A major vulnerability called the Heartbleed bug has been discovered in OpenSSL software that’s used on many of the web’s most popular sites. OpenSSL is the system built to encrypt passwords and other sensitive information on websites. The Heartbleed bug can reveal the contents of a server’s memory, where the most sensitive of data is stored. This bug has affected many popular websites, including Twitter, Yahoo!, Gmail and Facebook. The bug was identified by a security firm called Codenomicon, which published its details online.
“Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL,” reads the webpage devoted to explaining the bug.
If you change your password before a site puts up a patch, then you need to change it again afterwards. Mashable put up a list of popular websites that are affected by this, and the ones who have patched it up. You can also use this tool to check if a website is affected. Besides checking to make sure websites are secure, you should also keep an eye out for statements from your most visited websites. Some security experts also recommend that you should wait a few days before visiting websites that hold sensitive information, such as logging into your banking accounts.
Two of the most used password in the world are “123456″ and “password”. If you do this, then you are just asking to get hacked. Here are a few tips on creating new, better passwords:
Avoid using the same password for multiple websites.
Make your passwords at least 8 characters, using a mix of numbers and letters.
Avoid complete words.
Change your password often, ideally several times a year.
There’s a little trick you can use, too. Pick a short sentence that’s easy for you to remember – for example something that describes you. Then, pick the first letter from every word in that phrase to create your unique passwords. For example, if the sentence is: “I became the Rock Paper Scissors world champion in 2005″. The password would then be “IbtRPSwci2″.
A good way to manage your passwords is with the LastPass extension. This tool gives you the ability to record all your passwords in a single, strongly encrypted location. After you’ve set it all up, you only need to remember a single password. You can download LastPass here.