You should have heard of the Heartbleed bug

JPCT 150713 Alan Stainer. Photo by Derek Martin
JPCT 150713 Alan Stainer. Photo by Derek Martin

You have probably heard about the Heartbleed bug. If you haven’t, where have you been?

Quite rightly it has been touted as probably the most serious security flaw to date. With it hackers can steal information willy nilly. Even encrypted information, and without leaving a trace.

Shocking. All is not lost though, because as soon as the bug was announced, server technicians began to feverishly patch their systems to plug the holes.

What does this actually mean to you and I? Well, if you use Mumsnet change your password pronto! Mumsnet are believed to be the first recorded victims of the Heartbleed bug, putting the accounts of their 1.5 million members at risk. They had the misfortune to be hacked before they rolled out patches to prevent a breach.

Even if you do not use Mumsnet, you should be thinking about changing your online passwords. You will need to check with the service provider to find out if your account may be at risk, or if they have patched their servers already. Don’t change a password before the patch for the Heartbleed bug has been applied.

Most organisations will have notified their customers via e-mail by now with specific advice. If you haven’t received an email yet, don’t forget to check your junk folder in case the spam filters have been over zealous. If you still haven’t seen anything, check the company’s website for announcements, or contact them directly if you are worried.

General password security advice to follow!

Make sure when creating a password, that you avoid using real words as much as possible. Never use your own name, date of birth or obvious words like admin and password.

Do mix upper and lower case letters.

Do use numbers and special characters.

Remember that longer passwords will be harder to crack than short ones.

Finally, try to use a different password for each website and online account you use. I know this is a tough one, as it gets hard to even think of unique passwords, let alone remember them all.

Perhaps this will give you some hope? There is a group called FIDO Alliance (Fast IDentity Online) which seeks to eliminate the need for passwords using things like fingerprint scans and retinal scans, to give you a single login mechanism that is unique to you. They are backed by a lot of the big players in the world of tech, including the likes of Google and Microsoft.

So here is to the future and a world without Heartbleed!

Alan Stainer
http://www.alansitsolutions.com