If you use the Internet and have accounts with passwords, then the Heartbleed bug affects you. You’ll want to change your passwords, but before you jump online to do so, heed a few warnings. At this point in the game, computer experts advise that you should wait until each website has updated its security certificate before you change your password.
What Is Heartbleed?
Heartbleed is a bug that affects websites that run SSL encryption, which is a standard method of encrypting information passed between a server and a client. SSL encryption is typically used to encrypt passwords and credit card numbers that are entered into websites, for example. The problem with Heartbleed is that it capitalizes on a vulnerability in SSL encryption that wasn’t discovered by the public until April 2014. This vulnerability would allow hackers to see private information entered into websites using SSL encryption.
When to Change Your Passwords
The reason why you want to change your passwords is because your password may have been exposed while the SSL encryption was vulnerable. However, you don’t want to change your password until a website has updated its SSL certificate to one that isn’t vulnerable. The reason is because hackers who didn’t know about the vulnerability will know about it now. They’ll be using the vulnerability to try to catch passwords while they’re being changed by panicked people. So wait to change your password until a website has fixed its vulnerability.
Applications that Make it Easier
Your task is a lot easier if you use a password manager to store your passwords. For example, LastPass has tried to make navigating Heartbleed as easy as possible for its users. LastPass users store all their passwords in the LastPass system. Because of the system’s encryption measures, it wasn’t affected by Heartbleed. LastPass users can run a security check that will scan all their passwords and alert them as to which ones they need to change. It will also tell them if the website has updated its certificate yet and whether it’s safe to go ahead and make the change now. If you don’t have a password storing application like this, then many websites are keeping an ongoing list of what sites are ready for you to change your password. Just Google “Heartbleed” and look for sites such as Mashable that are keeping an updated list. Or you can use a Heartbleed test, such as the one at Filippo’s website. LastPass also provides a Heartbleed checker for people who don’t use the LastPass service. Just enter the web address of the site where you want to change your password into the checker, and the service will tell you if the website’s ready for you to change your password or not.
Don’t panic. Although Heartbleed is a serious security risk, panicking could actually put you at greater risk. Don’t run out and change your password until you’re sure that the website has updated to a secure SSL encryption. In the meantime, stay calm and keep an eye on your secure information, such as your financial records, to make sure no one’s using information they may have gained access to.