With news breaking April 7th regarding an Internet security issue known as the Heartbleed bug, I thought it beneficial to outline how businesses might be impacted by this and what they should do to protect themselves.
The Heartbleed bug relates to a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge chunk of the Internet’s websites rely upon to secure the traffic, passwords, and other sensitive information transmitted to and from users and visitors. Because the Heartbleed bug targets Web and email servers, there is not a lot that regular Internet users can do to fix the problem, but experts are urging people to change the passwords for their various accounts and online services to beef up their security. Since the vulnerability has been around for about two years and using it leaves no trace, assume that your accounts may be compromised.
Even though most servers have patched the vulnerability, it is still highly recommended that you change your passwords to ensure your data will continue to be safe. It is of my opinion you shouldn’t simply alter your existing passwords; instead, take this opportunity to ensure your online security by downloading a password manager.
With a password manager, you need to remember only one master password, and then you can let the software remember all your log-in information.
When you use a password manager and need to log into a website, you will first visit that website normally. Instead of typing your password into the website, your password manager does the dirty work for you – you don’t have to think about what email address, username, and password you used for the website.
The best part of password managers is the ability to generate a secure random password for you. Even if you already have an account within the site you’re visiting, you simply need to find the option to change your password, and let the password manager create that complex, secure, password for you.
Some examples of the more popular password managers are: 1Password, LastPass and Dashlane. A quick Google search should provide you with information about these services.
If you prefer the old fashioned way of just remembering your password, here are some tips from the Carnegie Mellon School of Computer Science to make more complex passwords yourself:
Make up a sentence you can easily remember. Some examples:
- I have two kids: Jack and Jill.
- I like to eat Dave & Andy’s ice cream.
- No, the capital of Wisconsin isn’t Cheeseopolis!
Now take the first letter of every word in the sentence, and include the punctuation. You can throw in extra punctuation, or turn numbers into digits for variety. The above sentences would become:
As you can see, the passwords generated by this method can be fairly secure, but are easy to remember if the sentence you pick is one that is easy for you to remember. In cases where an application allows long passwords, you could possibly use the entire phrase as your “password”.
Your password is your first line of defense—not only for your online accounts, but also on your devices. Think about this if you’re reluctant to change them:
- Research shows that 90 percent of passwords are vulnerable to hacking
- The most common password is “123456” and the second most common password, is “password”
- 1 in 5 Internet users have had their email or social networking account compromised or taken over without their permission
In the end, it’s your data and you can choose how safe you want that data to be.
PCMag.com: The Best Password Managers
CNET.com: Take control of password chaos with these six password managers
Carnegie Mellon School of Computer Science: How to choose good passwords
Heartbleed.com: The Heartbleed Bug
HTG.com: Why You Should Use a Password Manager and How to Get Started