A little more on Heartbleed and passwords


Despite the name no blood was shedded by a lot of digital ink was used to cover this security breach. Few days back, even I had reported this. Have a look at my previous article if you need to refresh your mind about the topic ;).

As nothing sales better a paper than the announcement of a catastrophe, alarmist title sprawl accross the web. Of course a lot of laymen may start to doubt about the security of their account on the web. Some really sensitive sectors like iGaming decided to clarify the matter for their reader by interviewing CTO of Super Lenny, the latest casino of BetIt Group. Leon Telander explains how they dealt with the matter with the assurance of a professional knowing exactly what he is doing. You can read the full paper here.

Some have compared the media coverage of Heartbleed with these of the so called 2k bugs. [Remember the time where the media predicted total chaos because the database system were not meant to manage the dates beyond 1999 and would reset to 1900 instead of continuing to 2000?] in a smilar fashion, the heartbleed security breach has required a lot of work from the IT people around the world but will have allmost no impact for the end user, except changing the password of their various and numerous account.

Now that, most of the service providers have updated their SSL, you need to update the password on these websites.

Microsoft has an excellent article about how to set a strong password, easy to remember.

In case you don’t want to bother yourself with remembering 10 different variation of your password for your twitter/Facebook/gmail/Spotify/etc… You may want to use a secure password manager like LastPass. And last but not least, to have a little laugh: the top of the worst password, based on SplashData 25 top Worst Password of 2013. Remember, those are examples not to follow!

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. azerty