Heartbleed: What Is It and How Can You Protect Yourself

The Heartbleed bug has been a hot topic in the past week. It has been covered in everything from newscasts to online blogs and all that information can be quite overwhelming for the average user. Here’s some practical information to help you understand what’s happening and how you can protect yourself.

What Is The Heartbleed Bug

The Heartbleed bug is a security vulnerability stemming from an encryption flaw on certain websites. I won’t get into the technical aspect too much but it basically allows cybercriminals to access personal information such as passwords, email addresses, credit card details, etc.

This vulnerability is present on a large number of popular websites, including the CRA’s online tax filing services. The risk is further compounded by the fact that many users use the same password for multiple websites and online services. If you’re one of these people, this means that if a cybercriminal exploits the vulnerability on one website, they have your password to multiple websites. Luckily, most banking institutions use more conservative encryption, keeping your data safe from Heartbleed.

So now that we’ve established that this is a big deal, what can you do to protect yourself?

How You Can Protect Yourself

While your information might have already been exposed, there are still steps you can take to protect yourself. Here’s a step-by-step guide to minimizing your risk:

1. Find out which websites you visit that have been affected.

There’s a list of popular websites and online services available here. You can also use this Heartbleed checker. You should be aware that mobile apps that are attached to websites (eg. Dropbox) are also vulnerable.

2.  Make sure the flaw has been patched.

For the websites that were vulnerable, make sure that the flaw has been patched before you go any further. The Heartbleed checker is great for this because it tells you if the website is safe. If you prefer to use the list, you will need to check each website’s blog or Twitter account to see if they’ve patched the flaw. If the company has not released a statement, you might want to contact them to ask.

3. Change your passwords.

Once the affected websites have been patched, you should change your passwords. Now that we’ve learned how using the same password across all websites and online services can leave you exposed to cybercriminals, make sure you’re using a different password on each site. It’s also important not to use passwords that can be guessed by obtaining your personal information. For example, using birthdates or pet names can leave you vulnerable to social engineering. An ideal password is at least 8 characters in length and is a random collection of letters (in alternating cases), numbers, and special characters.

Naturally, having several “ideal” passwords makes it difficult to remember them all. To help you manage all these passwords, I recommend trying a tool like LastPass. LastPass is an online service that allows you to generate secure passwords for all your online accounts. You won’t have to remember all these passwords because you’ll be able to access them using one master LastPass password.

Doing all this might seem like a lot of work but it could save you from becoming a victim of a host of cybercrimes, so it’s a worthwhile time investment. With security vulnerabilities cropping up every few months, finding an effective password manager that works for you can keep your sensitive data secure.

By Mike Agerbo

April 15, 2014