If you sensibly use a password manager, whether an online (LastPass) or offline (KeyPass) tool you will probably have heard of the security bug that was uncovered in OpenSSL, the encryption system that underpins security on countless websites. The bug, which goes by the catchy name of HeartBleed, has now been demonstrated as problematic for much of the web and the recommendation is that you change your passwords urgently. But, how do you know which site to reset first?
Lastpass has usefully added a scan to their security tools that will work through all your registered logins and tell you which of those have patched their system and updated their security certificates post-HeartBleed. It recommends you change your passwords immediately for those sites. For the others it suggests you “Wait”. Among the affected sites are Google, Facebook, Yahoo, and many others. But Apple and Microsoft do not apparently use OpenSSL and so you need not change those. There are many others that still need patching.
Of course, this whole security debacle suggests just how vulnerable the internet might be, this bug has existed for years and may well have been exploited by a third party, the NSA perhaps, for all that time. We may never know. One thing is for sure, it is best to use strong passwords to protect yourself against many kinds of attack and the likes of LastPass and KeyPass are the best way to “remember” them all without having to “remember” them…
For more detailed information about the LastPass security check for Heartbleed here.