U.S. government paying to undermine Internet security
Julia Angwin | 4/18/2014, 12:18 p.m.
The problem is that if your passwords were hacked by the Heartbleed bug, the hack would leave no trace. And so, unfortunately, it’s still a good idea to assume that your passwords might have been stolen.
So, you need to change them. If you’re like me, you have way too many passwords. So I suggest starting with the most important ones — your email passwords. Anyone who gains control of your email can click “forgot password” on your other accounts and get a new password emailed to them. As a result, email passwords are the key to the rest of your accounts. After email, I’d suggest changing banking and social media account passwords.
But, before you change your passwords, you need to check if the website has patched their site.
If the site has been patched, then change your password. If the site has not been patched, wait until it has been patched before you change your password.
A reminder about how to make passwords. Forget all the password advice you’ve been given about using symbols and not writing down your passwords. There are only two things that matter: Don’t reuse passwords across websites and the longer the password, the better.
I suggest using password management software, such as 1Password or LastPass, to generate the vast majority of your passwords. And for email, banking and your password to your password manager, I suggest a method of picking random words from the Dictionary called Diceware. If that seems too hard, just make your password super long — at least 30 or 40 characters long, if possible.
And if you have extra money lying around, donate to the OpenSSL Software Foundation. It’s long past time for us to stop running Internet security like a Wikipedia volunteer project.