Passwords and Heartbleed

Yahoo! sent an email yesterday indicating that because of the Heartbleed vulnerability, my account was being locked and I needed to go through a process to change my password. I am a heavy Flickr user so this required a response. I was initially skeptical because of the built in form, but I then tried to connect directly to Flickr and found that I was indeed blocked and the same form appeared. Changing passwords is a hassle. I explore so many services using so many devices that any adjustment even for one account requires considerable effort. I am guessing I will have to now update a dozen devices (phone, ipads, desktops, laptops) in order to access my Flickr account. I know, I know – I should be a model of sound security practices. I also should not complain for what my son refers to as a “first world problem” and appreciate I have this number of devices. Still …

I do use multiple passwords limiting the damage I would experience should one of my passwords become known. My Google resources are protected by two-factor authentication (I receive a passcode on my phone when I attempt to connect from a different machine, a different location and some other unknown situations I have yet to figure out). I also understand there are ways to use a one password system that controls multiple passwords for individual accounts, but these systems scare me and I am afraid to place all of my accounts under the control of a single company.

Anyway, there is a way to check for the Heartbleed vulnerability – https://lastpass.com/heartbleed/ (lastpass is a provider one of the one password solutions I describe above). I tried the technique on a server I use and discovered the following: Screen Shot 2014-04-14 at 12.20.45 PM

Time to make some more changes.

This entry was posted in Uncategorized and tagged . Bookmark the permalink.