Heartbleed: Now What?

If you haven't heard about the Heartbleed bug yet, you've probably been hiding under a rock. If you still don't understand it, you're not alone. Simply put, the Heartbleed "bug" (not a virus) is a vulnerability in the software (OpenSSL) that encrypts on approximately two-thirds of all websites on the Internet.

(NOTE: This bug is only on 'open source' servers...meaning it's NOT Microsoft. Let that sink in for just a minute. Do you really want people working for free to protect billions of dollars worth of transactions?)

Immediately after the news broke on broadcast media, I began getting calls, "Do I need to change my passwords?" And the answer is?...It depends. I'll defer to security expert Brian Krebs:

For this reason, I believe it is a good idea for Internet users to consider changing passwords at least at sites that they visited since this bug became public (Monday morning). But it’s important that readers first make an effort to determine that the site in question is not vulnerable to this bug before changing their passwords. Here are some resources that can tell you if a site is vulnerable:

http://filippo.io/Heartbleed
https://www.ssllabs.com/ssltest
http://heartbleed.criticalwatch.com
https://lastpass.com/heartbleed

The bigger problem for the average user is finding all the Post-It notes containing their easily hackable passwords, most of which are duplicated across multiple sites. My point here is, if you use a different truly random and secure password for every login, you have much to gain in the never ending fight for security.

First, you'll be freed from having to remember so many passwords. Using secure password software like LastPass will enable you to quickly and easily login to any website. Second, you'll have a comprehensive list of websites for which you have logins; a very powerful piece of information when a breach (or potential breach) happens.

I've said it before, I'll say it again: get your act together and start using secure passwords. The better job you do, the less the potential for damage when someone does try to hack you.