Heart bleed with bandaid

Providing Time for Employees to Change Their Passwords

Filed under:

With the highly publicized Heartbleed vulnerability this week, a vulnerability in the core of internet security has been exposed. While the vulnerability hasn't been widely known, it has existing in perhaps 2/3 of the internet for more than a year, meaning any passwords that have been used during that time are likely compromised.

So what's a company to do? At Metal Toad (and hopefully your company) we are providing time for our employees to update their passwords. While the short term cost will have some minor impacts to productivity, the long term benefit of knowing that our employees - and by extension our company - are protected is potentially priceless.

How to do it right

  • Dedicate time. When kicking off a password reset campaign, don't provide an option to reset passwords, block off some time where it is a mandatory task.
  • Don't try to time box it. Provide whatever time is needed for employees to document (and reset) their passwords.
  • Focus on the big stuff first. The most important accounts to fix are your email accounts, followed by financial accounts. Why email first? Because on most of the internet email provides a path to reset any and all of the passwords for accounts associated with it.
  • When in doubt, check it out. While most sites have implemented the Heartbleed fix, you can always make sure by running the domain through this website: https://www.ssllabs.com/ssltest/ (Not every site will receive an A grade, but you can look at the details to see if the Heartbleed bug has been patched).

That's it! Let's go through an make sure we keep Heartbleed from turning into a Heart Attack!

Date posted: April 11, 2014

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <cpp>, <java>, <php>. The supported tag styles are: <foo>, [foo].
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Metal Toad is an Advanced AWS Consulting Partner. Learn more about our AWS Managed Services

About the Author

Joaquin Lippincott, CEO

Joaquin is a 20+ year technology veteran helping to lead businesses in the move to the Cloud. He frequently speaks on panels about the future of tech ranging from IoT and Machine Learning to the latest innovation in the entertainment industry.  He has helped to modernize software for industry leaders like Sony, Daimler, Intel, the Golden Globes, Siemens Wind Power, ABC, NBC, DC Comics, Warner Brothers & the Linux Foundation.

As the CEO and Founder of Metal Toad, an AWS Advanced Consulting Partner, his primary job is to "get the right people in the room".  This one responsibility is cross-functional and includes both external business development functions as well as internal delegation and leadership development.

A UCLA alumni, he also serves in the community as a Board Member for the Los Angeles Area Chamber of Commerce, the Beverly Hills Chamber of Commerce, and Stand for Children Oregon - a public education political advocacy group. As an outspoken advocate for entry-level job creation in tech he helped found the non-profit, P4TH, an organization dedicated to increasing the number of entry-level jobs in the tech industry, and is in the process of organizing an Advisory Board for the Bixel Exchange, a Los Angeles non-profit that provides almost 200 tech internships every year.

 

Schedule a Free Consultation

Speak with our team to understand how Metal Toad can help you drive innovation, growth, and success.