After discovery of a major security flaw affecting the majority of the world’s websites, technical experts are urging the public to change the password they use for everything from “password” to “password2”.
The so-called ‘Heartbleed bug’ exposes a vulnerability in the OpenSSL code library used to scramble sensitive data, meaning that hackers could theoretically decode your password and reveal that it is “password”, giving them a frightening level of access to your bank account, emails etc.
“Catastrophic is the right word. On the scale of one to 10, this is an 11,” blogged security technologist Bruce Schneier. “There are over a billion internet users worldwide, and they all use ‘password’ as their password, apart from the minority who have spelt it wrong, and use ‘pasword’. Only real security experts who use ‘p@55w0rd’ will be unaffected.”
The cost in time and effort of the mass migration to the new password is likely to be so high that some observers are calling for the big tech companies to change it for them. “They could just let us know afterwards,” explained government science spokesman Tariq Ahmad. “Or even better, just do it, and when it doesn’t work we’ll try the new one.”
Consumer groups have expressed concern that the new password will be too hard for people to remember. The Citizens Advice Bureau has called for people to make the leap and replace their password with eight asterisks, as it always looks like ******** when you type it in anyway.
Other experts suspect that the risk of the vulnerability has been exaggerated. “To be honest, it’s such a pain in the arse changing everything, we’d recommend just sticking with ‘password’,” explained a spokesperson from Security giants Kaspersky. “Personally, I really can’t be buggered. It’s written down on a bit of paper in my wallet, next to my PIN number, and it’s not like anyone’s going to get in my wallet. Unless I drop it. Or the bit of paper falls out. Good enough.”