In the wake of the Heartbleed Bug, some inexperienced vendors are suggesting users change their passwords, but this won’t protect them from further attacks.
Last week, the Heartbleed bug was discovered. Since then, many companies and a few inexperienced security vendors have rushed to put out ill-advised statements. One of those theories is that users need to immediately change their passwords so they can maintain their online security. According to LogmeOnce CEO and security expert Kevin Shahbazi, this will not only not protect you, it could increase your risk of a cyber attack.
“Users should not change their passwords right now, it will not help the situation,” says Shahbazi. “The problem with sites affected by the Heartbleed Bug is that hackers can visibly see your passwords. And until the infected sites clear up the problem themselves, it is advisable not to change your password. And be careful because the Heartbleed Bug affects more than just websites, it can also get into smart phones, security cameras, switches, virtual private networks, company video conferences, etc. It’s a very serious security issue and that can’t be overstated.”
This problem stems from the fact that the majority of people rely on one layer of protection (ex. SSL).