No, it’s not the title of an 80’s pop song, but it is a trend that’s currently sweeping the nation. Heartbleed is the name of a pretty serious bug on the Internet that has exposed a vulnerability to Internet protocols that were supposedly encrypting and protecting passwords and other sensitive information. When those protocols are exploited, they can leak their memory contents. Until the encryption is fixed, your passwords and credit card information, along with data information that can be used in phishing, could be found and used by hackers. Unfortunately, you won’t know if something has been hacked or stolen, until it’s too late.
Have sites you use been affected? Almost certainly. CNET came up with a list of the top 100 sites across the Web that were affected. Companies like LastPass and Qualys SSL Labs submitted their own checker services (click here for LastPass and here for Qualys SSL Labs).
The “digital forensic specialists” at LWG Consulting have come up with a handy graphic that showcases what major sites have been affected (and thus what information you need to change):
That’s where password managers come in. Password managers not only store your password information (and sometimes financial information and address books as well). They also have can create strange, unique login passwords for new sites that you register on. You don’t have to remember or record all these passwords – you only have to remember ONE master password, which allows any site to be accessible on any device, as long as you remember that master password. With severe security breaches like Heartbleed, password managers may provide that extra level of protection you need. If you’re looking to work with password managers, four you can consider are: 1Password, LastPass, PasswordBox and Dashlane.
Take some time today. Take a look at the sites affected by Heartbleed. Change your passwords. It really is worth your time – otherwise it could cost you in the long run.