Heartbleed Should Motivate You to Get a Password Manager

The Citizen's Guide to the Future
April 10 2014 4:33 PM

Heartbleed Should Motivate You to Get a Password Manager

keys
Lock your passwords away and make them easier to manage all at once.

Photo from Shutterstock.

You've probably heard about Heartbleed by now. It's big, bad wolf of an Internet security problem. And though it's mainly server managers who have to take steps to fix it, you can manage your passwords to help protect yourself.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

The strangest thing about Heartbleed is that changing your password on a particular site only gives you more protection if that site has already applied to the Heartbleed patch and resolved its vulnerability. If it hasn’t, changing your password in advance could theoretically put you at greater risk. Heartbleed is a vulnerability in a server's memory (RAM), not its data storage, so a hacker has access to things that are being called up by the server not everything that's stored on it. That means that the hacker could ascertain your new password, too.

Advertisement

Lists, which are being frequently updated, can tell you which websites are vulnerable and which have been patched. Once a site is no longer vulnerable, it's time to change your password. You're going to have to do this on a lot of sites, so this is the perfect time so start using a password manager.

A password manager helps you generate random, strong passwords so you don't have to think of them yourself. Then it stores your login information for every site you use, autofilling a password whenever you need one. You don't need to know or remember your passwords, because they're all stored and protected behind one master password that you make extremely strong and unguessable. I use 1Password, and my master password is a fairly long sentence (without spaces) that includes alternate spellings, numbers in place of certain letters, and punctuation.

I’ll admit it. I kind of hate using a password manager. Setting it up is tedious, and it’s a little unsettling to never know any of your passwords. It doesn't matter so much when you're on your personal computer and have 1Password (or your password manager of choice) running, but when you're using someone else's computer, you have to use a an app to check your password for any site/service you want to log into.

Password managers aren't about fun, though. They're about proactively protecting yourself from much more annoying, and potentially detrimental, problems down the line if your personal information gets hijacked. And they do offer a lot of useful features like super secure notes and a password generator. Many even incorporate two-factor authentication, and in our leaky digital world, it's reassuring to use a service whose only priority is security.

For example, after Heartbleed was disclosed, LastPass wrote in a blog post that it used the OpenSSL version that contained the vulnerability, but that its users shouldn't be affected at all because the company encrypts all data before sending it. This means that even if a hacker were monitoring LastPass servers, all she would be able to see would be encrypted code. And now LastPass has added a service that checks any site's Heartbleed status so people know when to change their passwords. The company also reiterated that there is no reason for LastPass users to change their master passwords, though they can if they want to take extra precautions. Useful information, and relevant services, that's what you want!

Good options for password managers include LastPassDashlane, 1Password, Roboform, SplashID, mSecure, and KeePass. There's initial effort to get your password library going, but once it's up and running it won't get in your way. And it might save you some heartache, if not Heartbleed, sometime.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

An Iranian Woman Was Sentenced to Death for Killing Her Alleged Rapist. Can Activists Save Her?

Piper Kerman on Why She Dressed Like a Hitchcock Heroine for Her Prison Sentencing

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Homeland Is Good Again! For Now.

Politics

Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Music

How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

The U.S. Has a New Problem in Syria: The Moderate Rebels Feel Like We’ve Betrayed Them

We Need to Talk: A Terrible Name for a Good Sports Show by and About Women

Trending News Channel
Oct. 1 2014 1:25 PM Japanese Cheerleader Robots Balance and Roll Around on Balls
  News & Politics
The World
Oct. 1 2014 12:20 PM Don’t Expect Hong Kong’s Protests to Spread to the Mainland
  Business
Moneybox
Oct. 1 2014 2:16 PM Wall Street Tackles Chat Services, Shies Away From Diversity Issues 
  Life
The Eye
Oct. 1 2014 1:04 PM An Architectural Crusade Against the Tyranny of Straight Lines
  Double X
The XX Factor
Oct. 1 2014 2:08 PM We Need to Talk: Terrible Name, Good Show
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
  Arts
Brow Beat
Oct. 1 2014 3:02 PM The Best Show of the Summer Is Getting a Second Season
  Technology
Future Tense
Oct. 1 2014 3:01 PM Netizen Report: Hong Kong Protests Trigger Surveillance and Social Media Censorship
  Health & Science
Science
Oct. 1 2014 2:36 PM Climate Science Is Settled Enough The Wall Street Journal’s fresh face of climate inaction.
  Sports
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.