Monday, 14 April 2014

online companies and security

I'm holding my hands up ...  I am not just a bad mummy I'm a typical useless on line user too.  I will admit I cannot remember 500+ passwords to have a different one for every site..... heck i can't even remember which 10 sites I signed up to in the last week let alone forever.

So imagine my anger when I receive email such as this "On Thursday 10 April we at **** became aware of the bug [heartbleed] and immediately ran tests to see if the ***** servers were vulnerable. As soon as it became apparent that we were, we applied the fix to close the OpenSSL security hole (known as the Heartbleed patch).  However, it seems that users’ data was accessed prior to our applying this fix".  Now aside from the fact they KNEW on Thursday of the issue but didn't tell users until 5.45 on Monday 14th is bad enough in itself but for companies not to have effective virus software to stop this happening is appalling.  These are companies we trust to keep data safe who simply can't due to their own lax security.

Now this company in particular has actually had the best reaction I've seen to the virus and one others could take a look at.  rather then just say "opps you may want to reset your passwords" they actually froze all log ins meaning you could "no longer ... log in to *** with a password that you chose before 5.45pm on Saturday April 12, 2014".  When you did go to sign in it triggered an email to allow you to reset it.  Brilliant!!

Unfortunately for me this now means trailing all the websites I had literally a week earlier changed my password on and resetting them AGAIN!!!

No doubt there will be hundreds I miss but what it has done is urge me to 'cleanup'.  I had a good overhaul of the thousands of emails in my inboxes and unsubscribed from those sites I never use.  Some companies I have apparently signed up to with 3 or 4 variations on my email address (googlemail changed to gmail) and it's been a great way of making sure I only get 1 copy of the emails.  Quieter inbox and less site log ins to need to remember ........ or write down in a safe place.

Bang goes my night of scheduling blog posts tho or picking up my sadly forgotten cross stitch.

No comments:

Post a Comment