In the wake of the Heartbleed vulnerability, some vendors are suggesting users change their passwords – but this won’t protect them from further attacks, according to one expert.
Earlier this month, the Heartbleed bug was discovered. Since then, many companies and a few inexperienced security vendors have rushed to put out ill-advised statements. One of those theories is that users need to immediately change their passwords so they can maintain their online security.
According to LogmeOnce CEO and security expert Kevin Shahbazi, this will not only fail to protect you, it could increase your risk of a cyber-attack.
“Users should not change their passwords right now, it will not help the situation,” says Shahbazi. “The problem with sites affected by the Heartbleed Bug is that hackers can visibly see your passwords. And until the infected sites clear up the problem themselves, it is advisable not to change your password.
“And be careful because the Heartbleed Bug affects more than just websites, it can also get into smart phones, security cameras, switches, virtual private networks, company video conferences, etc. It’s a very serious security issue and that can’t be overstated.”
This problem stems from the fact that the majority of people rely on one layer of protection (ex. SSL). LogmeOnce believes security is a multi-layered approach to build your defences.
