Find out how hackers protect themselves from the Heartbleed attack

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

NEW YORK (CNNMoney) — Want to stay safe on the Internet? It’s time to rethink all your passwords.

That’s what David Kennedy did. He’s a security researcher and “ethical hacker,” and remembers only one: It unlocks a password vault, an encrypted database that stores dozens of his other passwords. Each one ranges from 30 to 50 characters long.

“Even if hackers got access, it’s protected and encrypted and keeps it in encrypted format,” said Kennedy, who has the tech skills to crack passwords easily.

Web security tools are increasingly in focus as people scramble to change their passwords following a software bug called Heartbleed, which enabled security holes on sites thought to be secure.

Along with strong passwords and safe password storage, Kennedy also says 2-factor verification is a must for anyone signing in to a website. With this process, you enter your regular password, but that triggers a text message or a phone call with an additional code you must enter before signing on.


David Kennedy is a security researcher and “ethical hacker,” and remembers only one password that unlocks a vault, an encrypted database that stores dozens of his other passwords.

Robert Hansen, Vice President of Labs, WhiteHat Security, advises people not to use the same password for different websites. As a security researcher who understands hacker communities, Hansen is extreme when it comes to his own security.

“When I close my browser, the cache and cookies are removed…all third party cookies are removed,” he said. “All ads are removed. All tracking systems are disabled.”

Both Kennedy and Hansen agree: In an increasingly hackable web, passwords are antiquated.

“We need to move to different technologies that support something other than a password,” Kennedy said.

One solution: biometrics.

Apple’s iPhone 5s and Samsung Galaxy S5 include a fingerprint scanner. Other companies are also building out biometric technology. A company called Bionym recently created a wristband that recognizes a user’s cardiac rhythm for authentication purposes.

But passwords aren’t going anywhere any time soon, Kennedy said, and the impact of the Heartbleed bug will be felt for a long time.

“Heartbleed is probably one of the largest security exposures that we’ve ever seen,” he said. “It’s a big deal and it’s not going away soon.”

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.