Passwords are valuable bits of data and with headline news announcing the Heartbleed bug during the first week of April, now is the time to consider managing your passwords more efficiently.
Since MyExpensesOnline does not use the OpenSSL implementation, the expenses software was never affected by the Heartbleed bug.
What is the Heartbleed bug?
The Heartbleed bug is a security vulnerability found within the open-source OpenSSL cryptography library used by two-thirds of all websites on the internet. OpenSSL is an open-source implementation of the SSL and TLS connections. The bug was introduced through an update issued two years ago, it was then identified by a security company called Codenomicon who accidentally stumbled upon the bug during the first week of April whilst improving their own software.
The vulnerability allows anyone to exploit the bug and steal up to 64kb of an applications memory content which includes passwords, online chat messages and emails. This severe memory handling vulnerability only affected websites and applications which were using the OpenSSL versions 1.0.1 through to and including 1.0.1f. OpenSSL have since released 1.0.1g patch, in order to close and resolve the vulnerability.
The 64kb limitation however can be broken by reconnecting to the TLS connection or requesting a new set of random 64kb memory content, both of which can be setup using a piece of software to automatically request the memory content until all the necessary secrets have been gathered.
What you can do to manage your passwords efficiently?
There are a number of ways to manage your passwords efficiently including using a new password for each service/site you use, however you are more than likely to forget the majority of these passwords or even your username.
You could use the old fashioned notepad to store your passwords however one day you may lose or misplace the notepad. An alternative way is to use the notepad software built into any computer. The downside to using both of these methods is that they are not protected by unauthorised access.
There are a number of downloadable password management software which you can use to create unique passwords and store them in a small database which is stored locally on your computer or on a USB stick. The database created via any password management software can be password protected, the database which stores your password will only be accessed by yourself.
Are you using alternative methods of managing your passwords or are you still using the notepad and pen method? Let us know in the comments below.