On Monday, April 7th, the Internet was made aware of a massive vulnerability in security due to what’s being called the Heartbleed bug. Simply put, hackers are able to use the Heartbleed bug, which has apparently been around since 2012, to potentially get secure information that can be used to access your online accounts.
In other words, email accounts, bank accounts, social media accounts, basically the entire Internet is vulnerable.
The issue comes down to the technology used to establish a secure connection between a website and your browser. The bug allows hackers to get a large data dump from the server that can include private information such as your password and session id. If that last part doesn’t make sense, then just trust me that it’s really bad.
Coders can read more about the exact details on Gizmodo.
How to safeguard against the Heartbleed bug
There are already several resources available to help consumers and website owners. For example, LastPass has created a page where you can check if a specific site is vulnerable to the Heartbleed bug. If you are wondering whether or not a site is vulnerable, then try using LastPass’ Heartbleed checker.
Many sites have already implemented a fix. For example, service IFTTT actually sent me an email today letting me that they had implemented a fix but still recommended resetting my password.
The best thing that you can do is reset your passwords, all of them.
I know. It sucks. But you don’t want your bank account hacked. In fact, you should keep close eye on your financial accounts for the next several days to make sure that you aren’t hacked.
The folks at Mashable have created a list of affected sites with a recommendation on whether or not you should reset your password.
Also, CNET has several more ideas on how to protect yourself.
What constitutes a strong password
A strong password has several components:
- Combination of letters, numbers and special characters (for example ! @ # $ )
- Combination of upper and lowercase letters
- Minimum eight characters long
- Does not contain a dictionary word or name
If you need help creating a new password, try using a password generator.
Further, consider using a password manager such as LastPass or 1Password (read a review of 10 different password managers). The more popular services work across multiple devices and browsers. They manage all of your passwords and can help generate very strong passwords. You only have to remember the password to access you password manager.
Here’s a brief video from LastPass showing how a password manager works (and no, I’m not being paid by them).
Take action before you’re a victim
If you are like many people, you probably haven’t changed your password ever lately. So take action and protect yourself against hackers. Even if it isn’t the Heartbleed bug, there are other ways to have your passwords stolen.
Also, let your friends know by hitting one of the social share buttons below.