You’ve probably heard about Heartbleed by now. This major bug, which was accidentally created by the developer, has wreaked havoc on secure websites everywhere. You might have even begun noticing major disruptions on the Internet while companies install patches and clean up the mess it left. Many websites were affected and information could be compromised because of it, but most major companies that were not even attacked because of the vulnerability are advising you to change your password to avoid any chances of your account being breached.
The bug, which hit the entirety of Internet encryption, has damaged websites far beyond a mere annoyance. Internet encryption is what runs that SSL lock you see on many websites, and it was made to protect your most valuable information. Heartbleed allows the lock to be breached, but there is nothing to be frightened of as some sites might have you thinking. However, if you own a site that uses OpenSSL encryption, it might be a daunting task to repair this issue. We recommend you contact your website administrator immediately to make sure private information for your website and your customers stays private.
Heartbleed is a bit different than the average bug because it doesn’t necessarily walk right in the front door and steal your private information like credit card numbers, name, and phone numbers. The bug makes it possible for hackers to steal the security certificates used by websites that verify the site is authentic. If you trust a site to be authentic (by that lock or the SSL symbols) then you are most likely going to think it is the same bank or other institution you normally log into and fill in your username and password. There is the catch: that isn’t your bank. You don’t realize it, but the hacker has planned it.
While companies and website owners scramble to patch this vulnerability, you are probably wondering what to do to protect your information. The very best thing is to change all of your passwords immediately. Don’t give the hackers time to trick you into not only knocking on the door of that familiar looking website, but walking right on in.
The very best passwords are best set to at least 8 characters. Using a mixture of upper and lower case letters, numbers, and symbols is an even better way to make that long password. The 3 most important rules of password creation are:
- never use the same password on multiple sites.
- never use an easy to guess full word or phrase like “password” or “ILoveMom”.
- never use sequential numbers or letters like “1234” or “ABCD”
If you have password manager software that makes up passwords on the spot, then you are already ahead of the ballgame on appropriately safe passwords. Just be sure to change them a.s.a.p. to save yourself trouble later.