Tech Tips: Bleeding Hearts and Heartbleed

by Kari Deming

Heartbleed.  Its scarier than Y2K and Target ‘13.  Those of you who haven’t been following this latest tech scare, and/or who manually manage your username and password collection, please, read on.

Heartbleed is a hole in OpenSSL, the internet’s most common data encryptor.  Data encryption is used to scramble information as it travels through cyberspace. As Tumblr advised its users, “the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.”  Estimates are that two-thirds of all data flowing across the internet between March 2012 and last week was at risk.  Security blogger Bruce Schneider – not known for hysterics – calls Heartbleed “catastrophic” and says, “On the scale of 1 to 10, this is an 11.”

Scared yet?  I was, until about 10 minutes ago.  Why?  Because I finally took the time to put my ridiculous collection of usernames and passwords into a secure password manager.

 

Of course, I’ve known forever that I should only use a given password once, make all 7000 of my unique passwords impenetrable, and change those individual, uncrackable passwords with the seasons.  But did I do it?  No.  I run a legal hotline, moon-light at CERA, and go home at night to my better-half, three teenagers, a Newfoundland and a Ridgeback.  As with many in our do-gooder, “bleeding-heart” community, I never have time, for anything.

And yet, I know better.  I really do.  Every week, identity theft cases come through our hotline.  I’ve seen the destruction wrought and have pulled out my hair with the frustration of “fixing” the fraud.  I’ve also read the statistics:  The Federal Trade Commission estimates that 10 million people have their identities stolen every year, and that recovering from identity theft takes an average of six months and 200 hours of work.  Two hundred hours!  Today, I finally decided that sacrificing a few hours to password manager research and another few to loading and implementing my chosen password manager was a very, very smart move.

In short, a password manager is a program that organizes your passwords and PINs.  The best ones have layers of encryption and fantastic time- and sanity-saving features.  Like PCMag, TopTenReviews, CNET, 9000+ Chrome web-store five-star reviews and pretty much every techie I talked to, I surveyed the field and settled on LastPass.

 

LastPass – the “Last Password You Have to Remember” – stores your data online in a tightly encrypted manner that even the company can’t read.  It also:

  • generates extremely safe passwords
  • remembers them all
  • pops an alert if you (like 73% of us) use one password in more than one place
  • allows you to create separate identities for work, home and play
  • performs auto-logins and auto-form fills
  • can be installed on virtually any machine, tablet or phone
  • centralizes and stores your data locally – not “in the cloud”
  • synchronizes automatically and in real time, so every device is always updated
  • works with a number of two-factor authentication programs (I chose Chrome Authenticator) and
  • slices, dices and makes julienne fries.

 

Ok, not really on that last one.  It does, however, do a fabulous job of preventing hackers from slicing, dicing, julienning, corrupting, harvesting or otherwise mishandling your most personal data.  Even better?  It’s FREE.  So – go.  Research if you will (you might start here or here), or go straight for a download.  Either way, do it now.  Don’t be one of the 27,397 people whose identities will be stolen tomorrow.

 

Leave a Reply

Your email address will not be published. Required fields are marked *