Website

“Heartbleed” and one thing everyone should know about passwords

Philipp Steinweber
Written by Philipp Steinweber

“Heartbleed” and one thing everyone should know about passwords

While the dust has settled a bit on Heartbleed, one of the largest internet security bugs ever, let’s take this opportunity to talk about an essential thing in our digital life: passwords.

First of all, without panicking, you should change your password on quite a few sites which have been affected by the bug. Mashable compiled an up-to-date list including big players like Google and Facebook (which might play an essential role in your business by now!).
So we recommend: Go through that list and change your passwords!

In regards to “What password to choose?” I like to quote XKCD (whenever you see those 4 letters combined, be prepared for nerdy things to happen):

“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”

I warned you (feel free to ignore and scroll down for practical takeaways):

bd0179e0-9dfc-4b6d-8cd3-bb542c5bb269

Nutshellized: “Tr0ub4dor&3” is much easier for computers to guess than “correcthorsebatterystaple”. It’s the length that matters most for a high password strength. -> Choose a very long password! Note: Very long gibberish passwords are even harder to guess than very long random dictionary words. But harder to remember too.

When we’re working on your website we’re using a >15 character random password. A different one for each site. Impossible to remember. That’s why we’re using password managers, and we recommend you use one too. The most famous ones which are available cross platform, and do have a solid reputation, are: 1Password and LastPass.
While this post isn’t supposed to explain exactly how they work (their websites go into detail), let’s just say: they’re clever and safe! They also create and fill in long, random passwords automatically.

LastPass also solves sharing passwords very elegantly (also within companies), because you should never have to email sensitive passwords back and forth or save them in a spreadsheet.

Passwords suck. But let’s handle them responsibly as long as they’re still around.

About the author

Philipp Steinweber

Philipp Steinweber

Philipp is the founder of Metamonks and Omooni, and passionate about personal growth. On Soulful Hustle he open-sources the strategies and insights learned from his projects.

x