For some time now, I did use LastPass to save all my passwords on various websites. I could not remember over 150 passwords and accounts I use at least once a week. Recently I have left LastPass in favor of 1Password service. 1Password isn’t a free web service, it has a price but when it comes to my security I think 69 USD is an investment I should make.
Today I have received an email from the guys behind 1Password which explain very nice Heartbleed vulnerability is all about. They assure use, people who uses 1Password that our date is safe since they use Authenticated AES 256-bit encryption and can only be unlocked with a Master Password and therefor 1Password is not affected. Good news, since 1Password, automaticly fills up the username and/or password when it needed it to, instead of the old fashion when a user should manually input their credential.
What is Heartbleed?
Heartbleed is a problem in OpenSSL, a software library that is used by most websites to secure your communication using SSL. It provides the S in HTTPS, or if you prefer, it’s what’s responsible for the padlock icon in your browser’s URL bar while browsing the web.
Normally when browsing a site using SSL, you can trust that the information you send to the website can only be seen by the website itself. This keeps your private information, such as credit cards, usernames, and passwords, secure.
The Heartbleed exploit enables attackers to bypass the protections provided by SSL. This means any information you sent to a website that relied on vulnerable versions of OpenSSL could potentially already be in the hands of the bad guys.
The email I have received also states:
While your data is safe within 1Password itself, there is a good chance websites you used were vulnerable and did not protect your username and password. The knee jerk reaction to this news is to change all your passwords immediately. While I will be recommending you change your passwords, not all websites have been updated yet to protect against this vulnerability. The best advice I can give you is to change your most important website passwords immediately, including your email, bank accounts, and other high value targets. This will provide your best defense against previous attacks. After a few weeks, websites will have been upgraded with new SSL certificates, and you will be able to trust SSL again. At this point you should change all of your passwords again.
Since Heartbleed security issue, 1Password, gives new users a discount of 50%. It is worth mentioned that 1Password is working both on Apple devices, Windows devices and Android devices, all your credential in one place no matter what device you use.