When news of the Heartbleed bug broke, businesses were scrambling to fix the issue. However, once the vulnerability is patched, there is a second step some users may be initiating now – changing their passwords, writes CHRISTOPHER POGUE.
The Heartbleed bug has been infecting OpenSSL versions released since March 14, 2012, meaning criminals had more than two years to exploit it and steal your passwords. That is why now, after the patches have been applied, users should change their passwords. But, instead of falling back into the old habits of “Password1234,” why not start fresh and implement a strong complex password?
As revealed in the 2013 Trustwave Global Security Report, “Password1” was the most commonly used password used by global businesses in 2012. Of the three million passwords our experts analyzed, 50% were using the bare minimum complexity requirements. And, weak passwords continue to be a problem. When our forensics investigators are called to look into the cause of a data breach, the majority of the time the initial point of entry is tied to a weak password.
It is time for a change and the Heartbleed bug gives us all the opportunity to do it now. Here are some helpful tips to help you create a complex password:
Passwords once thought to be complex enough to make cracking improbable are now able to be cracked in hours or days. This requires users and administrators to rethink how they create passwords and how users are educated about password security.
* Christopher Pogue is the director at Trustwave
* Follow Gadget in Twitter on @GadgetZA