The Heartbleed Vulnerability: What You Need to Know

heartbleed

As many of you are already aware, a very serious vulnerability (a software bug) named ‘Heartbleed’ was discovered in a piece of code that is used by the majority of websites to protect the transfer of confidential information. PasswordBox was responding to this issue within the first hour of the initial disclosure and has confirmed that AT NO TIME were PasswordBox systems or PasswordBox user data vulnerable to the Heartbleed bug. 

Here are the key points you need to be aware of:

- The bug has existed in releases of OpenSSL, an open-source code library that is used by the majority of websites, since March 2012. There is no hard evidence that hackers were aware of it, or exploited it, but if they had, it would likely have left no trace. It is possible that your passwords or other confidential information were leaked through the websites you used. To clarify, no PasswordBox data was ever compromised – but users may still be affected due to data compromises that occurred on other websites that did use the vulnerable OpenSSL code.

- If you have an account with a site that was vulnerable at any time, even if it has since been fixed, you should change that password immediately. Please visit the resources below for information on which websites were vulnerable to Heartbleed:

List of who was vulnerable as of April 8th:

Top 100 sites:  https://github.com/musalbas/heartbleed-masstest/blob/master/top100.txt

Top 1000: https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt

Top 10000: https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

- Even if the bug was not exploited before April 7th, now that it has been publicly disclosed, it will be. DO NOT USE any website that is still vulnerable. You can check if a site is still vulnerable right now by using this tool.

- This vulnerability can also be exploited to attack browsers, instant messaging clients, VPN clients, BitTorrent clients and other desktop software that uses SSL. It is very likely that attacks like this will start now that the bug has been disclosed. Protect yourself by updating your software as soon as an update is available, as it will have the necessary patches.

If you have questions or concerns about Heartbleed and the security of your data, we want to address them. Get in touch with us by email to [email protected] , or connect with us on Facebook and Twitter.

Additional Resources:

Jefferson Graham from USA Today shares his thoughts on why you should use a password manager and how to chose the right one. Watch the full USA Today video here.

Our Chief Security Officer, Dr. Richard Reiner, speaks with BetaKit about how PasswordBox safeguarded user data from Heartbleed and what users should do today to protect their other accounts. Read the full BetaKit article here.

Geoffrey Fowler of the Wall Street Journal shares some important tips on how and why you should change your passwords. Read the full Wall Street Journal article here. 

 

PasswordBox & Nymi: Biometric Security for Your Digital Life

passwordbox-nymi-promo

Can you imagine logging in to your PasswordBox account simply by walking up to your computer, or grabbing your smartphone? And never having to type in a password, not even your Master Password, ever again?

In the near future (mid-2014!) you’ll be able to do exactly that. We’re partnering with Bionym, the makers of the new wearable device Nymi, to bring biometric security to your digital life. Nymi uses your unique cardiac rhythm (your heartbeat) to authenticate you, and when linked with your PasswordBox account, the Nymi will replace your Master Password. You’ll be able to log in to your online accounts without typing a single letter on your keyboard, while securing them with Nymi’s 3-factor security system.

3-factor security? How will that work for PasswordBox?

One of the things we truly appreciate about Nymi is their focus on ‘Secured Convenience’ – that’s a key aspect of our mission too. Their 3-factor security system is a great example – to use PasswordBox with Nymi, you must have your Nymi, your heartbeat and any authorized device with PasswordBox installed. Without any one of those elements, nothing happens. The system is convenient – when was the last time you left your heartbeat on the kitchen counter as you were rushing out the door? – and three elements of security mean that your data is accessible to you – and no one else.

How will Nymi log me in to my PasswordBox?

Nymi works using proximity detection – it knows how far you are away from the device you’d like to interact with. You’ll be able to securely log in and access your PasswordBox simply by walking up to your computer screen or smartphone. And when you walk away, your PasswordBox is automatically locked so your data stays protected.

