The highly overused “BREAKING: … ” actually fit this week’s news of the discovered Heartbleed vulnerability.
Earlier in the week, we used a couple of different verification tools to ascertain any exposure with any of our hosted certificates, found none, and notified our respective clients. It could have easily been that we had though, and this event is another reminder that absolutely nothing on the Internet is 100% rock-solid impenetrable.
However, we want to be sure you know that just because your website didn’t have the vulnerability, you’re not out of the woods. As users of the Internet, we’ll all need to go through the necessary hassle of changing your passwords on affected sites. But, since this is a recommended practice it shouldn’t be a big deal, but it is. For the next few months, the “forgot password” links are going to be the most popular around. As many of us are just getting over some hassles associated with the Target breach, this is an unwelcome activity.
Recent events like Target and the Heartbleed vulnerability, drive acceptance of more advanced security. After all, this whole password-thing is as old as knock-knock jokes. One increasingly popular security method is to use “Two-Factor Authentication” which requires the use of a second code generated in a variety of means (pre-established, SMS txt, or independent device, etc…). If your site offers it as an option, take it. It will become more of a standard; plus, it’ll keep your info much more secure.
Here are a few related links: