By now, you’ve probably heard of the Heartbleed Bug. Called the “ultimate web nightmare” by Mashable, this bug is a vulnerability in the widely used OpenSSL library that potentially exposed hundreds of thousands of passwords, usernames, secret keys, and other sensitive information to hackers.
If you have ever used a website that relies on OpenSSL — including Google, Facebook, Pinterest, Dropbox, and many other popular sites and services — your data may be at risk. To protect yourself, you’ll need to change your passwords when those sites have patched the vulnerability.
Many software companies and service providers recommend changing your passwords anywhere between every 30 days and twice per year. With Heartbleed causing chaos online, this may be the right time for you to do a thorough password overhaul to make your data and identity more secure. But how do you pick the right password? What can you do to make it harder for hackers to do their jobs?
We’ve put together this flowchart-style infographic on choosing a more secure password to help you. Use it now to secure your accounts in light of Heartbleed, and bookmark it for future use any time you think you might need to change your passwords again.
Picking a password can be difficult, and sometimes laziness gets the best of us. Who wants to think of yet another password for a new account or website that you’re not even sure you’ll use again? That’s why it’s so common to run into people who have been using the same password since high school, or to read in our infographic that “123456” is still one of the most common ways to access an account in the world — despite this being so, so, easy to guess or crack.
Unfortunately, as technology has advanced, so have hackers. New browser, server, and software exploits are found every day. Heartbleed went unnoticed for two years before it was discovered, and many sites could have unknowingly had their data stolen in that time. The best way to protect yourself against even suspected data theft is to remove the ability to access your account — and that means changing your password.
As you may have noticed above, security experts recommend that you use a different password for each and every website. If your activity is well-documented across the Internet, and a hacker gains control or guesses the password to just one of your accounts, they’re probably going to try the others. Although this may seem like way too much work, there are tools out there to make it easier. RoboForm is a password manager that relies on a “master password” to give you quick access to your accounts, no matter what the individual passwords are. You can also use a tool like KeePass Password Safe to securely store and retrieve individual passwords for hundreds of websites. (This is super helpful when you forget the password to your favorite tax filing site for the fifth year in a row.)
Although choosing new passwords can be time-consuming and even slightly stressful, it’s important to keep your personal information safe and secure. A few seconds of inconvenience for you could greatly hinder a hacker whose goal is to steal your identity or banking information. Heartbleed is one bug that you can’t ignore, so don’t forget to change those passwords!