Heartbleed Was Scary, But Did Anything Change?

Dubbed the “ultimate web nightmare”, Heartbleed was arguably the biggest security issue to hit the Internet in recent years. Heartbleed caused wide concern because affected websites were vulnerable for some two years, an attack to exploit the bug and gain access to sensitive information is shown to be undetectable, and the affected version of OpenSSL was used by some two-thirds of the web.

For several days, news of Heartbleed and the risks it posed dominated the press. Consumers were advised to update passwords as soon as websites announced they had pushed updates to patch Heartbleed. So Heartbleed caused quite a stir (and a fashionable one at that, given that it’s the first security vulnerability to have its own logo).

But the question remains: Did anything actually change? Do we as consumers have a better grasp of the risks to our data online and how to start better protecting it?

Statistics from a recent Pew study show that despite a large percentage of Internet users hearing about Heartbleed (ranging from 47% in one study by LifeLock to 64% in the study by Pew) less than half of those informed consumers took action to change passwords. Another study by Software Advice echoed similar findings, showing that some 67% of Internet users haven’t changed passwords after Heartbleed. Perhaps the more alarming statistic was that over 75 percent of respondents say they’ve received no advice about Heartbleed in the workplace, despite showing willingness to cooperate if they were asked to change passwords.

In summary – some took action after Heartbleed, but not nearly enough, given the breadth of Heartbleed. In addition, businesses are not taking the responsibility they should for educating their employees and empowering them to protect both corporate and personal data.

So What’s To Be Done?

For consumers and for businesses, Heartbleed is an opportunity to prioritize security. Every day that passes in which passwords for critical accounts are not updated to stronger ones, and in which bad password practices are permitted to flourish, is another day in which consumers and businesses leave themselves exposed to costly breaches.

Businesses need to create an action plan prioritizing the implementation of password management, and the mandatory change of critical passwords. Any efforts to change passwords will not be effective if a system is not in place to help employees manage strong passwords. Getting a system in place is a critical first step, then education should be an ongoing, regular effort. If you’re ready to get your company’s passwords organized, try LastPass Enterprise: LastPass.com/Enterprise

Consumers need to manage passwords with a password manager, and use actionable data like that in the LastPass Security Challenge to prioritize updating passwords. By using a tool that creates strong passwords and remembers them, following online security best practices is easy.

Have you changed your passwords because of Heartbleed? Have you had opportunities to educate others about password management and why its important after Heartbleed?


  • Sara says:

    I find it really hard to trust an online password manager after these leaks.

  • Anonymous says:

    Why rush to change your password before many sites had patched the issue? You’re changing your password on a system that’s still open. So I’m waiting to change mine.

  • Clay Cahill says:

    YOu kind of expect that most people will either do the minimum (change one simple crappy password used on every site big or small for another) or do nothing. I think that steps in the right direction will be evolutionary… As more and bigger security dangers come to pass, a few more people will take them seriously each time.

    Eventually you hit a tipping point and the world is different and password risks and benefits will be better understood and the use of aids like Last Pass (and KeyPass, eWallet and the like) will be common place as will unique strong passwords on every site… but it will take time, cost money and be the result a much pain and suffering, but eventually change should come.

    Sounds a little spacy, I know, but could anyone imagine something as laughable as Melissa or Code Red causing problems in this day and age? Not really… but they managed to about strangled us corporate types at the turn of the century.

  • Sami Jaman says:

    Lack of heartbleed</3 -□