Now that the Heartbleed security flaw has had its day in the news cycle’s fickle sun, one question remains: have you taken steps to make sure that your accounts and passwords are properly secured?
Even though the news outlets have let Heartbleed slip from lead story to back page, it doesn’t mean that it’s no longer a threat. Thousands of Internet users are still vulnerable due to compromised passwords, many of which haven’t been updated. In fact, the Pew Research Internet Project recently surveyed over 1500 American adults about their awareness of and reaction to the news about Heartbleed, discovering that only 39% of survey respondents took the critical step of changing passwords or closing accounts. If you haven’t changed a single password since the news about Heartbleed broke, you’re asking for trouble. Even though sites such as Gmail and Facebook have corrected the vulnerability in their code, the possibility that your password information has fallen into the wrong hands remains strong. The solution is to change your passwords. Use this warning as a reason to improve all of your passwords.
For a list of major websites impacted by the Heartbleed vulnerability, check out this article on Mashable. Chances are, you have accounts with many of these sites.
If you’re been following LTnow’s blog for any length of time, you likely remember that we’ve addressed password security in the past. Weak and repeated passwords are among the biggest threats to online security, and yet legions of people still cling to their old habits when creating them. It’s simply too much effort to create long, strong, varied passwords for an average of 26 to 40 differing accounts, and then attempt to remember them. No one wants to do that.
Fortunately, there is a way to get a handle on your numerous accounts and their attendant passwords: password managers. I’ve discussed password managers in this space before, and the Heartbleed vulnerability helps to solidify my case for these valuable apps. If you’re not using a password manager to help create strong, unique passwords for all of your online accounts, whatever argument you have against them is now invalid. You can no longer rely on your own methods of password creation or your fantastic memory to assure that your passwords – and therefore your accounts – are safe.
Don’t use cost as an excuse; there are a good many password managers out there that are completely free to use. Most have a nominal fee for a few more bells and whistles, and the expense is completely worth it. I use the premium version of LastPass and wouldn’t think about going without it ($12 per year).
Don’t allow yourself to be intimidated by the concept of a password manager, either. Although all of your passwords will be accessible in one place, you and only you hold the master key (in this case, a master password) that unlocks the vault. Passwords stored within that vault are encrypted so that even if the server hosting the software is hacked, your information is safe. In fact, the weakest link for the whole system will likely be your master password – so make it unique and strong.
Which brings me to another point: two factor authentication (TFA). I’ve talked about TFA a bit with regard to your email account, but the same information applies with other, equally important accounts. The best password managers offer TFA as a layer of security, sending an authentication code to your cell phone which you must then enter into the manager app in order to gain entrance. Yes, it might be just a bit more effort than you’re accustomed to, but it’s better to take that extra step to retrieve secure, sensitive information. I use TFA with my LastPass account so even if you guess my password (more than 20 characters long), you still have to get past the second level of defense – the TFA key which changes every 60 seconds.
Password managers are the latest wave of technology used to combat the varied security threats found online, and I believe that they will become a solid part of most of our everyday computing. With so many of us living a large portion of our lives – email, shopping, banking – online, the potential for security breaches remains great. Password managers can help you to shore up your online security by creating unique, varied passwords for each of your online accounts. You don’t have to commit any of these to memory. All you need is your master password.