BY LAJU ARENYEKA

Sites all over the world try to convince you that your password is safe with them. With high tech software protecting your privacy, you haven’t had much reason to doubt this. But what happens when software developed to protect passwords becomes compromised?

Recent reports show that a product used to safeguard data could be compromised to allow eavesdropping with the newly discovered ‘heartbleed bug’. OpenSSL is a popular cryptographic library used to digitally scramble sensitive data as it passes to and from computer servers so that only the service provider and the intended recipients can make sense of it.

If an organisation employs OpenSSL, users see a padlock icon in their web browser – although this can also be triggered by rival products. Google Security and Codenomicon – a Finnish security company – revealed on Monday that a flaw had existed in OpenSSL for more than two years that could be used to expose the secret keys that identify service providers employing the code.

They said that if attackers made copies of these keys they could steal the names and passwords of people using the services, as well as take copies of their data and set up spoof sites that would appear legitimate because they used the stolen credentials. You aren’t likely to stop using the internet because of this development, so the next best thing is to choose your passwords wisely and change them often.

Prof. Alan Woodward of the University of Surrey in the United States, suggested that the following rules be observed when picking a new password:
Don’t choose one obviously associated with you
Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet’s name you’re in trouble.

Choose words that don’t appear in a dictionary
Hackers can pre-calculate the encrypted forms of whole dictionaries and easily reverse engineer your password.
Use a mixture of unusual characters
You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!

Have different passwords for different sites and systems
If hackers compromise one system you do not want them having the key to unlock all your other accounts.
Keep them safely

With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.