Hotline: 6478 5029

Administered by C3A
A-| A| A+

To change or not to change your computer password

Tech

Published on

01 Jan 2014

Published by

The Straits Times


Many computer users are facing this dilemma following the discovery of the potent Heartbleed, which has opened the door for hackers to enter two-thirds of websites around the world.

 

Security experts have advised that it be done after an affected website had been patched to get rid of the bug.

 

But many of the highly popular websites reportedly affected by Heartbleed appear to have left users in the dark as to whether they need to take action.

 

Google, for instance, said that it fixed the bug early, applying patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps and App Engine.

 

It announced the move in a blog post on Wednesday and, when contacted, told The Straits Times yesterday: “Google users do not need to change their passwords.”

 

Its failure to inform Gmail account holders infuriates users like Mr Aaron Koh, 37, who said he does not track vendors’ blog posts.

 

“The very least Google could have done is to update users via an e-mail,” said the marketing manager.

 

Agreeing, engineer John Wong, 36, said websites should be proactive and inform users of any vulnerability.

 

“A lot of websites let users log in via their Google or Facebook accounts,” he noted, adding that it was how he would log into book-sharing site Goodreads.

 

He was among many who learnt of the need to change their usernames and passwords, when accessing sites such as Facebook, Yahoo Mail, GoDaddy, Instagram, Tumblr and Dropbox, from the media.

 

Websites reportedly affected by Heartbleed include e-mail service providers Gmail and Yahoo Mail, GoDaddy poll management service, social networks Tumblr and Instagram, as well as file-sharing service Dropbox.

 

The bug, which has been lurking undetected for more than two years, is found in a computer code called OpenSSL.

 

This code is designed to secure data on websites but the flaw lets hackers pull data, including passwords, from the affected server’s working memory.

 

“This is why usernames and passwords become unsafe, and should be changed after services have been fixed and if the service provider instructs users to change the passwords,” said Mr Ari Takanen, chief technology and research officer at Finnish security firm Codenomicon, which helped uncover the bug.

 

Mr Tan Shong Ye, IT risk and cyber-security leader at consulting firm PricewaterhouseCoopers Singapore, said website operators may still be assessing the potential damage.

 

It is the reason they have not sent out a notice asking users to change their passwords.

 

“It may take days to completely patch the security loophole and assess the sensitive information that may be leaked,” Mr Tan added.

 

Dr Calvin Chan, head of the business programme at SIM University’s School of Business, has this advice for users: “Play a part in having the discipline to update (your) passwords regularly.”

 

Website operators may still be assessing the potential damage. It is the reason they have not sent out a notice asking users to change their passwords, said Mr Tan Shong Ye, IT risk and cyber-security leader at consulting firm PricewaterhouseCoopers Singapore.

 

“It may take days to completely patch the security loophole and assess the sensitive information that may be leaked,” he added.

 

Source: The Straits Times © Singapore Press Holdings Limited. Reproduced with permission.


ALL views, content, information and/or materials expressed / presented by any third party apart from Council For Third Age, belong strictly to such third party. Any such third party views, content, information and/or materials provided herein are for convenience and/or general information purposes only. Council For Third Age shall not be responsible nor liable for any injury, loss or damage whatsoever arising directly or indirectly howsoever in connection with or as a result of any person accessing or acting on any such views, content, information and/or materials. Such third party views, content, information and/or materials do not imply and shall not be construed as a representation, warranty, endorsement and/or verification by Council For Third Age in respect of such views, content, information and/or materials.

Compare Courses (Up to 3)

Compare