April 16, 2014 § Leave a comment
Because of its scope and untraceability, the Heartbleed bug is one of the most significant security vulnerabilities since the Internet has existed. As many as two-thirds of all active sites, including some of the largest like Facebook, use the software in question to keep information secure. And there’s no way to detect where attackers might have exploited Heartbleed to steal data, eavesdrop on conversations, or impersonate services or users.
Everyone needs to change passwords on affected sites, but only after those sites have fixed the problem. There are several ways to check the sites you use. Mashable, for instance, is maintaining a list of the status of major sites and services.
You can check individual sites on password manager LastPass. (If you’re already a LastPass user, you’ve got a built-in Heartbleed checker for your accounts – but for new members it may perceive all your passwords as new and therefore safe.)
Tools are also emerging like Google Chrome’s free Chromebleed extension that checks the URL of the page you have just loaded and displays a notification if it is affected by Heartbleed.
Passwords on “safe” sites
If the password you’ve used on a vulnerable site is the same one you’ve used on some unaffected sites, change those, too. And in the future, don’t use the same password in multiple places.
The best passwords are a random mix of letters, numbers and symbols. And they’re changed regularly.
A password manager can simplify life by helping you create and remember your new long list of indecipherable passwords. A few that get good marks from Macworld or PC World are LastPass, 1Password and Dashlane.
Setting up a password manager may take some time initially, but afterward will save time, effort…and heartache.