Anyone anyone clever enough to count to 10 will be able to steal your password.
Starting our fourth decade: Al Fasoldt's reviews and commentaries, continuously online for 30 years


Heartaches, heart-stoppers and Heartbleed:
A big bad bug is forcing you to change your passwords

May 4, 2014

By Al Fasoldt
Copyright © 2014, Al Fasoldt
Copyright © 2014, The Post-Standard

A big bad thing happened to the Internet while we were looking the other way. Somebody found a bug in the way Internet connections work. It's a dumb, totally stupid and completely insane bug, and it's also very, very dangerous.

It's called the Heartbleed Bug. It allows the bad guys to steal your passwords from many of the most popular sites on the Internet. The bug doesn't take rocket science to exploit, and anyone anyone clever enough to count to 10 will be able to view (and, of course, steal) your password.

Rather than trying to figure out all the thousands of sites hit by the bug -- a task that is sure to be incomplete and therefore misleading -- let's assume the worst. Let's just imagine that everywhere you go on the Internet, your password is toast.

And that means you've got to do something to protect yourself.

Look at it this way. If the cops told you a gang of burglars had skeleton keys that could unlock all the doors in your neighborhood, you'd quite naturally change the locks on all your doors.

That's what you have to do. You change the Internet equivalent of a lock. You change your password. For each site.

Each site handles this a little differently. Amazon doesn't do it the way Facebook does, for example. You'll have to sign onto each website you use and look for "settings" or for a term that means the same thing. Help menus can actually be helpful for this.

Now we need to digress. Remember when your second grade teacher told you to wash your hands before you came back from the bathroom? When the sign in your hotel room reminded you to put your valuables in the safe?

Those are called precautions. The most important precaution you can take when you use a website is a good password. Not just a password. This is possibly the most important thing you'll learn this entire year.

You need a password nobody could ever guess. One that's as uncrackable as possible.

Oops. I forgot to tell you the rest of the story. You absolutely must use a different, unrelated password for every site and every service you use. If you don't want to do that, you should stop using the Internet. That's the choice you have in an era when the bad guys are winning.

Each password should have random characters. Never use names or common words. Just have fun creating nonsense strings of characters and WRITE THEM DOWN. Not in your computer, of course. Write them in a little notebook and hide it under the mattress, that kind of thing.

Always use at least one space in your password whenever possible. (Some sites might balk at that.) Always use odd punctuation marks. Always use numbers.

Here's an example: "),9j%.c= 6h!s." This is absolutely unguessable, and even if a computer tried every possible combination of characters, letters and numbers to figure out this password, the effort wouldn't be worth the many years of trying; the bad guys would just move on to passwords other people use -- you know, ones like "12345" and "password." (Yep. Those are the two most common passwords in use today.)

You won't have to memorize any of your passwords once they have been used a couple of times. The websites you go to will remember them for you, or your computer, phone or tablet will do the same thing.

Just make sure you don't write them down where they can be seen by someone who breaks into your computer or other device. Stuff you keep on your computer is valuable; treat it that way.