Tuesday, April 15, 2014

Password Management and the Heartbleed Bug

You may have heard of the Heartbleed Bug. Here is the article about it on Wikipedia http://en.wikipedia.org/wiki/Heartbleed_bug

The Heartbleed Bug could allow a hacker to access all of your passwords. Experts in cryptography have called it catastrophic and rated it 11 on a scale of 1 to 10. Big companies like Facebook, Google, and Yahoo are plugging that hole and taking care of the bug, but since the problem has been around so long (maybe 2 years) your password may already be compromised.

In order to avoid any problems you need to change your password on all of the sites that you use. That is an overwhelming thought. 

PASSWORD MANAGEMENT SOFTWARE

I looked into Password Management Software. This type of software is often called a vault because all of your passwords are stored behind one strong password which is the ONLY one you will need to use. The software automatically gets you into sites because it knows your passwords. NO ONE except you knows your Master Password. It is not stored on a server somewhere. Even the company does not know it so if you forget it you also lose all of your other passwords. 

I also decided to read about the safety of using this software. What if someone figures out my ONE difficult password?  Then they will have access to all of the others. The articles that I read said that this will not be an issue. Dealing with passwords this way is MUCH safer than using the same password for many sites. 

HOW I SET IT UP


With Dashlane I first went to their site and downloaded the program to my computer. Next the program looked through my computer to find any passwords that were automatically saved in the computer. There were several. It automatically added them to the list. I tried out each one and found that some of them did not work or were for old things that I do not use anymore. 

It was easy to click on the gear icon and then delete these with the trashcan at the bottom of the window that popped up. 

On the other sites I followed the directions for "forgot my password" and then did what they said in order to reset my password. When I clicked on the space to put in my new password a window popped up and Dashlane offered to generate a strong password for me.
I clicked to indicate that a secure password should be generated and then I closed up the site and tried to access it again. It was great! Dashlane did everything and I was logged directly into the site!

It took a while and some trial and error, but now I am set up with Dashlane for several websites. Now each time I go to a different site where I need a password it will be generated and added to Dashlane!  I just have to remember the one difficult password that I start Dashlane with. It is not saved anywhere, so if I forget it I will loose all of my other passwords and need to start again! I am going to put it somewhere I will not lose it.


Here are several Password Managers to choose from:

Dashlane - So far I like this one. It was recommended on many sites.
http://www.dashlane.com

LastPass - I think this one is the most common. It is very good and it is inexpensive to connect your accounts on your iPhone or iPad so that they all sync together.
https://lastpass.com/

Norton Identity

https://identitysafe.norton.com/

RoboForm Everywhere
https://identitysafe.norton.com/

1Password
https://agilebits.com/onepassword

StickyPassword
http://www.stickypassword.com

5 comments:

  1. You can also try Sticky Password. I use it for many years and I am absolutely satisfied. http://www.stickypassword.com

    ReplyDelete
  2. Thanks for your suggestion. It comes up highly recommended when I do a search for reviews. I will put a link to it in the list

    ReplyDelete
  3. Great post! :) Very true indeed. As a safety measure for Heartbleed bug, it was suggested by many people to change all the passwords but it gets overwhelming if it is to be done without a list. Password manager does the perfect job in such times. I would also add Password Depot to this list. I have been using it for long time. Never have to worry about any security threats. Create a strong master password and that is it, you are safe :) There are so many features provided by it that I can't possibly mention in one comment, so check it out here http://www.password-depot.com/overview.htm

    ReplyDelete
  4. I just saw this so my apologies for this late entry. I was just wondering whether it would be safe to have all my codes in one place. I think I prefer your other idea about having some places with one pw and other places with a different one. So sites that would need higher security like your checking/epal/webmail accounts, etc. would have the more complicated pw's and those that are considered more frivolous (like Pinterest or Delicious) could have something simpler. No?

    ReplyDelete
  5. Password managers are set up so that the ONE password that you access your account with is not recorded anywhere, so it cannot be hacked. Since there is only one password you can remember it and it will create really tough passwords for the other sites since you do not have to remember them.

    Dashlane logs me into sites automatically. It is great when I am on my computer. So far, it does not do the same thing on my iPad or iPhone. When I want to go to a site with a password I need to get there through Dashlane OR open Dashlane and copy the password and paste it into the other site. It is kind of a hassle, but not too bad.

    I have learned that I always have to remember my iPhone when I am going somewhere to use a computer. If I need a password I can go to Dashlane on my phone and view the password so I can type it into the computer. It takes some getting used to.

    ReplyDelete