This post was written in collaboration with Nancy Hupp.
Well it’s happened. Everywhere we turn, headlines warn of the Heartbleed Bug, and it’s time for a change—of our passwords. This is especially important for sole practitioners, who have an ethical obligation to be mindful of technology but may not have the IT team to help them out.
Confused? Read this post to understand (or if you’re like me, not understand, but at least appreciate) the risk. The post tells you all you’ve ever wanted to know about Heartbleed and lets you know which passwords to tackle first.
To change your password, the first hurdle is your own memory. I have found that the stronger the password, the weaker my ability to recall it. Show me someone who actually knows their passwords and I will show you someone who:
- Writes them down.
- Uses the same password on all sites.
- Uses a common password we’ve all been instructed never to use.
If, you’re cautious enough to avoid these techno-sins but still unable to recall your password, the answer is to reset it. Click on “Forgot password?” and the site cheerily sends a reset-password instruction to your email address. Which may be when you realize you don’t remember whether you set up the account recently with your new Gmail address, or back in the Clinton administration with that old AOL address your friends have been teasing you about.
But let’s say you find the reset code. Now all you need to do is come up with a new password. Here’s how it works:
You type: ihappy
Invalid. This password is already taken.
You type: ifrustrated
Invalid. You need to have at least one uppercase and one lowercase letter in your password.
You type: I very frustrated
Invalid. You cannot have spaces in your password.
You type: IVeryFrustrated
Invalid. You need at least one symbol in your password.
You type: IVERYfrustrated!!
Invalid. Your password cannot exceed 10 characters in length.
You type: IIrate!
Invalid. Your password must have at least 8 characters.
You are sweating now, punching the keyboard in a veritable panic.
You type: IIIrate!!!
Your password was accepted!
Momentarily you are relieved. Then you read:
Please retype your new password to confirm.
Now you now know why they named it Heartbleed. You’re not wrong to consider the statistical probability of being hacked, and wonder if it would be more or less painful than coming up with a seemingly-infinite series of random letters, numbers and symbols that you will not remember. Or to consider whether there’s an easier way – for example, using a password manager.
Take heart. Know that when you have changed your passwords, returning to work will be the easiest thing you’ve done all day.
Latest posts by Karin Ciano (see all)
- Designing Your Law Practice: The First Three Years - April 30, 2014
- CLE A La Carte - April 29, 2014
- Changing my Password - April 24, 2014