Heartbleed's silver lining

The security flaw got more consumers to change their passwords and start using two-factor authentication

When's the last time you thought about using different passwords for different websites? Perhaps after a bug called Heartbleed started crawling around them.

Earlier this month, reports about a major vulnerability in the Internet known as Heartbleed spread like wildfire. It was complicated for people to understand: a change long ago in OpenSSL, an open-source cryptographic library, that left encrypted data vulnerable to theft. But that didn't stop people from taking action in response, or at least giving more thought to online security.

Internet users who previously may not have given much consideration to their online passwords are now changing them, and even enabling two-factor authentication, since Heartbleed was exposed.

Heartbleed was a bug in OpenSSL, introduced in a new version of the software at the end of 2011, that under some circumstances allowed Internet attackers to steal data from the memory of a server in 64KB chunks. That data could include passwords or encryption keys, which could then be used to break into users' accounts or even make malicious sites mimic real ones and collect usernames and passwords. Two-factor authentication, which forces users to give two separate pieces of information for access, can help to protect users against such attacks.

The Heartbleed scare seems to have made Facebook users, at least, smarter about security. Following the Heartbleed disclosures, Facebook saw a spike in password resets and enrollment in Login Approvals, Facebook's version of two-factor authentication, a spokesman told the IDG News Service.

It appears that many people are taking the disclosure seriously and taking steps to protect themselves, he said.

A range of other Internet companies large and small declined to say whether they had seen more password changes or use of two-factor authentication. A lot of the companies, including Google and Yahoo, say they have since patched their services, though it's not always clear how vulnerable each company's services were in the first place.

That uncertainty may have increased the use of password services software. One password management app, 1Password, skyrocketed in popularity from the low-200s to the top 10 in Apple's App Store in the U.S. shortly after the Heartbleed disclosures, according to its developer, AgileBits.

But people's heightened awareness around security may only last for so long. The 1Password app is now ranked 67th in Apple's store.

"Heartbleed has gotten into the forefront of people's minds," said Mike Lloyd, chief technology officer at RedSeal Networks, a security analytics service provider, "at least for a while."

Security experts and services firms wouldn't estimate how many users changed their passwords or started using two-factor authentication on the major online services. But they said they have noticed a new enlightenment in people -- even non-techies -- around security.

"Heartbleed was not just a narrow issue. It's been talked about by the masses," said Zulfikar Ramzan, chief technology officer at Elastica, a cloud security company. "My doctor brought it up with me," he said.

Other experts agreed. More people who may not be very tech-savvy are changing their passwords and thinking about being smarter with security online, they said. "This has been a wake-up call for the general public," RedSeal's Lloyd said. For one thing, Heartbleed has made more people think about the strength of their passwords, he said.

People may also be taking a more holistic view of their online accounts. Internet users are more aware now that it's not smart to use the same password for a social media account on Facebook and a bank account at Wells Fargo, said RedSeal's Lloyd.

Read more: Purple WiFi partners with Wavelink

Using different passwords for different sites and making those passwords stronger isn't revolutionary, but it's progress.

"Sometimes it takes a disaster to get people to do something they should have been doing all along," said Steve Pate, chief architect at HyTrust, via email.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags patchesonline safetyRedSeal Networkssocial networkinginternetprivacyFacebookhytrustGooglesecurityDesktop securitydata breachsocial mediaElasticadata protectionsearch enginesAgileBitsInternet-based applications and services

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Zach Miners

IDG News Service
Show Comments

Cool Tech

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Gadgets & Things


Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on Good Gear Guide


Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs


Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?