In case you haven't heard, a programming flaw detected on the Internet earlier this week could leave countless people vulnerable to data theft. Called "Heartbleed," this bug affects something called OpenSSL, an open-source implementation of the SSL protocol; what many websites use achieve security.
"This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users," says the Heartbleed.com website. In other words, if you use sites like Facebook or Google, this bug could potentially have exposed the username and password you use on these sites to hackers.
Bet that got your attention.
So, what's an Internet user who doesn't know an SSL from a UFO to do?
Well, according to experts, it's wise to see if the Heartbleed bug has affected the websites you visit most. CNET has compiled a list of the top 100 sites across the web that shows which sites are vulnerable to this bug. When you look at CNET's list you'll notice that a password change is recommended for most sites including Google, Facebook, YouTube, Yahoo and more.
Before you join the collective groan being heard around the Internet at the prospect of changing your passwords, look at the bright side. This security glitch actually offers parents and their kids an opportunity to share an important and timely "teachable" moment. Why not use Heartbleed as reason to talk to your kids about how and why to make safe and secure passwords in the first place?
This is actually a lesson, adapted from Common Sense Media's excellent Digital Citizenship curriculum, that I teach to seventh graders during Cyber Civics classes. However, I've learned over the past four years that many adults (no offense) can benefit from this information too.
One problem many of us have is remembering our passwords in the first place, so this lesson teaches a strategy to help with this challenge.
It starts with every student receiving a slip of paper with the name of a famous person on it (an actor, musician, political or historical figure). Their task is to create password using that person as a mnemonic device while also following the five simple rules for safe and secure passwords.
Every password should:
- Include upper and lowercase letters.
- Include numbers and symbols.
- Be at least eight characters in length.
- Contain no personal information.
- Not use words found in the dictionary.
Kids love challenges like this one and students always surprise me with the creative and funny passwords they come up with. They also enjoy the follow-up activity when every student writes his or her password on the board, and then the entire class attempts to guess the person behind each password by playing a "Charades"-like guessing game.
Here's an example of a password a 7th grader came up with, see if you can guess the celebrity who inspired it:
In case you can't figure it out... the mnemonic device for this password was the pop singer Adele. The password is comprised of the first initials of her well-known song "Set Fire to the Rain," she is 24 years old, from the UK, and she rocks (!!).
You get the idea.
While the prospect of changing and managing your passwords is annoying, it is a good practice to get into, Heartbleed or not. Of course, for adults software like the LastPass Password Manager can help with the task of keeping track and securing passwords on a myriad of sites. However, it's smart for kids to learn how to develop these habits independently as they begin using the web. Because when it comes to the Internet, while it might be the "Heartbleed" bug today, it's sure to be something else tomorrow. That's why it's important to use this moment to talk to kids about keeping safe and secure online.