Why You Need To Change All Your Passwords Immediately
IT Security
First, we talked about longer passwords being more secure, and then we talked about additional steps to take to remediate potential password security issues. Identity theft and digital security are huge issues for each and every one of us, but changing all of your passwords is ridiculously inconvenient. Every once in a while we all need a kick in the butt to get on the right track. The Heartbleed Encryption Flaw in OpenSSL is that kick. It’s the reason you’re going to spend the next few days changing all of your passwords.
Yes, Heartbleed sounds like the name of an unreleased goth band album, but it’s actually serious business despite the name and associated logo. At the core, the issue is related to bad coding in OpenSSL. The SSL part of the name stands for Secure Sockets Layer (or Transport Layer Security [TLS], the successor to SSL), a security protocol design to secure information over the Internet. It works by using a secret handshake to set up a secure connection between the server you’re trying to access and your computer. The Open part of the name refers to the fact that the OpenSSL project is open source, which means development and implementation is handled by a small group and delivered free of charge.
Heartbleed is a huge issue because it allows the bad guys to look in the secret handshake and see your usernames, passwords and personal information. The bigger issue is a reference one. Once the secret handshake is compromised, bad guys will know exactly how your information is processed by the site you’re trying to access. You could log into your Google account and not even know someone is getting all your information.
Mashable reached out to many of the sites reported as vulnerable to see what was affected. Notable vulnerabilities include: Facebook, Google, Instagram, Yahoo, Pinterest, Dropbox, and Tumblr, but you can read their full list of affected sites here. Even though many of these sites have reported they applied a security patch to fix the issue, there are no guarantees your information wasn’t already compromised.
Go change all of your important passwords. Immediately.
And don’t forget to reference the Do’s and Don’ts of Password Security and Longer Passwords posts before you start changing passwords!