April 2014 saw one of the largest ever personal security breaches. The Heartbleed bug made headlines around the world when it was revealed that a security flaw at the heart of the Internet had potentially exposed users’ personal information and passwords to hackers for the previous two years. At the time, half a million sites were thought to be affected, which gives an idea of just how many people globally were at risk.
It was so impactful that it spawned its own website, Heartbleed.com, and has now become a benchmark of the scale of hacks. Just last month, two new bugs were discovered which were serious, but the terminology to describe the severity of it was ‘high, but no Heartbleed.’
> See also: 3 months on: the true impact of Heartbleed on the enterprise
The result was that it thrust the issue of password security into the limelight and truly held a light up to the dangers of users deploying weak passwords across their personal accounts. So did the global coverage of Heartbleed result in Internet users sitting up and paying more attention to the dangers of weak passwords and, more importantly, did they act on it?
Worryingly, it appears that the vast majority of consumers have not made any changes at all. We carried out anonymised research of the world’s top 100 websites and were able to examine how many password changes had been put into effect in the past year.
On average, only 6% of consumers took the decision to change their levels of password security. Alarmingly low. The same also goes for internet users across the pond in the US, with a recent poll reporting that a shocking 87% of online users have not even heard of Heartbleed.
At the same time, hackers are undoubtedly becoming more sophisticated, meaning the simpler the password, the quicker hackers can get access to key personal information. And if the same password is used across a range of sites, the potential damage is amplified significantly. The result is that, despite the biggest breach in living history, the threat is still there and greater than ever.
There is also the element of control to consider. A recent article in Wired estimated that 90% of the world’s online data has been created in the last two years, which gives great perspective as to just how much we now live our lives online. When you couple this with the fact that recent research has revealed that over half of Britons do not feel in control of their online their online lives, it demonstrates there is clearly an issue to be solved.
So what can users do to ensure they do not fall foul to external threats and prevent the next Heartbleed?
Heightened password security is a necessity. Many users still have eight number or letter passwords. An eight-number password has roughly 100,000,000 different permutations. That might sound a lot, but it takes a computer only three minutes to crack. Compare that with eight alphanumeric case sensitive characters?
That yields 218,340,105,584,896 potential options and 14 years to find. Having different passwords for different sites is also essential. The aforementioned research revealed that only 30% of Britons have different passwords for each online account. Mixing it up makes it considerably more difficult to hack a portfolio of information.
> See also: Heartbleed: don’t blame open source, blame the people
Admittedly, it would be near impossible to remember a different alphanumeric password for every single website you have registered for. This is where password managers can be invaluable. They can generate random, alphanumeric passwords for each site you are registered with and store them in a hugely secure vault, bolstered by military-grade encryption. They go a long way to allaying the fears that currently exist in the light of the likes of Heartbleed.
Hacks are always going to happen in the digital age. One year on from Heartbleed, thankfully we haven’t seen anything on the same scale. However, that is not to say we won’t experience another iteration in the coming months and years. Consumers need to ensure they are secure when such an event occurs. The sooner the public ups their security, the more likely we are to prevent another Heartbleed.
Sourced from Emmanuel Schalit, CEO, Dashlane