Is there anyone whose password hasn’t been stolen?
Apr 10, 2014, 6:19 AM | Updated: 8:38 am
There is another major computer security breach – nicknamed “heartbleed” – and here’s what makes this one so special: It’s a security breach in a widely-used type of encryption software. The very software designed to keep things like your password secret!
Which means what we have here is literally a security breach in the software designed to prevent security breaches.
But not to worry – computer experts like Wolgfang Kandek have a way for you to protect yourself. “The prudent way is changing your passwords.”
Oh – but wait, you might have to change passwords twice, because Mr. Kandek says if you change your password before the website has patched its software, even your new password could be stolen.
“If that’s too troublesome, change it after you know the website has been fixed,” says Kandek.
And how might you know when it’s been fixed? Well, the site might send out an e-mail alert – but as Mr. Kandek points out, hackers, knowing you’re waiting for an e-mail alert, might send out phony e-mail alerts.
They’d say something like, “‘You should really change your password, click here to do this.’ And it would take you to a fake site that would then capture your username and password.”
So you have no way of knowing whether by trying to protect your information, you are in fact handing it over.
So let me see if I have this right: change your password now, and then just to be sure, change them again, but don’t trust anybody who tells you to change your password.
OK!
By the way – and I quote from a security website “the best passwords are ones that you can’t remember yourself and that can’t therefore be guessed by another human.”
So that’s the kind of password you want to choose. Because the only way for your information to be truly secure is if even you can’t get access to it.