It’s been a few weeks now since the Heartbleed security bug became known, and hopefully the vulnerable systems have mostly been patched. But now the real work begins.
Briefly, Heartbleed is a security hole that affected a sizable percentage of the web servers in the world. It enabled hackers to directly read the contents of a server’s memory—which could include usernames, passwords, credit card numbers, and anything else—without leaving a trace.
Early on in this crisis, there were attempts to identify the affected services so users could change their passwords…on just those services. It’s now clear that a more scorched-earth strategy is in order.
I’ll cut to the chase: You need to change every password you use, on every service and every account.
Why? Because, like most people, you probably:
- Use fairly week passwords
- Re-use passwords on different websites
- Had your good passwords exposed by the Heartbleed bug
Here’s an article I wrote a few months back on creating a password rule that should keep you pretty safe, and keep you from re-using passwords on different websites.
Trying A Password Manager
While I’ve resisted this solution for years because it sounds like a single point of vulnerability, I’m finally trying 1Password from AgileBits. There are a number of great password managers that work on all platforms, but 1Password has been around for a decade and seems to be the most-respected among the techies I follow.
I may have more to share after using 1Password for a few weeks, but so far, I’m liking its features:
- It can tell when you’re being asked to create a new password, and it will generate and save a random password for you
- All you have to remember is one master password, and 1Password will store and fill in the rest for you
- You can store multiple logins for the same services, which doesn’t always work when you have your browser remember your password
Please take this seriously. Heartbleed made it possible for hackers to steal just about any information that has ever lived on a web server.
It’s time to change your passwords. Really.