Regex Password Vault Blog

Heartbleed and Regex Password Vault

by Shawn O'Hern April 13, 2014

Heartbleed logoSome of our users have asked if Regex Password Vault is vulnerable to the Heartbleed bug. This is important information, so we want to share it with all our users.

Regex Password Vault is not vulnerable to Heartbleed. The Heartbleed bug is a weakness in how some web servers have implemented the SSL/TLS protocol. SSL/TLS is the protocol used in secure (encrypted) Internet communications. When you visit secure websites with an https:// address, it is SSL/TLS that is encrypting the connection. Heartbleed exposes a weakness that could allow an attacker to snoop on the data being transferred, despite the use of encryption.

Regex Password Vault works by storing your passwords locally on your own computer. It does not transmit your passwords over the Internet. Therefore, by design, Regex Password Vault is not affected by the Heartbleed bug.

With that being said, it is wise to change the passwords to all your online accounts. Online services could possibly be affected by Heartbleed, depending on which type of web server they use. The best way to find out if the services you use are affected is to contact the companies that operate each service. If you cannot find information for a specific service, then it is best to change that password.

For more information about Heartbleed, please see http://heartbleed.com/ or http://en.wikipedia.org/wiki/Heartbleed.

If you ever have any questions about the security of Regex Password Vault, please contact us!

Categorized as: Personal Security, Security News

Don't reuse passwords

by Shawn O'Hern February 25, 2013

In light of the recent attacks on Twitter, The New York Times, Zendesk, and several other companies within the past month, I thought it would be a good time to discuss the dangers of using the same few passwords everywhere.

Imagine that one day, a website or service you use suffers an attack. Your password and some other personal info is leaked as part of the data breach. If that password is unique to that one account and used nowhere else, as unfortunate as the attack would be to you, at least the damage will be limited to that account. But now imagine that password is the same password you use for your online banking, webmail, or any other sensitive accounts. Suddenly you are in much more danger. If the attacker uses the breached password to access those other services, he or she will be able to wreak some serious havoc on your life.

Unfortunately, this is not just a theoretical threat. This sort of thing happens quite frequently and can lead to identity theft. If an attacker steals credentials to one site or account, he or she will try using those same credentials to log into other sites to see if they work. So if you are in the habit of using a few favorite passwords everywhere, stop it! Believe me, I know it's a hard habit to break. I even catch myself reusing passwords sometimes, either because it's too hard to memorize new passwords, or just out of sheer laziness. But it's just something we have to do. Online security and identity theft are not things to be taken lightly. Regex Password Vault is one of the most secure and convenient ways to store large numbers of passwords. When coupled with the built-in random password generator, it is super-easy to use strong and unique passwords for all your accounts.

We plan on adding a tool in a future release of Password Vault that will smoke out any duplicate passwords you may have in your Vault file. More details about this will follow.

Categorized as: Personal Security, Security News

Yahoo Breach Exposes Over 450,000 Passwords

by Shawn O'Hern July 13, 2012

Yahoo confirmed yesterday that login credentials for over 450,000 user accounts associated with its Yahoo Contributor Network were compromised on Wednesday and published online. You can read more about this story here and here.

What information was leaked?

Usernames and passwords for over 450,000 users. Approximately 300,000 of those accounts were for non-Yahoo email services, such as Gmail, Hotmail, and AOL. This is because many users opt to log into Yahoo Contributor Network with a non-Yahoo email address. Additionally, personal data (such as full names, addresses, birthdays, and phone numbers) associated with the compromised accounts were leaked as well.

Who is at fault?

This incident appears to be the result of lax security practices by Yahoo. The exposed passwords were stored in plaintext form, which never should have been allowed. And the hackers claim to have accessed the data using a SQL injection attack, which is a fairly simplistic type of attack. The fact that a tech company as sophisticated as Yahoo did not take precautions to prevent this type of attack is quite disturbing.

Even if my account wasn't compromised, what can I learn from this?

The most important lesson is don't use the same password for multiple websites. Use a different password for each site. That way, if your password is ever compromised on one site, attackers won't be able to use that same password to gain access to your other accounts.

Also, it's always a good idea to use strong passwords made up of random sequences of letters, numbers, and punctuation. Don't use whole words or easy-to-guess sequences such as birthdays or "123456". Although a strong password wouldn't have helped you in this case (the passwords weren't guessed by the attackers, they were leaked directly by Yahoo), it's a best practice nevertheless.

A password manager such as Regex Password Vault makes it incredibly easy to use strong, unique passwords for each of your accounts. Regex Password Vault can securely store an unlimited number of passwords, it can fill login forms for you so you don't have to remember those passwords, and it has a random password generator to create strong passwords with a single click.

Categorized as: Security News

What is Regex Password Vault?

Regex Password Vault is a password manager and form filler for Windows. It simplifies your life by remembering all your usernames and passwords for you, saves you time by logging you into websites and filling out long web forms with a single click or keystroke, and keeps you safe online by making it easy to use strong, unique passwords for all your accounts!

Introduction
Features
System requirements
Download a free trial