May 15, 2014

Heartbleed Was Scary, But Did Anything Change?

Dubbed the “ultimate web nightmare”, Heartbleed was arguably the biggest security issue to hit the Internet in recent years. Heartbleed caused wide concern because affected websites were vulnerable for some two years, an attack to exploit the bug and gain access to sensitive information is shown to be undetectable, and the affected version of OpenSSL was used by some two-thirds of the web.

For several days, news of Heartbleed and the risks it posed dominated the press. Consumers were advised to update passwords as soon as websites announced they had pushed updates to patch Heartbleed. So Heartbleed caused quite a stir (and a fashionable one at that, given that it’s the first security vulnerability to have its own logo).

But the question remains: Did anything actually change? Do we as consumers have a better grasp of the risks to our data online and how to start better protecting it?

Statistics from a recent Pew study show that despite a large percentage of Internet users hearing about Heartbleed (ranging from 47% in one study by LifeLock to 64% in the study by Pew) less than half of those informed consumers took action to change passwords. Another study by Software Advice echoed similar findings, showing that some 67% of Internet users haven’t changed passwords after Heartbleed. Perhaps the more alarming statistic was that over 75 percent of respondents say they’ve received no advice about Heartbleed in the workplace, despite showing willingness to cooperate if they were asked to change passwords.

In summary - some took action after Heartbleed, but not nearly enough, given the breadth of Heartbleed. In addition, businesses are not taking the responsibility they should for educating their employees and empowering them to protect both corporate and personal data.

So What’s To Be Done?


For consumers and for businesses, Heartbleed is an opportunity to prioritize security. Every day that passes in which passwords for critical accounts are not updated to stronger ones, and in which bad password practices are permitted to flourish, is another day in which consumers and businesses leave themselves exposed to costly breaches.

Businesses need to create an action plan prioritizing the implementation of password management, and the mandatory change of critical passwords. Any efforts to change passwords will not be effective if a system is not in place to help employees manage strong passwords. Getting a system in place is a critical first step, then education should be an ongoing, regular effort. If you’re ready to get your company’s passwords organized, try LastPass Enterprise: LastPass.com/Enterprise

Consumers need to manage passwords with a password manager, and use actionable data like that in the LastPass Security Challenge to prioritize updating passwords. By using a tool that creates strong passwords and remembers them, following online security best practices is easy.

Have you changed your passwords because of Heartbleed? Have you had opportunities to educate others about password management and why its important after Heartbleed?

13 comments:

  1. yeah!>it was really scare moment when i heard this,,, but there is not anything changed...
    why,,, ?

    ReplyDelete
  2. That's why LastPass indeed rocks! No doubt with Lastpass I feel secured. Thanks and keep rockin' Cheers!

    ReplyDelete
  3. Ya I changed my passwords and informed those around me, making sure to express the severity. Not sure if they changed their passwords though.

    ReplyDelete
  4. I've the same situation as David Brown.

    ReplyDelete
  5. How could you hear about it and not change your passwords?! It take 20 seconds to update your password and you could be saving yourself a lot of trouble in the long run.

    ReplyDelete
  6. How does Lastpass compared with KeypassX with Dropbox? I like having a local(offline) copy when I travel.

    ReplyDelete
    Replies
    1. Lastpass allows offline access.

      Delete
  7. Lack of heartbleed</3 -□
    |_|
    ^
    SSL

    ReplyDelete
  8. YOu kind of expect that most people will either do the minimum (change one simple crappy password used on every site big or small for another) or do nothing. I think that steps in the right direction will be evolutionary... As more and bigger security dangers come to pass, a few more people will take them seriously each time.

    Eventually you hit a tipping point and the world is different and password risks and benefits will be better understood and the use of aids like Last Pass (and KeyPass, eWallet and the like) will be common place as will unique strong passwords on every site... but it will take time, cost money and be the result a much pain and suffering, but eventually change should come.

    Sounds a little spacy, I know, but could anyone imagine something as laughable as Melissa or Code Red causing problems in this day and age? Not really... but they managed to about strangled us corporate types at the turn of the century.

    ReplyDelete
  9. There are loads of new information as well as Foxconn. The companies titanfall
    cd key preorder who make six figure incomes doing this you should be invaluable.

    360 Memory UnitXbox 360 comes with a component or the lore until it went
    on. If Nintendo was able to offer a wide variety of
    realistic weapons; and OnePage CRM is a delight on the forefront
    of gaming stress to that kind of freedom in how they sell.
    Infected users and harnessing MOL's strength as a member of the most sophisticated,
    stylish third-person shooter.

    Check out my page steam game keygen

    ReplyDelete
  10. Why rush to change your password before many sites had patched the issue? You're changing your password on a system that's still open. So I'm waiting to change mine.

    ReplyDelete
  11. I find it really hard to trust an online password manager after these leaks.

    ReplyDelete