Heartbleed: Facts And Recommendations

What has just happened

A security vulnerability has been discovered this week. One more and why should I care, you’ll ask.

This vulnerability, romantically named “Heartbleed”, impacts some versions of a tool called OpenSSL. You know that when you enter confidential information online, such as a credit card number, you should check that there’s a lock icon in your web browser navigation bar. The lock is displayed when https protocol is used. OpenSSL is the open-source tool many websites use to handle https. So if OpenSSL is broken, online transactions are no longer confidential. This vulnerability is not a small one…

How bad is it for me?

Assume that all information you’ve been exchanging online in the last 2 years may have been eavesdropped. You regularly check your credit card transactions? Keep doing that! However, you probably don’t change your passwords regularly. Now, you should, as they may have been captured and recorded. All of them? Unless you want to check the OpenSSL version used by each and every website where you have an account, assume all your passwords may have been captured.

You’ve probably been hearing a lot about passwords in the recent weeks, months, years. Have you done something about it? If not, that’s probably the right time to do so. Remember, you should have a strong unique password for each of your sites.

How can I do that?

Ordinary people can’t, unless they maintain long lists of passwords (on a paper, in an Excel spreadsheet…). The alternative that you should seriously consider now is to use a Password Manager to create strong unique passwords and automate the connection to your websites. inWebo has such a tool available for you. It’s super easy, synchronized with your multiple devices, and free.

Free!? Where”s the trap? There’s no trap, no ad, no limitation to the number of passwords or number of devices. It’s free because our model is to charge the business and enterprise versions.

To use it, simply open an account HERE. inWebo Password Manager will propose to record your password when you connect or sign up to a website that is not yet known. Also, inWebo will propose a new, strong and unique password if you use the password lost or change password features proposed by the website.

Finally, you should pay a special attention to the passwords of your email addresses, as they are used to recover all other passwords. Make sure that the password you use for email is unique, strong, and that you have a way to recover it that doesn’t rely on other emails.

 

 

Written by Didier PERROT

Didier PERROT

Didier is the CEO & Founder at inWebo, particularly looking at innovation, business models, and technologies in the online identity and authentication areas