Heartbleed's silver lining: New passwords!
The security flaw got more consumers to change their passwords and start using two-factor authentication
IDG News Service - When's the last time you thought about using different passwords for different websites? Perhaps after a bug called Heartbleed started crawling around them.
Earlier this month, reports about a major vulnerability in the Internet known as Heartbleed spread like wildfire. It was complicated for people to understand: a change long ago in OpenSSL, an open-source cryptographic library, that left encrypted data vulnerable to theft. But that didn't stop people from taking action in response, or at least giving more thought to online security.
Internet users who previously may not have given much consideration to their online passwords are now changing them, and even enabling two-factor authentication, since Heartbleed was exposed.
Heartbleed was a bug in OpenSSL, introduced in a new version of the software at the end of 2011, that under some circumstances allowed Internet attackers to steal data from the memory of a server in 64KB chunks. That data could include passwords or encryption keys, which could then be used to break into users' accounts or even make malicious sites mimic real ones and collect usernames and passwords. Two-factor authentication, which forces users to give two separate pieces of information for access, can help to protect users against such attacks.
The Heartbleed scare seems to have made Facebook users, at least, smarter about security. Following the Heartbleed disclosures, Facebook saw a spike in password resets and enrollment in Login Approvals, Facebook's version of two-factor authentication, a spokesman told the IDG News Service.
It appears that many people are taking the disclosure seriously and taking steps to protect themselves, he said.
A range of other Internet companies large and small declined to say whether they had seen more password changes or use of two-factor authentication. A lot of the companies, including Google and Yahoo, say they have since patched their services, though it's not always clear how vulnerable each company's services were in the first place.
That uncertainty may have increased the use of password services software. One password management app, 1Password, skyrocketed in popularity from the low-200s to the top 10 in Apple's App Store in the U.S. shortly after the Heartbleed disclosures, according to its developer, AgileBits.
But people's heightened awareness around security may only last for so long. The 1Password app is now ranked 67th in Apple's store.
"Heartbleed has gotten into the forefront of people's minds," said Mike Lloyd, chief technology officer at RedSeal Networks, a security analytics service provider, "at least for a while."
Security experts and services firms wouldn't estimate how many users changed their passwords or started using two-factor authentication on the major online services. But they said they have noticed a new enlightenment in people -- even non-techies -- around security.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Cybercrime and Hacking White Papers | Webcasts