Heartbleed is the nickname for a very severe bug in OpenSSL, the software used to safeguard your connection to the websites you visit.
In a nutshell, the bug allows anyone on the internet to learn anything they want from any website that uses OpenSSL (most websites).
As an example: If Google used OpenSSL, I could easily get the password for every Gmail user. Worse, I could ask any website for the site admin password, and use that to do all sorts of evil technomancy.
One of the scariest parts of this bug is that it is untraceable. It has existed since March 2012, but we have no way of knowing how much it has been abused to date. We’re still putting the pieces together (and we don’t have much to go on).
The tech industry has been in a tizzy since Tuesday when the bug was discovered, and by now most websites have been patched. However, at this point, the safest bet is to assume that some websites were compromised before they were patched, but you don’t get to know which ones.
If you use the same password on every site, then that password is no longer safe, and you should change it immediately. If you use different passwords on every site, you should still change your passwords, since you don’t know which ones may have been compromised.
How I Create Passwords (inspired by this XKCD)
1) Come up with a long-ish, easy-to-remember phrase, such as “the outlaw is the future”
2) Add the name of whatever website you’re using: “the facebook outlaw is the future”
3) Remove all spaces, and maybe add a number or some capital letters, just for good measure: “TheFacebookOutlawIsTheFuture007”
Unless you are a celebrity or have a real-life nemesis, the point of a password isn’t really to prevent other people from accessing your accounts. It’s to prevent automated hacking systems from exploiting you. So if you worry about forgetting the passwords you create, it’s not a terrible idea to write them down on a piece of paper in a safe place in your house. Seriously.
Also, it’s better to have a long password than a weird password, so go ahead and use “itsabeautifuldayintheneighbourhood” instead of “iT;Z4B3aut”.
Finally, if a site needs you to use an 8-character password, or it requires weird symbols, you’ll just have to make an exception to this otherwise wonderfully long, simple password scheme. Again, you can totally write it down (on paper in your house — not on a file on your computer).
If you have any other questions about being safe on the internet, shoot me a message on Facebook.