If you have a Yahoo or Bellsouth email address you need to change your password NOW. The tech world is going crazy right now with the discovery of the “Heartbleed Bug”. What is it and what does it mean to you?
The “Heartbleed Bug” is a loophole in OpenSSL, the encryption software some websites use for storing sensitive information like your username, password, and credit card info. Not all websites use it, but one of the biggest out there is Yahoo. This means that websites that use OpenSSL, or have used it in the past, such as Google and Amazon and other huge sites may be spilling some of their secrets. I mean our secrets.
You can think of OpenSSL and other encryption software out there like a safe. When we enter our credit card numbers in a website, that data is encrypted on their machines, (putting the data in the safe) so if people hacked into their server and stole information, they wouldn’t be able to crack the encryption and access our information. A vulnerability in OpenSSL means that the key to unencrypting all that info was found and can now be used to unravel all that sensitive data (not good… broken safe). Hypothetically someone who may have hacked into Amazon years ago and downloaded data but couldn’t get into it then, now has the keys to see and use it.
This means that now is the time to change your passwords and keep an eye on your credit card transactions. Here’s a list of websites that are vulnerable to the bug. Just because you don’t see a website you use often on the list of vulnerable sites doesn’t mean you don’t need to take action. We have no idea what information has been downloaded previously by people waiting for encryption software like this to be broken.
The good news in all this is you now have a good reason to update those old weak passwords and you can start to store them in a database app like 1Password. LastPass is using OpenSSL but they are patched and invulnerable at this point. If you have not read my post on password management, now would be a great time to read it. For a task of updating old passwords and figuring out which ones are old and weak, 1Password has it nailed.
This is a screenshot of my 1Password app. Notice the bottom left has a section called Security Audit. This is how I’m going to easily change all my passwords. Each of the logins has an option to click the page that logs me into that site. When I click on it, it takes me right to the page and fills in my old username and password.
I can then find where to change my password and let 1Password create a strong password for me and it will update your login for you.
If you’re in password hell, it’s time to get a password manager and get on top of this now before things get worse. Consider buying 1Password for Mac and/or 1Password for iPhone and iPad. If you need some help, please reach out to me and check out my services page.
Want more information on Heartbleed and how safe 1Password is? Here are some great links for you.
Here’s the link to check any website to see if it’s vulnerable to the Heartbleed Bug.
What is it going to take to finally get you to the point that you find a way to create strong passwords and manage them? What’s working for you?