The Heartbleed Bug: Which Passwords Should You Change?

Heartbleed
Image by Sarah Pinault.

We live in a world of computer viruses. The fraction of a penny heist pulled off in Office Space and the cyber attack in Live Free or Die Hard; these worlds were created to entertain us, but have a greater chance of happening than the dinosaurs and poltergeists that recur in our dreams after one too many Spielberg movies. I try not to listen to too much of the hype surrounding bugs and viruses, but I admit to being a little cautious with this latest one, the Heartbleed bug.

The Heartbleed bug is an encryption flaw and is very different than the Trojan Horse blends that we’ve become so accustomed to seeing. The bug has affected web servers that run Apache and Nginx software. These are names that you might not have heard of, but are used by companies you do use every day, such as Gmail, Facebook, and Pinterest. This bug is being described as having the potential to expose private information—information that you or I may have entered enter into websites, applications, web email, and even instant messages.

I want to know what I can actively be doing to protect me and mine, while the big companies get their OpenSSL in order.

Mashable.com has compiled an excellent listing of the companies that have and have not been affected, including recommended steps for the everyday user. Many companies have already patched the bug, and you can find that listing at Cnet.com.

Some advice from GeekMom:

1. Take a look at the Mashable list and compare it to the sites you regularly visit. Determine if you need to take any recommended steps.

2. If you are using LastPass in your browser, follow these steps to scan your sites and stored passwords, to see what has been affected.

3. Keep an eye on your spam and trash folders. If you have filters set for accounts you use but don’t want to read about all the time, a warning or some instructions may have come through that you’d best take a look at.

4. Change your passwords, use a variety of passwords, and use different passwords. This is always good advice.

5. Wait a week and check again to see if anything else has filtered through that you should be paying attention to.

6. Pay particular attention to anything confidential, such as your bank account, online payments, and email.

There are some amazing geeks out there working on patches and fixes, and resuming normal service. But just like we teach our kids to look both ways before crossing the road, we should be checking our passwords and security settings before moving on from this.

Get the GeekDad Books!