"Heartbleed" and your Web password security | Contributor

By Mike Sullivan
Courtesy to The Bellingham Business Journal

With recent news regarding the Internet security issue known as the “Heartbleed” bug, business owners should know how it might be impact them and what they should do to protect themselves.

The Heartbleed bug relates to a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge chunk of the Internet’s websites rely upon to secure the traffic, passwords and other sensitive information transmitted to and from users and visitors.

Because the Heartbleed bug targets Web and email servers, there is not a lot that regular Internet users can do to fix the problem. But experts are urging people to change the passwords for their various accounts and online services to beef up their security.

Since the vulnerability has been around for about two years and using it leaves no trace, assume that your accounts may be compromised.

Even though most servers have patched the vulnerability, it is still highly recommended that you change your passwords to ensure your data will continue to be safe. You shouldn’t simply alter your existing passwords; instead, take this opportunity to ensure your online security by downloading a password manager.

Some examples of the more popular password managers are 1Password, LastPass and Dashlane. A quick Google search should provide you with information about these services.

With a password manager, you need to remember only one master password, and then you can let the software remember all of your log-in information.

When you use a password manager to log into a website, you will first visit that site normally. But instead of typing your password into the website, your password manager does the dirty work for you—you don’t have to think about what email address, username, and password you used for the site.

The best part of password managers is their ability to generate a secure, random password for you. Even if you already have an account within the site you’re visiting, you simply need to find the option to change your password, and let the password manager create that complex, secure, password for you.

If you prefer the old fashioned way of just remembering your password, here are some tips from the Carnegie Mellon School of Computer Science to make more complex passwords yourself:

-First, make up a sentence you can easily remember. Some examples: I have two kids: Jack and Jill; I like to eat Dave & Andy’s ice cream; No, the capital of Wisconsin isn’t Cheeseopolis!

-Then take the first letter of every word in the sentence, and include the punctuation. You can throw in extra punctuation, or turn numbers into digits for variety. The above sentences would become: Ih2k:JaJ; IlteD&A’ic; N,tcoWi’C!

As you can see, the passwords generated by this method can be fairly secure, but are easy to remember (as long as the sentence you pick is one that is easy for you to remember).

In cases where an application allows long passwords, you could possibly use the entire phrase as your password.

Passwords are your first line of defense, not only for your online accounts, but also on your devices. Think about these facts if you’re reluctant to change your passwords:

-Research shows that 90 percent of passwords are vulnerable to hacking.

-The most common password is “123456,”  and the second most common password is “password.”

-One in five Internet users have had their email or social-networking accounts compromised or taken over without their permission.

In the end, it’s your data and you can choose how safe you want that data to be.

Mike Sullivan is a network and systems administrator at Tech Help. He helps Whatcom County business owners manage their IT so they can focus on their businesses. Learn more about Sullivan and the Tech Help team by visiting www.gotechhelp.com. Reach him directly at mike@gotechhelp.com.

Related Stories