The recent of announcement of the Heartbleed bug caused mass confusion and panic across the Web. Although there are still some websites that are vulnerable to the exploit, the majority of the Web’s most popular sites have been patched.

Encryption and computer security can be complicated stuff, and there are experts in the field who can discuss the topic more intelligently than me. However, now that the dust has settled and the servers that power the Web are on the mend, let’s take a look at the Heartbleed bug and break it down into a palatable manner.

The Heartbleed bug is a flaw in the OpenSSL cryptographic software that allows the bad guys to steal information such as passwords that are typically protected on servers. The vulnerability has existed since 2012 and does not affect individual computers. Security experts have estimated that as many as half a million websites were utilizing OpenSSL. It’s a scary situation because the ordinary consumer is defenseless.

The patch to fix the security vulnerability was updated before the news broke, and many organizations implemented the update and replaced their SSL certificates. An SSL certificate is a piece of code that runs a server and protects communications. Once a website patched the exploit, users were encouraged to change their passwords.

However, this wasn’t properly communicated and created mass confusion. In some cases, changing a password to a website that hadn’t executed the patch actually made a user even more susceptible to a security breach.

As Joseph Steinberg, cybersecurity expert for Forbes, so appropriately wrote: “Since criminals now know about the vulnerability, they are certainly scanning for it and seeking to exploit it. If a site has not yet applied the patch and someone changes her password on that site, criminals may obtain her new password.”

The recommended approach is to change your password on a website after the organization states that it has executed the patch and updated the SSL certificate. Mashable compiled a helpful list of websites and their current status. You can review the list here.

Real estate professionals utilize a plethora of Web-based services: email, broker tools, social networking, cloud platforms and more. Passwords to all of these services need to be unique and strong. However, keeping track of all these passwords and having to change them every time a crisis like the Heartbleed bug happens just plain sucks. Enter: a password manager.

What is it?

A password manager is a software application that stores and organizers your passwords, PIN numbers and other sensitive information. They can be local software that is installed on your computer or Web browser.

How does it work?

Essentially, a password manager securely stores all of your passwords in an encrypted file. You need a master password to access the file and application. In some apps, information is encrypted and decrypted on your machine or device before the data is synced.

What is the value proposition?

Besides safely storing your passwords, a password manager can auto-fill Web forms for you, generate secure passwords, and some can even store credit card information. Also, certain apps work on all devices: desktop, smartphone and tablet. However, they really excel at helping you change your password when an annoying security breach hits the Web.

Here are three apps to safeguard your passwords on the Web:

1: LastPass

LastPass is a popular app that works with your browser. You simply create an account with a master password and follow the setup guide. LastPass is free to use on the desktop (Mac, PC and Linux) and supports all of the popular browsers. A premium package is available that includes mobile support for $12 a year. Mobile support includes: iOS, Android, Windows Phone, BlackBerry, and more. I was very happy with LastPass, and the app worked flawlessly on my MacBook with Chrome and Safari.

You can learn more here.

2: 1Password

1Password is the password manager that I’m currently using. It’s a local piece of software with an elegant design. Like LastPass, it works with your browser of choice as well. As the company says on its website, “a single click can open your browser, take you to a site, fill in your username and password, and log you in. It’s the fastest way to work or play.” 1Password is available for the desktop and mobile and includes a variety of pricing tiers starting at $24.95. The app is available for Mac, Windows, iPhone, iPad and Android.

You can learn more here.

3: KeePass

KeePass is an app my colleague recently recommended to me. It’s a free, open-source password manager — no frills and super simple. KeePass will definitely be a big hit with geeks in search of the right password manager.

You can learn more here.


The Heartbleed bug certainly won’t be the last security exploit to wreak havoc across the Web. A password manager can alleviate some of the frustration typically associated with these vulnerabilities and provide additional security. Give one of these apps a try.

Tom Flanagan is the vice president of technology at Alain Pinel Realtors. You can contact him at or @tflan on Twitter.

Show Comments Hide Comments


Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Thank you for subscribing to Morning Headlines.
Back to top
Only 3 days left to register for Inman Connect Las Vegas before prices go up! Don't miss the premier event for real estate pros.Register Now ×
Limited Time Offer: Get 1 year of Inman Select for $199SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription