Oh boy, there is a lot of noise on the internet about something obviously very critical, yes even dangerous, and it affects everyone’s (!) lives (on second thought, perhaps not the lives of people that have no internet, power, even toilets). The problem is, how do you explain something as serious as Heartbleed to people less involved with technology? Like your mom for example. Let’s try and look at things overly simplified to make a point.
Why you should treat your password like your partner
Imagine you are not alone. Imagine you have a significant other, a partner with whom you share pretty much everything. You share your secrets, your desires, even your money. Now you have the luck to experience the entire whole wide world with him or her or it.
One day you discover, that your partner has betrayed you. They shared a secret with someone else. They gave your money to a friend of theirs. Perhaps they even slept with someone else. Now what is the correct reaction? Being a Christian your perhaps inclined to forgive them and stay with them. However, things will never be exactly the way they were before. You just cannot be sure what they will not do it again, spend your money elsewhere or even sleep around. This insecurity is like playing the lottery. You might be right to have faith, but how goes the old saying:
Fool me once, shame on you. Fool me twice, shame on me.
As a consequence the logical thing would be to break up to prevent future incidents from happening. It’s the rational choice. Usually we do not take this drastic step with the ones we love if we are deeply attached.
What’s the connection to Heartbleed?
A jolly good question. Do you consider your password (I use the singular here, but by all means I hope you practice polygamy when it comes to this topic) to be your partner? For better and for worse until death does you part? Well, Heartbleed shows that potentially your partner has leaked information for the past two years. Anything you associated with your password (think: credit card number, bank accounts, mail addresses, twitter handles) could have been silently harvested by evil-doers without anyone noticing. This should at least wake you up – passwords are not partners! Don’t grow too fond of them and stick with them for life!
Granted, my analogy is faulty in so many ways. We don’t even know whether our
partners passwords have actually betrayed us. There might be a chance they didn’t. But since we are not talking about people but simple passwords you should take the plunge and dare change your password you used since 2002 because it is just so easily memorable and can be typed quickly into your iPhone for all purchase in the Apple Store.
Key take aways
The lessons to be learned from this for the average user on the internet are:
- Your password is not your significant other!
- Practice polygamy and use different passwords for different services.
Still valid but not so obvious here: Do not write passwords down and do not use simple passwords. Make up your own and regularly change them. Too complicated? No way, just take the beginning letters of a poem or song or famous movie quote you like, throw in some numbers and special characters and you have something you can memorize and use securely. Like this one:
This is the beginning of Walt Whitman’s The Road not Taken with a reminder that I turned 36 in 2013 added. (“Two roads diverged in a yellow wood, And sorry I could not travel both”). Takes roughly 94 sextillion years to crack with today’s desktop PCs (without the comma you are still at about 5 quintillion years, so much safer than honeybooboo2014, which will be cracked in a million years already).
Go change your passwords everywhere. Now. And from now on regularly. Especially if you do not want anyone else to be able to access your accounts.