NORMAN — Are you in the habit of regularly changing the passwords for your online accounts? You should be — changing passwords regularly is a required part of every wise Internet user’s safety routine.
The reason for changing online account passwords is simple: the Internet bad guys are always stealing somebody’s password. A few here, a few there, sometimes by the hundreds or thousands, sometimes in batches of a million or more. The crooks can’t use or exploit all those passwords at once, though, so they store away the bulk of them to be used in future crimes.
Hopefully, by the time they get around to trying yours, you have changed it and it’s no longer valid.
“Curses,” you hope they will say, “Foiled, again.”
Just in case you need more motivation to change your passwords, here’s the latest, extra reason: Heartbleed.
If you’ve seen or heard the news this past week, and the reports were at all accurate, you know that Heartbleed is not a malady that afflicts the human body. Instead, Heartbleed is the latest programming flaw and security hole that could allow the bad guys to steal your passwords.
In a nutshell, Heartbleed is a mistake, a programming mistake in an encryption program called OpenSSL. SSL is the major protection scheme used by online banks, stores like Amazon and email services like Yahoo.
When you go shopping, banking, Facebooking and emailing on the Internet, SSL (Secure Socket Layer) is what provides the “https” in the address and the little lock symbol that’s supposed to indicate you are using a safe, secure connection.
OpenSSL is one of the most widely used versions of SSL out there, and it’s the one with the Heartbleed problem. Affected major sites include Facebook, Instagram, Tumblr, Google+, Gmail, Youtube, Yahoo, Godaddy, Etsy, Intuit, Turbotax, Yahoo Mail, Netflix, Pinterest, Dropbox, LastPass and thousands more.