Heartbleed Aftermath: When changing your password is not enough
Many companies have scrambled to make security updates in the Heartbleed aftermath and many users have changed the passwords to their accounts. Do these security measures mean your information is secure?
Our reliance on using the Internet to navigate our daily lives coupled with flaws in our primary defense, passwords (which are notorious for being hacked) has left us exposed.
Hackers range from those hired by the Chinese government to spread viruses to a run-of-the mill hacker looking to assume your identity for financial gain. In the face of such threats, what’s your best line of defense?
Some businesses and individuals might be tempted to go offline to protect their information. Of course, this would forfeit numerous advantages and conveniences related to Internet use that most people have integrated into their daily lives.
Are those who opt for convenience also opting for less privacy? What lessons should be learned from the Heartbleed security bug?
Heartbleed exposes a security flaw
Heartbleed is a security bug that has gone undetected for two years and has far-reaching affects. It was deemed as catastrophic and the “worst vulnerability found since commercial traffic began to flow on the Internet,” according to a leading security columnist.
The security bug affects websites using certain types of encryption and is used by millions of Internet users across the globe. Encryption allows for secure transmission of private information, such as passwords and usernames. An estimated 66 per cent of websites could be running servers that are affected by Heartbleed.
Many types of encryption are now hackable which means that your passwords may no longer be a secret.
Are passwords protecting us?
Although, numerous security updates have been made to address the data breach, a future major security breach is eminent, which begs the question: Are we too reliant on passwords?
Passwords are used to protect our information from banking and credit cards statements to private correspondence and confidential client information.
How do we secure personal and professional data if passwords are constantly being hacked? Perhaps it’s time to replace the password.
Passwords may quickly become a thing of the past because they are becoming increasingly ineffective. Even if we did use highly complex and unique password for each of our online accounts and regularly changed those passwords, we are still exposed.
Biometrics as a solution
Fingerprint scanners that are available on some smartphones offer a significant step in the direction to replace passwords and have had some success. It’s also been offered as a more secure way to make payments through PayPal.
Although the Samsung Galaxy S5 and iPhone 5S fingerprint scanners have been hacked, mostly by white hackers exposing its vulnerabilities, there are pre-emptive security updates that are being developed to help fingerprint biometric security gain traction.
Companies are experimenting with what a future without passwords might look like. Google imagines a world where we can login to devices using our face or even a pill that’s designed to transform our body into a password.
Other players are experimenting with voiceprint, retina scanners, and vein pattern recognition in a move to make our confident information more secure online and prevent the next generation of Heartbleed bugs from reeking havoc with our privacy.