Many of you will have heard about the Heartbleed Bug by now. It has been on various programmes over the last week and many ‘experts’ have been giving advice about changing passwords and methods of remembering different passwords for different websites.
First of all let me explain what the Heartbleed Bug is.
When you are on a secure website (websites that start with https and have padlocks showing in the address bar) your data is safeguarded using a method of encryption.
Many websites have been using OpenSSL to take care of the encryption processes.
One of the functions used within OpenSSL is known as a heartbeat option. To make sure your computer is still connected to the server a message is sent and the server responds with the same message. For example, your computer sends the message ‘private’ and confirms that the message is 7 characters long, the server will then respond with the same message to ensure they are still communicating.
The Heartbleed Bug allows an attacker to send the same message but claim it is 64,000 characters long, the server will respond with the message but with an additional 63,993 characters of random data from the servers random access memory (RAM). This is where the potential for attackers to grab sensitive data lies.
So, should you be changing all your passwords for the websites you use?
Yes and no. Some secure websites have been using different methods of encryption and these are not effected by the Heartbleed Bug. Many websites will have been patched in the last week and it would be wise to change the passwords you use for these sites. There will be a lot of websites that have not been patched and changing your passwords on these websites will make no difference as attackers will still have the potential to grab sensitive data.
The best thing to do at this point is to rethink the way you use passwords. Many people use the same passwords for everything: emails, banking, shopping, forums, gaming etc. If your password is compromised on one of the websites you use, attackers will use the same details on lots of different websites to hopefully gain access to other services you use.
I recommend you use a unique password for each website you use. Use the secure password generator in this link secure password generator and create a list of random passwords. Print it out and keep it somewhere safe. Every time you need to make a new password for a website, pick one from the list and make a note of which website you use it for. This way you can use a different password, which is also very difficult to guess and not have to worry about remembering complicated passwords.
Have two copies and keep them separate (just to be safe).
Also, as the Heartbleed Bug has had a lot of coverage, people will start to see a lot of phishing emails (emails claiming to be from a service you use, like a bank, but are actually criminals after your usernames and passwords).
They will ask you to change your details and give you links to click on to do this. DO NOT click on the links in emails to change your usernames and passwords, always go directly to the website by typing the website address in the address bar of your web browser.