Last week, the Heartbleed vulnerability hit the news headlines. This time, as opposed to some distant corporate virus attack, or data loss, this was something that affects most people on the street. And with up to 17% of the world’s webservers affected, it’s severity has created waves all over the globe.
The issue centres around OpenSSL, which is the mechanism providing a secure, encrypted connection between your browser and a website. It’s often denoted by the prefix “https” on a web address, as well as the little padlock icon you often see, and prevents information being sent to and from a website from being read if intercepted.
OpenSSL is open source software, which means the programming code is readily available to communities of developers to enhance, maintain or fix. Open source is very much a good thing and isn’t actually the culprit in OpenSSL’s weakness here; it’s more the webserver that uses it that, if hacked, could reveal secure information from its users.
Indeed, as the news broke, security expert Bruce Schneier described it as catastrophic. It is pretty serious, and if you haven’t already done so, you should start thinking about updating all your passwords to fresh ones. And that’s where the real impact of Heartbleed could really be felt, in getting us to think more seriously about our password security, and our online presence in general.
We’ve all been there; that moment when you need to create a password quickly in order to proceed to the next step of a registration process perhaps, or a new presence on the latest social media website. You pick an easy word that’s easy to remember, not thinking for one moment how similarly easy it is for a hacker to guess the same of your dog or where you were born.
If we’re lucky, and people saw the news, Heartbleed might hopefully start to change behaviour. Even the BBC warned users to change their passwords, and given the chance to start anew, it’s the best time to think about a strong password. Mixed cases, numerics and other punctuation is a great start. A simple approach is to replace vowels with numbers, so that the letter a can be swapped to a 4, e becomes 3 and change s to a 5. Adding random numbers to the end of a word also works, but don’t use birth dates or years, as you’ll be giving away even more information to hackers.
Develop the password first. Use an empty text editor window (such as Notepad on a PC or laptop) to try it out. Edit, refine and try again until it’s both memorable and quick to type in. Then, use Mashable’s excellent guide to review the most notably affected sites and start editing them. Note that there may be others affected that you need to look at too.