Heartbleed and your passwords

The recent 'Heartbleed' security flaw has exposed millions of Internet users to a greater risk of having their accounts compromised.  There is a long list of sites that have been exposed by this security flaw including some big names like yahoo.com, flickr.com, rollingstone.com, economist.com, lonelyplanet.com and kaspersky.com.

If you have an account on any of these Internet sites, you should immediately change your password.  Ideally you should not use the same password on multiple Internet sites.  I also recommend that for high value accounts, such as Internet banking, that you use a more complex password that is not used elsewhere.

Since the announcement of this security flaw the Administrators for these sites will have been madly applying the security patch to close this vulnerability.  However it is possible that some of the smaller sites are not being well maintained and could take a little longer to patch.

If you want to check if any of the Internet sites you currently use are still exposed to Heartbleed you can install the Google Chrome extension called, 'Chromebleed' which checks the site for the Heartbleed vulnerability when you access it.  Unfortunately if the site is still vulnerable, it is possible that your account on that site will be or already has been compromised.

With so many accounts to manage you need a secure way to manage them.  An encrypted password manager can be a highly effective way of managing all of your accounts.  You do need to protect access to your encrypted password manager with a complex pass phrase.  The encrypted password manager that I recommend is the free open source application called Keepass, available from keepass.com.