Monday 14 April 2014

Heartbleed Headaches & How to Make Them Go Away

My favourite quote about passwords has always been:

Passwords are like underwear


"Passwords are like underwear: we should not leave them lying around, and should change them regularly." - Unknown

Most of us manage the first part quite nicely and keep our passwords hidden, however changing them regularly? That is another kettle of fish entirely!

I'm sure by now you will have heard of the Heartbleed Bug - a serious vulnerability in OpenSSL encryption, used by significant numbers of popular websites to protect data. This weakness can allow access to confidential data, including names, passwords and cookies. For more information about the Heartbleed Bug, please check out Heartbleed in a Nutshell

This vulnerability has been active for over 2 years, making it incredibly likely you need to sit up and take this seriously! 

Mashable produced a list of affected websites, so please check there for a more comprehensive overview, however many websites you use everyday are among those affected, including:
   
The thought of changing your passwords for all of your accounts is very overwhelming. Overwhelming, but necessary. As I was pondering possible password combinations, I saw a twitter post detailing a 50% sale on 1Password - a piece of software that can help you store, generate and protect your passwords, while you only have to remember (yep, you guessed it) 1Password! 

I decided that in the interests of managing all of my passwords for various accounts, buying a license for 1Password was a sensible decision! It is also available for iOS, which helped seal the deal. 

To get started on your Mac (or PC), you simply purchase the license, download 1Password and enter the license information. Their support website is helpful in getting set up. 

Installing the 1Password browser extensions for Chrome, Safari & Firefox, made the next stage in getting set up a lot easier. For each of my accounts (e. g. Facebook, Twitter, etc.), I would change and save a new password. With the extensions installed, 1Password prompted me to see if I wanted to save this new password. Easy. 

I also downloaded the 1Password app for iOS, and it was super simple to log in to my account and do a wifi sync, meaning I can now access all my 1Password information on all of my devices. 

1Password offers a host of other features, including the ones outlined in the image below.  So far I have added extras like credit card and passport details. Really handy for when you want to do some online shopping, but don't have your credit card on hand. Same goes for booking flights when your passport is at home...!

  Screen Shot 2014-04-14 at 4.26.09 PM 
Next on my list is to use Strong Password Generator to help me create sensible passwords. As I only have to remember ONE, I feel much less concerned about making a password too difficult. 

Have you used a password management tool before? I would love to hear your thoughts. 

Image Credits: 
Underwear - by Keri-Lee Beasley (made with paper by 53
Facebook, Flickr 
Twitter 
All other icons freeware found at iconarchive.com