Heartbleed: What does it mean to you.
These are scary times, but we have some advice, and have compiled places below where you can go for more info.
By now you have seen the news, probably had people ask you if you were changing all your passwords, and are wondering if you should be freaking out.
We try to keep people from freaking out, but we do think you should changes some passwords, and in general follow some of our password advice.
There are a couple of really important things to keep in mind.
- While the Heartbleed vulnerability has gone undetected for a very long time, there are no known exploits or data losses. However, by the nature of the exploit, it is impossible to tell so its good be careful and vigilant.
- Changing your password on unpatched servers does not make you safe. Its important to wait until a server has been patched before you change your password.
- If you get a legit message from a service that you use asking you to change your password, please heed their advice. But also, beware of phishing scams. Bad people are out there and they will try to exploit your confusion. Be sure you are making changes on the legit site and not being scammed.
Below is a quick list of common services many of our clients use that have been patched that require password changes. If you use these services, go now and change your password. And, if you us that same login and password someplace else, you need to change your password there as well for safety.
- Google Apps
- Yahoo/Yahoo Mail
- Rackspace Mail
- Media Temple
Creativetechs Password Advice
Use a Password Manager (Keychain, 1Password, etc.)
Use different passwords everywhere. Yes this is difficult, but that is why we recommend a password manager.
Use complicated passwords. There is a ton of advice about how to create a complex password. (See links below) Just know that the longer the better, mix in Upper/lower case, add in some numbers or other characters.
Some useful links.
Heartbleed checker. Drop a url in here and see if the site you are visiting is safe.
The Heartbleed Hit List. Passwords you need to change right now.
Heartbleed explained in a video.