Take a look…

The Nymi will come pre-configured with PasswordBox – so once you receive your Nymi, you’ll be able to use it immediately to access your PasswordBox account. In preparation for their mid-year release, Bionym is working with developers in other industries so you’ll be able to use your Nymi in your car, office and home – in addition to super-securing your PasswordBox data.

You can pre-order your Nymi now and receive a Free for Life subscription to PasswordBox*. Then, swing by and tell us how you think biometrics will change our digital experiences – leave a comment below, or connect with us on Facebook and Twitter!

*For existing PasswordBox users, please email a copy of your Nymi receipt to [email protected] to redeem the Free for Life subscription offer.

PasswordBox Joins Google, PayPal in FIDO Alliance

fido_passwordbox

We’re excited to announce that PasswordBox has recently joined the world’s leading technology companies in partnering with the FIDO Alliance. Formed in 2012, the mission of the FIDO (Fast IDentity Online) Alliance is to reduce our reliance on passwords, and support the adoption of emerging authentication technologies – two points of focus that very much mirror our own.

From our CEO, Dan Robichaud: “In the coming months, consumers will be stuck in a position where their devices, online accounts, and digital identities all rely on different methods of authentication such as, biometrics, two-factor authentication, and passwords.”

“This is a complicated problem and where we see PasswordBox bringing the most value to the FIDO Alliance. By using our advanced machine learning technology and federated identity management solution we will be able to help people simply authenticate themselves across all platforms – no matter how quickly vendors and web providers commit to the new FIDO Standard. By collaborating with fellow Alliance members like Google, PayPal, MasterCard and a host of others, we’ll be able to share technologies and expertise – all with the express goal of making it easy for everyone to use the web securely.”

We’re very excited to be part of this elite group, and look forward to seeing what we can accomplish together. We’d love to hear what you think – what gives you the most headaches online? And how would you like to see that change? Share with us in the comments below, or connect with us on Facebook & Twitter.

Award-Winning PasswordBox Android App Now Available on Kindle Fire

Kindle Fire Blog Image

 

We’ve got great news for Kindle Fire users! Our CES award-winning Android app is now available in the Amazon App Store! Now you can enjoy the convenience and security of PasswordBox on any Kindle Fire device, 2nd generation and later.

With the PasswordBox app, you’ll be able to securely store, retrieve and share passwords and other personal data anytime, anywhere, on any device. Enjoy included features like the strong password generator and Safe Notes, and manage sharing and legacy on the go. Automatic syncing between devices means you’ll always have the most current credentials.

If your device is running Android 4.3+, you can enjoy our newest innovation – 1-Tap Login in to popular apps. (For users running earlier versions of the Android operating system, you’ll be able to log in to apps quickly with copy & paste functionality that is built right in for easy access.)

The app is available for free in the Amazon App Store, so swing on over and download yours today! Then, share your feedback with us in the comments below, or connect with us on Facebook and Twitter using the hashtag #PBonFIRE.

**Please note: the PasswordBox app has been thoroughly reviewed and approved by the Amazon App Store, but you may experience difficulties in downloading it due to a high volume of requests. If this is the case for you, please email [email protected] and they can assist you further.

 

Using PasswordBox to Protect Your Small Business

PasswordBox for SMBs

Running a small to medium-sized business (SMB) is no small task. Whatever industry you’re in, you probably have more items on your to-do list than time to do them – so the last thing you want to be worrying about is whether or not you’re properly securing your company’s data. PasswordBox makes it simple by giving you and your employees the tools to properly manage passwords, sensitive information, shared accounts and more -  and it can be adopted office-wide without spending a penny.*

First, here’s what you should know about passwords:

  • each unique online account should have a unique username and password combination
  • ‘strong’ passwords should be 15 characters long, with a combination of upper and lower-case letters, numbers and symbols
  • a password should NOT be a word that can found in a dictionary in any language
  • passwords should be updated every 3-6 months

With all of those guidelines, you’re probably thinking it’s impossible to manage all that for yourself – so how are you going to get your employees on board?

