Tell your non-tech friends and family: Don’t use LinkedIn Intro
If you have friends or family that are using LinkedIn (And there are a lot of them – I’ve got family members that don’t use Facebook, that do have LinkedIn accounts), please take the time to inform them about the importance of password security.
Knowing that many of their users aren’t particularly technical, they have added a number of dubious (I’d say dangerous) techniques to bolster users connections (and by effect their userbase). Of these techniques, there are two which ask users to enter their email username and password so they can access the user’s email inbox directly. This is a bad idea. Please send this post (or wholesale copy it and email it to them – I’m putting this post under Creative Commons, so copy away) to your less technical friends and family, and offer to help them fix up the mess if they have already given up their username and password.
Giving third party applications like LinkedIn your password is a bad idea.
Dear friends and family,
When you signed up for LinkedIn, they may have asked you for your email login and password, allowing them to search your contacts to create connections. By giving LinkedIn your email login and password, you have given them complete access to your email. This means they can read ALL of your email, and theoretically send email on your behalf.
You might have seen a screen like the one below:
This is one of the services you should avoid. Even though it says that they don’t store the password, or send email on your behalf, you shouldn’t trust external services with your login and password. Ever.
LinkedIn has also announced LinkedIn Intro. This service DOES store your username and password – and it has to it in such a way that it can easily be read. This service PRETENDS to be your email server, so your email program downloads your mail from LinkedIn rather than your real server. It does this by PRETENDING to be you and logging in to your email server, downloads and changes your email to display their header. This is why they will need your username and password.
So, if you get an invite to use LinkedIn Intro, please ignore it.
What can you do if you have already signed up for these services? The easiest thing to do is to changer your email password. If you don’t know how to do it, get in contact with a trusted friend or family member that can help you out.
Please remember: Anyone that has your email username and password, can read and send email on your behalf, so don’t give it to anyone that asks for it.