LastPass Responds to Heartbleed

Posted by Justin Unton

April 15, 2014 at 12:00 PM

HeartbleedWhen I wrote about LastPass last May, I wasn’t expecting something like the “Heartbleed” bug to take place. As you may have heard by now, there is a vulnerability in the OpenSSL library, which is used by approximately two-thirds of all websites on the Internet.

This vulnerability allows someone to monitor and collect Internet traffic and then use stolen copies of digital keys to impersonate servers or decrypt communications. In some cases, it even exposes your username and password in the traffic.

Although Commonwealth’s traffic wasn’t affected by this vulnerability, most web traffic was. It’s highly recommended that you change your passwords on most sitesbut only after you have confirmed that the website has addressed the Heartbleed vulnerability. Of course, it’s never a good idea to use the same username and password anyway, which is why I wanted to take this opportunity to write about LastPass again.

Why Use LastPass?

Not only will this app create new passwords for you, but its most recent update now allows you to check which sites were affected by the Heartbleed vulnerability. I just ran my LastPass security check and found that 14 of my 227 stored sites were at risk. Not only did it tell me that I should change my passwords, but it even told me that certain sites haven’t updated their servers to prevent the bug from intercepting my information. So, even if I changed my password I’d still be at risk.

I can’t really do anything about those companies making changes to their servers, but it is still good information to know. Since running the security check, I’ve been able to protect myself in 7 of the 14 accounts. I’m still waiting for the others to update their servers before I use their services or change my password. 

There’s virtually nothing you can do at this point to know if your information is in the wrong hands, but you can change your existing passwords to prevent those with your information from logging in to your accounts. I recommend using LastPass to take care of your passwords for you.

If you’d like to learn more about LastPass, check out my post from last May. You can learn more about how the company responded to the Heartbleed vulnerability here. 

New Call-to-action
The Independent Market Observer, Brad McMillan

Follow Us