*Editorial Note: This content is not provided or commissioned by the credit card issuer. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
This article was last updated Apr 16, 2014, but some terms and conditions may have changed or are no longer available. For the most accurate and up to date information please consult the terms and conditions found on the issuer website.
Consumers have a new security vulnerability that is extremely worrisome, fast on the heels of several frightening data breaches including the one at Target stores that involved the theft of millions of credit card numbers. Computer experts in Finland, along with technicians at Google, announced that they have discovered a major security gap dubbed “Heartbleed.”
What really distinguishes this threat from those seen in the past is that it cannot be fixed with anti-virus and malware-prevention software. That’s because the crack in the security system is not actually a virus, contrary to many erroneous news reports from misinformed journalists. Instead, it is a security gap that has the potential to be exploited when visitors to websites type in their confidential passwords or financial information. Basically if a bad guy is watching at the same time that you log onto a site or enter a password or credit card number, they have a window of opportunity to quietly capture that information and use it to compromise your financial security or steal your identity.
According to a news broadcast on ABC TV on April 10th, the bug has the potential to impact security for secret passwords on major websites such as eBay, Amazon.com, or the sites operated by banks and credit card companies.
How Heartbleed Works
Some security professionals believe that the Heartbleed bug has the capability of harming as many as 75% of all web servers. That includes email accounts, social media networks, and even private workplace networks that you might use as an employee of a larger corporation.
Internet service providers have a responsibility to install a patch to seal the security gap and eliminate this vulnerability. Forbes.com says that consumers should contact their providers to find out if the patch has been installed and tested.
In other words, the sites themselves have to fix the bug from their side, so merely changing your passwords will not keep your information safe. Until these sites have installed a proper patch to fix the bug, these thieves could simply steal your newly created passwords. Site administrators should reinforce their websites as soon as possible and acquire new security certificates to verify that they are free from any problems.
Helpful Tips for Creating Stronger Passwords
Once the site has dealt with the vulnerability, however, you should definitely consider updating to all new passwords for each of your accounts – just to be on the safe side.Sites you visit that do not require the use of a user name or password are considered safe, like those that you may go to in order to browse or read without registering as a visitor.
The more you incorporate a combination of numbers, letters, and symbols (such as #, $, %, @) into your passwords, the stronger and harder they will be to hack. The problem, of course, is that memorizing lots of complex passwords can be really difficult, especially when you follow the recommended practice of using a different password for each account. Writing them down is not a good idea, because then anyone who finds them can steal them.
Here are some hints for making it a little easier to recall those passwords you should carry around inside your head:
- When using symbols and numbers instead of easier to recall letters of the alphabet, try to substitute symbols or numbers that bear a good resemblance to letters.
- You can replace the letter “a” with the “@” sign, for instance, or use the number 1 in place of the letter “I” which looks a lot like a 1. You might want to use a “3” in place of the letter “E” or a zero instead of the letter “O” as another way to switch out a number for a letter that has a somewhat similar shape.
The best passwords contain at least 12 or 13 letters, digits, or symbols, so it is advised that you try to use passwords that are long strings, not short and simple codes.
The Good News
The good news – if there is any– is that the computer security engineers who found out about the Heartbleed bug do not know if criminals learned about it beforehand. They hope that the flaw in the system went undetected, so that no bad buys exploited it to take advantage of consumer data. For now, however, it is too soon to know which is why computer experts strongly recommend that everyone immediately change their online passwords.
For More Technical Details
Mashable just published a great article about what accounts were affected, if you need to change your password yet, and what the company has reportedly found on the Heartbleed Bug. To learn more about the bug and the highly technical aspects of Heartbleed, an article published on the online portal for Time Magazine explains that you can visit Heartbleed.com, a website devoted to this disturbing problem. Be forewarned, though, that almost everything on that site is in advanced computer jargon that may be hard to follow for the average consumer who doesn’t have an advanced background in computer engineering.