Major technology firms have urged Internet users to immediately update their computer and phone passwords due to a catastrophic security breach. This is due to an internet bug called ‘Heartbleed’, which is can bypass computer security settings.
A password which is in any dictionary will take just three minutes to crack. Among the worst ones are ‘password’, ‘123456’, ‘qwerty’, or a name. Even more vulnerable to hackers is same password across all sites.
Instead using a phrase or a mixture of letters and numbers is advisable. A phrase like ‘name is anita’ can be used for password like ‘name!san1ta’ would take a year to crack.
OpenSSL, the software used by the many websites to keep data secure is used by the Heartbleed bug to create a ‘bleeding’ leak of security. The bug was disclosed on Monday night after it was found by a Google security researcher and a Finnish security firm Codenomicon.
The patch has been installed by many companies but still those that have not installed are vulnerable. The bug was undiscovered for two years and it is not known whether hackers have used it before.
Yahoo!, who was one of the worst affected sites posted a warning on their Tumblr site saying that all the private information like passwords, personal emails, and credit cards were actually accessible inspite of the trusted security icon.
A spokesman for Codenomicon said that because of the vulnerability, it is a good idea to change the passwords on the latest web portals. Many banks have not yet given comment on whether the passwords should be changed or not.