What the “Heartbleed Bug” Means to You and What You Should Do Now

heartbleed-300x363

If you have a Yahoo or Bellsouth email address you need to change your password NOW. The tech world is going crazy right now with the discovery of the “Heartbleed Bug”. What is it and what does it mean to you?

The “Heartbleed Bug” is a loophole in OpenSSL, the encryption software some websites use for storing sensitive information like your username, password, and credit card info. Not all websites use it, but one of the biggest out there is Yahoo. This means that websites that use OpenSSL, or have used it in the past, such as Google and Amazon and other huge sites may be spilling some of their secrets. I mean our secrets.

You can think of OpenSSL and other encryption software out there like a safe. When we enter our credit card numbers in a website, that data is encrypted on their machines, (putting the data in the safe) so if people hacked into their server and stole information, they wouldn’t be able to crack the encryption and access our information. A vulnerability in OpenSSL means that the key to unencrypting all that info was found and can now be used to unravel all that sensitive data (not good… broken safe). Hypothetically someone who may have hacked into Amazon years ago and downloaded data but couldn’t get into it then, now has the keys to see and use it.

This means that now is the time to change your passwords and keep an eye on your credit card transactions. Here’s a list of websites that are vulnerable to the bug. Just because you don’t see a website you use often on the list of vulnerable sites doesn’t mean you don’t need to take action. We have no idea what information has been downloaded previously by people waiting for encryption software like this to be broken.

The good news in all this is you now have a good reason to update those old weak passwords and you can start to store them in a database app like 1Password. LastPass is using OpenSSL but they are patched and invulnerable at this point.  If you have not read my post on password management, now would be a great time to read it. For a task of updating old passwords and figuring out which ones are old and weak, 1Password has it nailed.

This is a screenshot of my 1Password app. Notice the bottom left has a section called Security Audit. This is how I’m going to easily change all my passwords. Each of the logins has an option to click the page that logs me into that site. When I click on it, it takes me right to the page and fills in my old username and password.

1Pass Audit

I can then find where to change my password and let 1Password create a strong password for me and it will update your login for you.

Screen Shot 2014-04-09 at 10.59.09 PM

If you’re in password hell, it’s time to get a password manager and get on top of this now before things get worse. Consider buying 1Password for Mac and/or 1Password for iPhone and iPad. If you need some help, please reach out to me and check out my services page.

Want more information on Heartbleed and how safe 1Password is? Here are some great links for you.

Here’s the link to check any website to see if it’s vulnerable to the Heartbleed Bug.

 

What is it going to take to finally get you to the point that you find a way to create strong passwords and manage them? What’s working for you?

Please note: I reserve the right to delete comments that are offensive or off-topic.

  • Thanks, Shawn, I use LastPass so I’ll be sure to check out the affected sites and change my passwords. I did read somewhere that changing your password won’t help if the site hasn’t reconfigured their SSL certificate, because hackers would just get your new password just as easily. Is this true? Does that mean we should change our passwords now and later for those sites which haven’t been updated yet?

    • Yes, I believe that’s true. If the site hasn’t been patched yet, your password could still be stolen. However, I’d rather them steal a new long random password that was generated for me, than one I used to recycle and haven’t got around to changing all of them yet.
      To be safe I would change them now and then after it’s been patched do it one more time.

      • Sounds like good advice. Also, when I went to change some passwords I discovered that LastPass’s security check has been updated to alert you if any sites you use were affected by HeartBleed. I don’t know if 1Password has done the same, but that made things a lot simpler.

        • Wow! That’s an awesome feature, I hope 1Password does that. Unfortunately I doubt it will happen soon with how long it takes to push updates through the App Store approval process.