Welcome to the latest facepalm moment in online security – the Heartbleed bug. This devastating vulnerability lives in the popular OpenSSL cryptographic software library. OpenSSL is ubiquitous in open source web servers like Apache and nginx. That’s over 66% of all web servers on the internet. Literally millions of websites are affected, including Google, Facebook, Twitter, Yahoo and other heavyweights.
The Heartbleed bug is so damaging because it exposes the contents of a server’s memory, where extremely sensitive data is stored. Usernames and passwords? Check. Credit card numbers? Check. Digital keys for encryption/decryption? Check.
Note that first one – usernames and passwords. Yet again the dangers of single-factor authentication come back to bite us in the collective butt. If multi-factor authentication was universal, the Heartbleed bug wouldn’t be affecting hundreds of millions of end users.
The advice systems administrators are reading everywhere – Set up two-factor authentication everywhere you can. SurePassID makes it easy. With SurePassID Community Edition, you can deploy multi-factor authentication for up to 50 users at no cost.