According to a Lifelock survey, despite all the news stories about the Heartbleed security bug and how it may have compromised our online accounts, only half of us actually got around to changing our online passwords.
The survey asked a simple question: after people heard about the Heartbleed bug, had they changed their passwords for their online accounts?
Nearly half, 47%, had not. When asked why not, the ones who had not changed their passwords gave the following answers:
- 44% weren’t concerned about the security issue.
- 29% simply hadn’t gotten around to it yet.
- 12% said that the thought of changing all their passwords was too overwhelming.
Are we apathetic? Do we simply think that we aren’t affected by this bug? Or maybe we just are too busy? In any event, many of our online accounts remain at risk because half of us have not taken the simple step of changing our passwords.
A Brief Explanation of Heartbleed
Many online retailers and banks use secure websites (those that start with HTTPS) to secure data being sent to and from their websites. You can identify secure websites by the small lock symbol that appears next to them in the URL field.
The Heartbleed bug allowed attackers to decrypt and steal supposedly secure data captured in an encrypted web session. In a nutshell, this bug made it possible for hackers to steal information that was supposedly encrypted, including our account passwords. And since the flaw was undetected for nearly two years, no one really knows how many passwords were swiped during that time.
Many security experts have called Heartbleed one of the biggest vulnerabilities ever found on the Internet and urgently called on everyone to change their passwords immediately.
As many as half a million websites were susceptible to the bug, including Facebook, Yahoo!, Google, YouTube, and Wikipedia.
Changing Passwords is Not Hard, and You Should Do It Now
Even though the security flaw has been fixed, we are still at risk if we haven’t changed our online passwords, especially those critical accounts, like email, online retailers, and banks.
The best thing you can do to make sure you aren’t a victim of this bug is to stop whatever you are doing and change your online passwords for all of your online accounts, at least the most important ones.
Below are some good safety tips when choosing passwords:
- Don’t use your name, your children’s names, your pet’s name, or anything that is easily guessable, such as your date of birth.
- Randomly substitute numbers for letters that look similar. For example, use ‘@” for the letter “a.”
- Randomly use capital letters (e.g., Mod3l@F0rd).
- Use a place you love, a specific car, or a favorite restaurant.
- Use a random password generator and organizer like LastPass (https://lastpass.com/) to create, organize, and store your online passwords.
Remember, once our online accounts are compromised, we can’t put the genie back into the bottle. And if you are part of that 47% who have heard about the Heartbleed bug but not gotten around to changing your online passwords, there is no time like the present.