How to Create Super-Strong Passwords to Protect Yourself From the 'Heartbleed' Security Bug This online security hole could affect a sizable portion of the 'secure' web. Here's what you can do to stay safe.
This story originally appeared on Business Insider
Earlier this week, a massive security bug known as Heartbleed had been discovered— a vulnerability that could allow intruders to trick servers into spewing out your personal data.
Heartbleed is particularly dangerous because it extends much deeper than just a bug within an app that can be easily updated.
It's a problem with the technology that powers the services that transmit secure information from websites such as Gmail and Facebook.
The Heartbleed bug affects versions of OpenSSL, a popular data encryption standard that powers a large chunk of the Web. The flaw was initially spotted by the team at security firm Codenomicon and Google Security's Neel Mehta.
OpenSSL has issued an emergency update since, but it's still worth taking the extra steps to make sure your personal data is protected.
The best way to protect yourself against the Heartbleed bug is to not only update your important passwords, but to also make sure you're choosing strong passwords that can't be easily discovered. Here are some tips and tricks to help you create reliable passwords that are impossible to guess.
Make sure your password is long enough
The more characters there are in your password, the more difficult it could be to guess. Both Google and Microsoft advise that lengthier passwords are more secure, and Microsoft suggests that your password should be at least eight characters in length. Most websites will have some type of minimum requirement when creating a password to ensure you don't end up with an easy-to-guess four character password.
Try to make it as randomized as possible
A long password is useless if it's a common word or phrase that can be easily guessed. It's best to use a randomized series of characters that include a mix of letters, numbers and symbols. Don't use a password that includes your name or company name, and if possible try to create a password that isn't a real word. Your password should contain a variety of uppercase and lowercase letters, numbers and symbols.
Replace correctly spelled words with misspellings
If you're going to use words or phrases in your password, misspelling them is a great way to make them more difficult to guess. You can do this by adding symbols and numbers in place of letters. For example, if you want to use the phrase "I love soccer" in your password, you should change it to something like "1LuvSoCC3r!1" to make it more secure.
Don't use the same passwords for multiple accounts
You never want to use the same password for multiple accounts. If an attacker discovers one password, he or she will have access to all of your important profiles and accounts if you use the same code for each website or app. You should also make sure each password is different from your previous passwords or other existing passwords.
Avoid passwords like this
If you're still unsure about what makes a strong password different from a weak password, here are some examples of passwords you should never use. Codes like "abc1234," "password," "admin," "iloveyou" and "aaaaaa" were the most popular passwords that had been discovered after Adobe's systems were hacked in December.
Create a password by making up a sentence
Another excellent way to come up with a strong password that's difficult to guess is to think of a sentence you can easily remember, as Carnegie Mellon's School of Computer Science suggests. For example, take a sentence like "My favorite animal is the koala bear." Now take the first letter of each word in the sentence, throw in some punctuation and replace some of those letters with numbers for variety. That sentence can be converted into a password like this: mFA1tkB!.
Use these apps and tools to create and manage passwords
Even after following the tips listed above, it can be difficult to brainstorm secure passwords that you won't forget. Luckily there are trustworthy apps and services that can do this for you.
LastPass, for example, lets you store and manage all of your important passwords in one safe spot. The app encrypts your data and password list so that no one can read them, and there's an option for different types of two-factor authentication. It also includes a password generator that creates randomized passcodes that are nearly impossible to guess. The free desktop version prompts you to save your password in LastPass whenever you login to a new website, but you'll need a premium subscription ($12 per year) to use the mobile version.
By the way, LastPass has a handy tool that can tell you if a site you use was affected by Heartbleed.
1Password is another great option for those seeking extra protection. The 1Password app ($17.99) offers many features similar to that of LastPass, including a password generator and secure encryption. There's also a browser extension that syncs with your desktop.