  • Better Tools, No Excuses 

With PasswordBox, managing passwords is easy – whether you’ve got five accounts, or 500. Passwords and usernames are saved automatically while browsing, and once saved, PasswordBox can enter the username and password into login fields for seamless one-click login. (Look Ma, no hands!) There’s also a password generator that creates strong, hack-proof passwords, Safe Notes for securing sensitive text info and a digital Wallet for credit cards, identification documents, loyalty cards, store membership and even passports. Giving your employees the tools they need to better manage passwords and other data empowers them to adopt and use proven techniques to protect data – theirs, and yours.

  • Sharing, Smarter 

Sharing passwords is one of the biggest security pain points for a SMB. Bringing on a new hire, and need to get them set up with an email account and password? Want to share access to your business’ social media profiles, but are afraid to give out a password you’re using elsewhere? Too often, vital account information is shared through email or hastily written on a slip of paper – and once it’s been shared, you can’t take it back. Via the ‘Sharing’ tab of your PasswordBox, you can share your passwords securely, see who has access to which accounts and you can revoke access at any time. If you update a shared password, that update will be synced to those you’ve shared it with, so they’ll have access to the current information for logging in without being able to view the actual password. You may have already heard horror stories of disgruntled employees keeping company accounts held hostage as a bargaining chip – with PasswordBox, you can be certain this won’t happen to you.

  • BYOD is Not a Trend

Do you know where your employee’s cell phone is right now? The Bring Your Own Device ‘trend’ is here to stay – but you may not realize how much sensitive business data could end up in the wrong hands if that device is stolen. Over half of all employees admit to keeping work-related data on their mobile devices, often without even a simple PIN-code lock protecting the device’s contents. With the free PasswordBox mobile apps for iOS and Android devices, employees can access the information they need securely within the in-app browser, so there’s no need to leave sensitive information accessible anywhere else on the device.

Using PasswordBox to secure and manage data for your SMB can save you time, headaches and money – so you can get back to doing what you love. Are you using PasswordBox for your small business? If so, we’d love to hear from you! Leave us a note in the comments, or connect with us on Facebook or Twitter.

*PasswordBox Unlimited subscriptions are available for US$11.99 annually, but for employees who need to manage less than 25 passwords, they can use the free, limited storage version with full features including Wallet, Auto-Sync across devices and data backup for no cost.

 

CES 2014 – PasswordBox Wins Big in Vegas!

WOW! 

2014 is starting off in a big way for us, as we celebrate winning Best Mobile App at 2014 CES Mobile App Showdown in Las Vegas! We faced some incredible competition on the North Hall stage and are honoured that our app was chosen by an expert panel as this year’s standout app. Thanks to everyone who attended the presentations yesterday and voted – your support means the world to us, and thanks too to the good folks of Living in Digital Times who organized the competition. (Read the full press release here.)

for the win!

PasswordBox COO Magaly Charbonneau & Director of Hype Maeghan Smulders

Of course, we won’t be celebrating this for too long – we’re working hard in preparation for the Mobile World Congress in Barcelona at the end of February, and we’ll have another exciting announcement to share that you won’t want to miss. Connect with us on Facebook and Twitter, or leave us a comment below. So long CES 2014, it’s been a blast!

Resolutions for a Digital New Year

Happy New Year friends! 

We hope you’ve all had a wonderful holiday season with family and friends. We certainly have, and now we’re excited to get back to work so we can start rolling out some of the awesome new things we’ve got in store for you this year. We’ll be sharing more on that later. For now, we’re talking about  resolutions for a digital new year.

As you know, we believe the health of your digital life is important (and not just us, the Wall Street Journal agrees!) and as the new year starts, it’s a great time to make a few small changes to your online routine. After large-scale data breaches last year, we learned that many users still overwhelming choose simple passwords like ‘password’ or ’123456′ to guard their online accounts. And many users also continue to re-use their passwords across multiple sites. As convenient as those methods are, they are also very unhealthy practices and leave millions of accounts vulnerable to hackers every year.

