkedIn, eHarmony and all failed to take.

Click here to for more details >

NOW WATCH: Tech Insider videos

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.

Tagged In

linkedin sai-us