Password Considerations in the Wake of Heartbleed

Posted On April 29, 2014 By Kevin O'Brien

You may be wondering if the recent OpenSSL “Heartbleed” security vulnerability affects you. The answer is yes, it affects everyone regardless if you are an Advance customer or not. Many of the websites you visit on a daily basis use OpenSSL to secure communications. This includes sites that require usernames and passwords to access those resources, such as email, IM and VPNs.In some cases those servers use an OpenSSL extension called heartbeat to keep your secure sessions alive during communication. It’s this extension that contains a vulnerability and allows potential hackers to exploit heartbeat and gain access to small pieces of data (hence the name “Heartbleed”). In turn this can lead to compromised usernames, passwords, as well as other data.

Advance has already taken the necessary steps to update any clients using applications which were affected by Heartbleed. The good news is that the majority of Advance customers were not affected, as breaches were primarily limited to those with unattended remote desktop access applications.

As an end user, we still recommend you take necessary precautions. Changing passwords on a regular basis is a must and something you should passionately abide by. Make it a habit to change all passwords every 30-60 days, which will help mitigate your risk as a user of technology.

And while an easy to remember password is the path of least resistance for your own personal memory, it is just as easy for a hacker to crack. In addition to sticking to a regular password reset schedule, keep in mind these additional tips when creating long and strong passwords:

1) Don’t use the same password for every account.

2) Resist using names of your pets, children or family members. Identifying the names of those in your inner circle is fairly easy in today’s age of rampant social media activity.

3) Don’t use personal hobbies either. Photos posted on your social accounts can be just as revealing.

4) Use long pass phrases or a combination of numbers, letters and symbols and interchange them for even more complexity.

5) Even better, consider using a password manager such LastPass to manage and encrypt all of your login credentials.

For more information on Heartbleed, or enhanced security options for your office solution, call 410-252-4800, or email