Even After Heartbleed, Many of Us Still Haven’t Changed Our Passwords.

Even After Heartbleed, Many of Us Still Haven’t Changed Our Passwords.

By Jean Chatzky, Personal Finance Expert and LifeLock Educational Advisor

It’s been more than a month since the Heartbleed bug made headlines. (For those of you who don’t remember, Heartbleed is a bug in OpenSSL encryption software. Left untreated, hackers can steal data—including passwords and other consumer data—undetected.)

In the time that has lapsed, many of the biggest, most traveled sites on the Internet—Google, Facebook, YouTube and Yahoo among them—were fixed or “patched.” And many of those same companies have kicked hundreds of thousands of dollars into a fund devoted to improving security in open source programs like OpenSSL, working to help prevent this from happening again.

But what have you done?

Jean Chatzky. Image by Brad Trent

Jean Chatzky
Image by Brad Trent

If new research from LifeLock is any indication, the answer—frighteningly—may be nothing. LifeLock and Harris Interactive surveyed more than 2,000 American adults who are regularly online. What they found is that of those folks who had heard of Heartbleed, just half had changed their passwords. That means just one-third of people had changed their passwords overall. Why haven’t we? Some of us haven’t gotten around to it yet, others are overwhelmed. But far too many just aren’t worried.

When you consider how quickly data breaches (unrelated to Heartbleed) have been growing, that’s not particularly encouraging. The headline-making ones—Neiman Marcus, Michaels Stores, and the Target breach that just last week reportedly resulted in the ouster of the CEO—were just the tip of the iceberg.  According to the Identity Theft Resource Center, there were 614 in 2013.  That’s a nearly 300% jump from a decade earlier.

Creating—and maintaining—strong passwords can be a great first level of defense. But many of us seem to be clueless about what that means. Earlier LifeLock research showed that while 70 percent of people believe they use strong passwords (at least eight unrelated characters, a combination of letters, numbers and symbols in upper and lower cases) just 42 percent actually do.

So what do you do?

Update or change your passwords on sites that have your key information.  That means banks, email accounts, social networking sites and file-sharing accounts (e.g., Dropbox). Try to get out of the habit of using the sort of words or other info a follower of your Twitter feed might stumble over (i.e., the names of pets, spouses and friends that the LifeLock survey found 29 percent of Americans build into their passwords). Set a reminder – or calendar alert – to change your passwords on a regular basis.

And if you’re looking for one, easy-to-maintain/easy-to-remember solution that works for passwords everywhere, here’s my favorite: Come up with a sentence that you can remember because it makes sense in your life. Something like: My cousin Susan makes the best spaghetti and meatballs. Take the first letter of each word (including the caps) — McSmtbsam – then make some substitutions that are easy to remember $ for the S, & for the a. What you come up with is Mc$mtbs&m. To solve the solution of different passwords for different sites, put the first letter in the name of the site in front of your password and the last letter in the name of the site behind it. So on Google, it might be GMc$mtbs&E.

Opinions in this blog post are those of the author and not necessarily shared by LifeLock, Inc.

All Together Now