Don’t leave yourself vulnerable to attack. The Heartbleed Bug may not be front-page news at this time, but it is no less of a threat. Last week, we heard that the Heartbleed Bug posed a grave threat to Internet security and we were advised to take immediate action. Heartbleed affects OpenSSL, used by a majority of the web to securely send data. Thus, many commonly used sites are affected by Heartbleed. While the services we use on a daily basis, such as social networks, email services, cloud storage and video services, etc., are all actively producing patches to fix things on their end. Some of us have yet to do our part. That is, to support the above-mentioned security efforts, the public is advised as a precaution to change passwords immediately!
Change your passwords, simple, right?
This recent Internet security threat exposed a number of vulnerabilities and it has raised a number of questions in regards to daily computer use. How often do you personally change your passwords? How often should you change your passwords? Is it okay to use the same passwords on multiple sites? What is a Password Manager and how much do they cost? Now with the discovery of the Heartbleed Bug, what sites are the most vulnerable?
When the Heartbleed Bug was first announced, I was most concerned with my client’s websites, but I needed more information since I wasn’t sure as to the depth of the issue.
Immediately, I set out changing passwords, but soon realized it was going to take a while as I have a few dozen passwords both personally and professionally. At the same time, I began researching the bug by talking to colleagues and using resources provided by the Password Manager that I use to store passwords.
Recently, I raised this issue at a WordPress support group meeting. Anca Mosoiu, founder of the Oakland, CA based technology hotspot and salon Tech Liminal recommended that we “change our passwords and use the Heartbleed Hit List provided by Mashable.com for a current hit list of affected sites.”
When I examined the Mashable.com’s Heartbleed Hit List, I found the list contained a number of “commonly” used sites: Facebook, Pinterest, Google, Gmail, Yahoo, GoDaddy, Flickr, Netflix, YouTube, DropBox and more. Many of us probably use these sites on a regularly basis. They were all affected by the Heartbleed bug and it is suggested that we change our passwords.
After reviewing Hit List, I knew I had even more work ahead of me! Not only did I need to change professional site passwords but I needed to change the passwords of personal use sites as well. Also, I needed to inform my clients, family and friends that they needed to see the list and take action as well. Some of the sites on the list may surprise you.
“The best line of defense in a world full of hackers, scammers, and corporations playing fast and loose with your personal data is to be a more difficult mark than the average consumer.” — Matt Safford
Too many passwords to remember?
Earlier this year, I met with a potential client to discuss her site and social media. Since we needed to access the site and her social media assets, she pulled out two pages of typed sites with usernames and passwords. Seeing my eyes widen, she began to apologize. I smiled and told her that she was not alone as most of us have been in this predicament at one time or another. I recommended she use a password manager to store her passwords.
Password Managers are cloud-based and can be accessed via the major browsers to create strong passwords and simplify the log in process. They are good web security measure as well. Matt Safford’s recent article “Changing Your Passwords Isn’t Enough to Protect Yourself From Heartbleed” on Digital Trends recommends that “A great first step would be to upgrade your Web security measures…using a password manager.” Moreover, Matt further recommends the use of a two-factor authentication process for financial sites.
Though there are other password managers available, my colleagues and I use either LastPass or 1Password. While personally, I would never recommend you store the passwords of online financial institutions anywhere ever, most of us are happy to use a password manager for most other types of sites. Using a password manager will simplify your life. You can use them to store and generate strong passwords as you browse. LastPass is $12 per year. Conveniently, you can start out with a free account. 1Password is $49 annually and it is free to try for 30 days. In addition, the premium versions of these password managers can be used to sync with your mobile devices.
How often should you change your password?
Changing passwords is time-consuming and developing strong passwords is frustrating. I know. However, it is a sure-fire way to support your online security. The current recommendation is every 6 months or more often for critical accounts or if you regularly log into sites using a public computer.
One Password for multiple sites
Don’t do it. It is a bad idea to use one password for many sites because if one of your sites is hacked, it makes the others vulnerable. If you feel you’ve reached the point of having too many passwords to remember or feel compelled to write them down (another bad security practice); it really is time to use a password manager.
Change your passwords now and often
The best line of defense is a strong offense. We’ve all heard this phrase before. The popular sites we use regularly are currently updating their servers with security patches for the Heartbleed bug though there is no guarantee that our information hasn’t already been compromised. Protect yourself further, change your passwords regularly, don’t use the same password for multiple sites and invest in a password manager if necessary.