The recent of announcement of the Heartbleed bug caused mass confusion and panic across the Web. Although there are still some websites that are vulnerable to the exploit, the majority of the Web’s most popular sites have been patched.
Encryption and computer security can be complicated stuff, and there are experts in the field who can discuss the topic more intelligently than me. However, now that the dust has settled and the servers that power the Web are on the mend, let’s take a look at the Heartbleed bug and break it down into a palatable manner.
The Heartbleed bug is a flaw in the OpenSSL cryptographic software that allows the bad guys to steal information such as passwords that are typically protected on servers. The vulnerability has existed since 2012 and does not affect individual computers. Security experts have estimated that as many as half a million websites were utilizing OpenSSL. It’s a scary situation because the ordinary consumer is defenseless.
The patch to fix the security vulnerability was updated before the news broke, and many organizations implemented the update and replaced their SSL certificates. An SSL certificate is a piece of code that runs a server and protects communications. Once a website patched the exploit, users were encouraged to change their passwords.
However, this wasn’t properly communicated and created mass confusion. In some cases, changing a password to a website that hadn’t executed the patch actually made a user even more susceptible to a security breach.
As Joseph Steinberg, cybersecurity expert for Forbes, so appropriately wrote: “Since criminals now know about the vulnerability, they are certainly scanning for it and seeking to exploit it. If a site has not yet applied the patch and someone changes her password on that site, criminals may obtain her new password.”
The recommended approach is to change your password on a website after the organization states that it has executed the patch and updated the SSL certificate. Mashable compiled a helpful list of websites and their current status. You can review the list here.
Real estate professionals utilize a plethora of Web-based services: email, broker tools, social networking, cloud platforms and more. Passwords to all of these services need to be unique and strong. However, keeping track of all these passwords and having to change them every time a crisis like the Heartbleed bug happens just plain sucks. Enter: a password manager.
What is it?
A password manager is a software application that stores and organizers your passwords, PIN numbers and other sensitive information. They can be local software that is installed on your computer or Web browser.
How does it work?
Essentially, a password manager securely stores all of your passwords in an encrypted file. You need a master password to access the file and application. In some apps, information is encrypted and decrypted on your machine or device before the data is synced.
What is the value proposition?
Besides safely storing your passwords, a password manager can auto-fill Web forms for you, generate secure passwords, and some can even store credit card information. Also, certain apps work on all devices: desktop, smartphone and tablet. However, they really excel at helping you change your password when an annoying security breach hits the Web.
Here are three apps to safeguard your passwords on the Web:
LastPass is a popular app that works with your browser. You simply create an account with a master password and follow the setup guide. LastPass is free to use on the desktop (Mac, PC and Linux) and supports all of the popular browsers. A premium package is available that includes mobile support for $12 a year. Mobile support includes: iOS, Android, Windows Phone, BlackBerry, and more. I was very happy with LastPass, and the app worked flawlessly on my MacBook with Chrome and Safari.
You can learn more here.
1Password is the password manager that I’m currently using. It’s a local piece of software with an elegant design. Like LastPass, it works with your browser of choice as well. As the company says on its website, “a single click can open your browser, take you to a site, fill in your username and password, and log you in. It’s the fastest way to work or play.” 1Password is available for the desktop and mobile and includes a variety of pricing tiers starting at $24.95. The app is available for Mac, Windows, iPhone, iPad and Android.
You can learn more here.
KeePass is an app my colleague recently recommended to me. It’s a free, open-source password manager — no frills and super simple. KeePass will definitely be a big hit with geeks in search of the right password manager.
You can learn more here.
The Heartbleed bug certainly won’t be the last security exploit to wreak havoc across the Web. A password manager can alleviate some of the frustration typically associated with these vulnerabilities and provide additional security. Give one of these apps a try.
Tom Flanagan is the vice president of technology at Alain Pinel Realtors. You can contact him at firstname.lastname@example.org or @tflan on Twitter.