Skip to main content

Heartbleed - What you need to know

Published: April 14, 2014

Morning folks, it time to change all of your passwords! If you're anything like me, you've been using the same password on a bunch of websites, something easy to remember. You really don't want to be doing that! Passwords on today's internet represent your identity and you don't want that stolen!

Recently, a bug was found in the way some servers on the internet communicate with your web browser. This bug is called Heartbleed. Xkcd has a really nice pictorial explanation. Heartbleed lets hackers easily compromise the server and get your passwords as well as the server's keys. Oh, and by "some" servers, I mean close to 60% of all web servers you visit! This list includes titans like Amazon, Google, DropBox, Netflix, GoDaddy and other big names as well as many other less well known sites.

You need to change your passwords. This isn't an option. Here's what I recommend. First, check out my password generation page. Generate a password that is at least 12 characters long and memorize it. Write it down on a piece of paper and hide it somewhere near your computer. A random 12 character password is enough to protect you from most hackers. If you're more paranoid, go with more, but after about 20 characters or so, there isn't much difference in security. It's a math thing. Every character you add to your password makes it exponentially harder to crack.

Next, sign up for LastPass. LastPass is one of the best ways to store passwords and make sure that they're unique and hard to crack. I use it for all of my passwords. Use the password you just generated as your LastPass master password. Now, go to the sites that you use and start using LastPass to create new random passwords and to store them.

After you've gone through all your sites, run the LastPass security check. It will tell you what accounts are secure and where you need to improve. My security check score was a 38% before I started using LastPass. Now, my score is 85.2%. That's a huge improvement! Your goal should be to have no passwords that are the same, and an average password length of at least 15 characters. Some websites want shorter passwords. That's OK. For those sites, generate the longest password that they'll accept. For the rest, have LastPass generate, long, secure passwords.

That's all for now! Happy password changing!