× Cookie Policy: We use cookies to help keep our site relevant and easy to use. To help us do this we need your permission to use cookies. EU legislation requires that all websites clearly specify if cookies are being used and their purpose. For more information on the cookies we use, please view our privacy policy. We use Google Analytics, which uses cookies to anonymously track activity on our site.

Heartbleed: How to Avoid your Passwords Bleeding into a Hacker's Hands…

by Jack Woodhall - 16th April 2014


Last week there was a media frenzy over the so-called Heartbleed bug on Open SSL security systems. Newspapers and broadcast news urged everyone to change their passwords immediately. To add to the global panic, Canada's tax authority got hacked as did UK's Mumsnet – the latter only finding out when the Chief Executive discovered that she had apparently sent out a message to the whole community, which she in fact hadn’t.

The current advice is to wait until the vulnerability is found in a system before reacting, unlike the initial warnings which were for everyone to change all their passwords at once. By now, every IT department in the world using Open SSL should have closed the Heartbleed door to hackers - and are sure to find out if they haven't.

How to Make Life Awkward for Hackers

It is always good to change your passwords on a regular basis, and now is as good a time as any. We all get Gmail or Yahoo spam messages from unwary friends whose passwords have been hacked. Make yours difficult but memorable and you should never have your Gmail hacked, let alone something much more significant such as Amazon and other shopping sites which store your credit card details. Uppercase and lowercase letters, numbers and special characters will all help to confound the hacker. Internet safety website Getsafeonline.org suggests that you use something like SP1D3Rm@n, which to the user looks like Spiderman but is written in a way that no one could easily replicate by testing the letters and numbers together.

Identity theft particularly threatens the safety of your passwords. People often combine their name and birthday to create a password, such as Julie121174. If the ID thief knows that your spouse is Julie and finds out their birthday, they will try a series of variations until they make a hit.  If you're a Chelsea supporter and choose to base your password around this, it makes for a fairly easy hack. Instead of Murinho777, go for something more complex such as Murinho4S@1nth00D. The former would be an own goal but it would take a world class hacker to get the latter!

Paranoia is a Good Thing!

While telling your partner to avert their eyes when entering the password for your family blog might be a bit far, a little paranoia is healthy. If someone finds out an important password, change it. Don't ever write them down unless they are written in such in a way that someone else would struggle to understand, and don't carry it around in something attractive to thieves such as a handbag or wallet.

Sensible security is generally the answer. Major firms who are hacked, where customers have had money stolen, will be liable to pay for their mistakes - even Heartbleed would fall under their responsibility. This generally makes them much more particular when choosing passwords. Don't run the risk and play safe with all your passwords, and let your personal information stay that way.

Comments? Send us an Email


London Office

A: 48 Charlotte St, London, W1T 2NS
T: 020 7183 7145
E: london@opiliorecruitment.co.uk

Birmingham Office

A: The Barns, Whitestitch Lane, Meriden, CV7 7JE
T: 0121 285 0145
E: birmingham@opiliorecruitment.co.uk

Manchester Office

A: Peter House, Oxford St, Manchester, M1 5AN
T: 0161 850 3145
E: manchester@opiliorecruitment.co.uk


© Opilio Recruitment Ltd 2014 - Registered in England and Wales - 07372444