You may have heard about the Heartbleed bug, possibly the largest internet security flaw, ever. If not, pay attention! We are here to make it easy to understand as well as provide some action steps for you to take to protect yourself as best you can.
What is it?
In its simplest form, it is a hole in the security of so-called “secure” sites. It is the S in HTTPS, as indicated by the little padlock symbol in your browser’s URL bar.
Although this bug was just recently discovered, it appears to have been in existence for over two years without a completely disastrous (yet) effect.
Should you be concerned?
Yes. Now that the bug is public knowledge and repercussions are not yet known, you can take steps to protect yourself. Many of the bigger sites that were affected like Google and Facebook have already applied fixes to their site’s security. Others, like many banking websites were not affected at all.
For a list of affected websites and more, you can read this article.
What should you do?
Change your passwords
Maybe not every password right this minute – keep checking into sites like the one we linked to above. Their list of sites continues to grow and the status of whether or not a site has been fixed is continually updated. Until a site is determined to be either unaffected or patched, simply changing your password now doesn’t really solve the issue. But be ready to change all of them over the next few weeks.
When you do change your passwords, make them robust using a combination of symbols, letters (lower and upper case) and numbers. Also – use a different one for each website. I know, it sounds terrible, but we have a solution for you:
Use a password manager.
We recommend 1Password, available for the Mac, Windows, iPhones, iPads and Android devices. New, strong, unique passwords are your best defense against Heartbleed. 1Password makes this easy by generating secure passwords for you (if you want) and storing them in a secure (no, really) vault.