Protect yourself from the Heartbleed security flaw

The Internet has been awash for weeks with warnings about the Heartbleed security bug. The New Yorker said last month that “Heartbleed is as bad as it is possible for a security flaw to be”. Cryptography expert Bruce Schneier has described it as “catastrophic”. Reports last weekend that it is still un-patched are cause for concern i think.

The technical rundown is that a version of the HTTPS protocol based on open SSL (Secure Sockets Layer) is vulnerable to attack using malicious code. Hackers exposing the flaw can obtain usernames and passwords used to sign in since the system was last restarted.

Experts say two thirds of all web servers are in danger from Heartbleed. Major websites affected include Gmail, Facebook, Twitter, Pinterest and Tumblr. The tech news website Mashable has listed affected sitesand we suggest you check this list to see if you need to change any passwords.

If you use any of these websites we advise you to change your password as soon as possible. (Please note though that if a website has not been patched for the bug you should not change your password until the security flaw has been resolved.)

It is wise to have more than one password for online systems. Personally I operate a three- tier system for passwords: a commonly used password for the majority of online sites, a more secure password for email accounts, and the most secure password for online banking. This last password is 12 characters long with some special characters, and a mix of lower and upper case letters. All my passwords are remembered and not written down.

If you are struggling to come up with a secure password then I suggest using the Advanced Password Creator for iOS devices

1) Advanced Password Creator for iOS

Or, you can use xkpassed, a one-off password generator.

In my opinion, a secure memorable password is two unrelated words starting with upper case letters and a two-digit number, for example 44PacifyLush.

If you can’t remember a password, why not type it 100 times so it gets ingrained in your mind. As a last resort put a note in your wallet or a contact with a note in your smart phone. But remember to remove your reminders once the password has been committed to memory.

Are you concerned about Heartbleed?

Please contact us on 03300100201 today – if you wan;t to check a site for the vulnerability now why not use this handy tool from Mcafee: http://tif.mcafee.com/heartbleedtest

Julian

Are you concerned about Heartbleed?

Downloads

Contact

Main Office