There are two golden rules that every online computer user has to follow:
The first rule of going online is never give out your password.
The second rule of going online is never give out your password.
Why then, does social-networking website LinkedIn constantly harass its users into breaking both of these golden rules by asking, if not demanding, they hand over the passwords to their private email accounts? This article isn’t about the already documented security incidents at LinkedIn, those can be read about at the links below. Rather it is about a security mentality under the spell of which even one’s duty of care to oneself is treated with disdain. For background only, we illustrate what may befall novice or foolhardy users who fail to protect their accounts. For that, we have an extract from the Twitter account of just such a user, Israeli Vice-Prime Minister Silvan Shalom.
One presumes the views expressed by the Vice PM, however commendable, are not those of the politician or his employer’s. Thus we conclude that the combined resources of the Israeli Prime Minister’s Office and his social media service providers are insufficient at least to the degree of protecting him from such embarrassments as being falsely portrayed as having once spoken the truth. That will never do, the page was taken down, and all the minister’s official lies, backed with a corporate stamp of approval, were retweeted. At the same time, his similarly hacked accounts on all his other services, including LinkedIn, were being restored.
That will teach him not to share passwords and hopefully his employers have taken note and will henceforth allocate to him only those duties suited to his talents and which do not require him to secure any email accounts. In another widely-publicized incident, LinkedIn lost their customers’ password hashes. Six million of them, a number that initially sounds vast, but is at variance to LinkedIn’s claims of ‘hundreds of millions’ of users. For a company whose stock price is directly proportional to the number of users it claims to have, this discrepancy may be worth investigating but I’m sure the PR guys have already been marched out to deliver their ass-covering prattle to the press.