Time to change passwords

4699Internet users are being encouraged to change all their passwords, particularly ones used for high-security needs such as banking, buying online and email.

A major security flaw has been uncovered which could allow hackers to gain passwords and sensitive data.

Some security experts have warned that the situation could be grave.

The flaw has been named the Heartbleed Bug because it could allow a leak of information between servers and clients.

Presently the system used, OpenSSL, scrambles sensitive data as it goes between computer servers so that only the service provider and the customer can make sense of it. If a company uses OpenSSL, a padlock icon appears on the web browser – although other rival products can also use the same icon.

Now it is understood that the flaw has existed for more than two years.

It is not known if hackers have used this flaw, but it does have the potential to allow them to access names, passwords and data as well as setting up spoof sites which appear legitimate.

Many service providers rushed to install a new version of OpenSSL, but the advice remains that it is a good security step to reset passwords.

"As long as service providers have patched their software it would now be a prudent step for the public to update their passwords," said cybersecurity company NCC Group.

A less urgent view was taken by a researcher at the University of Cambridge Computer Laboratory. "I think there is a low to medium risk that any given password has been compromised," said Dr Steven Murdoch. But he added “changing your password is very easy to do”.

Some advice given on password changes:

-      Don’t choose a name that can be associated with you through social media, such as a pet’s name

-      Use a word not in the dictionary

-      Use a mixture of unusual letters and numbers

-      Use different passwords for different sites and systems

-      Keep passwords safe