PasswordBox makes it easy to store unique passwords for all your online accounts, with a password generator that makes creating new passwords a snap. Here’s a few other tips that are simple to do and will save you money, time and stress all year.

  • Set a pin-code lock on your phone. (If you have iOS7 on your iPhone, you can customize your pin to a longer string of numbers or even a word or phrase.) We keep a lot of sensitive, personal information on our phones and with mobile theft expected to rise in 2014, this one change could be the most valuable upgrade to make all year.
  • Name a digital beneficiary. We’ll be talking a lot about our Legacy Locker feature in the months to come. (If you’re not already familiar, here’s a short video that explains how it works.) It takes less than 20 seconds to assign someone as a beneficiary for your digital belongings. And it’s an important thing to do for those you love. Not sure if your digital belongings have worth? Experts say our online assets’ value averages $55,000 – that’s not pocket change! Get started today by clicking on the ‘Legacy Locker’ tab in your PasswordBox.
  • Save your important personal documents to Wallet. Membership and loyalty cards, frequent flyer numbers, driving & other government-issued licenses, Social Security cards, passports… there’s room for almost everything in your digital Wallet. Plus, your encrypted Wallet info syncs to all your devices so you’re never caught without the information you need, when you need it.
  • Update your passwords. Yes, you’ve heard it before – but it really is that important. Use PasswordBox to make this an easy process. Use the strong password generator to automatically generate super-strong pass codes (that take centuries to crack!) for each of your accounts. Then use the ‘Memo’ section of each password’s Details page to note the date you updated the password, along with the answers to any security questions. Your updated passwords will sync with all your devices, so when you log in to PasswordBox on your tablet, you’ll have access to the password you just changed on your desktop.

With just a few simple changes to your practices, you can enjoy better security for all your accounts – and we hope, greater peace of mind in 2014 online and offline.

Best wishes, Team PasswordBox

**We’ve got big things in store at PasswordBox this year, and we don’t want you to miss any of it! Connect with us on Twitter & Facebook, and be sure to subscribe to our newsletter to get the latest news and to be eligible for contests, promos and freebies!

FREE Holiday Gift for NEW Users!

This season, we’re spreading holiday cheer with a FREE gift for NEW users!

Sign up with PasswordBox now and you’ll receive a free lifetime subscription. In less than 20 seconds you can say goodbye to password overload forever – and enjoy a faster, more secure online experience in 2014!

To get your FREE Lifetime Subscription, click here.

UPDATE: This promo has ended, but you can still earn a free lifetime membership by referring 5 friends to PasswordBox. Once your 5 referrals have created their own PasswordBox accounts, you’ll be automatically upgraded to a free lifetime account with unlimited storage as our way of saying thanks. Get Started now by clicking the Refer Friends link in your PasswordBox!

XMAS-POSTER

PasswordBox + Ad-Aware Partnership

Ad-Aware-11-1-Integrates-PasswordBox

Exciting times here at PasswordBox HQ, as we announce another great partnership! Lavasoft’s Ad-Aware, the world’s leading anti-malware software (with over 450 million downloads to date!), has recently integrated PasswordBox into Ad-Aware Version 11.1. This new version offers improved support for Windows 8.1, faster performance, greater usability and new languages. Now, Ad-Aware users will get to enjoy all the benefits of a product that is praised by critics and users around the globe with PasswordBox, the first comprehensive digital life manager. 

We’re very happy to partner with a company that is as dedicated to user security as we are and would like to send a hearty welcome to all of you now joining us through Ad-Aware. We’re happy to have you here!

Read more about the PasswordBox + Ad-Aware partnership here.

Get your own free version of Ad-Aware via Softpedia here.

Have questions or comments? Leave us a message below, or connect with us on Facebook and Twitter.