Quick “To-Do” List
Important Update (4/14/14) If you get any email, no matter how legitimate it looks, telling you to click on a link and update your password, DO NOT CLICK ON EMAIL LINK. No legitimate company would do this. The only way you should update passwords is to go to your web browser of choice and click in “www.” and the website. Never go from a link.
Note: For those of you who don’t want (or care) to read the details below – change passwords for your most important websites: http://bit.ly/1kY8wIK
1. If you’re not using Last Pass Premium. Get it. Buy It. Use it to generate all passwords and save all passwords. Works on all Computers, all mobile devices. Note: When setting password for Last Pass – go here to check how good your password really is and how easy it can be cracked.
2. Go to this spreadsheet – update all of these passwords – immediately – with different passwords for each: Google Spreadsheet – Copy and paste this link: http://bit.ly/1kY8wIK if “Google Spreadsheet” link didn’t work for you
3. Just to make sure, update banking passwords – even though those were probably not affected.
4. Only use Last Pass to fill in passwords on sites. (BTW, Roboform and 1Password are awesome, too, we just like LastPass best. No need to switch if using others).
5. Check Mashable’s List of Sites regularly for next 2-3 weeks and see which sites have been patched after you’ve done your spreadsheet mentioned above.
6. Bonus Tip – when going through and changing passwords, you’ll probably be looking at a list of passwords, cancel the accounts you don’t use any more. Here are two great sites for cancelling accounts: Account Killer & Wiki Cancel.
The Heartbleed Security Vulnerability is probably the biggest security issue we’ve seen to date – ever seen. The bug has been around since December 2011. Many programs started using vulnerable software starting in May 2012. So any password you’ve used since December 2011 is vulnerable to this attack. Even if the service that you use (Facebook, Gmail, Pinterest, GoDaddy) put the patch in place, you’re still vulnerable because the evil password stealers out there could be sitting on your passwords waiting to use sometime in the future. This could very well be the reason so many people’s email accounts get hacked.
Who’s affected? Yeah, that would be anyone who uses a Mac, a Windows, A Linux Computer, an iPhone, an iPad, a Galaxy S-S5, or any other mobile device to access a website on the Internet.
So, the vulnerability was widely disclosed last week and many people have scrambled to fix their servers. The following list have guaranteed to have patched their servers already. But, many others could take months to patch their servers. The good news is that most financial institutions appear not to have been affected.
Change Passwords on the following sites – These are the major sites that have been patched, so your changes will stick and you shouldn’t have to “re-change” your password, like you’ll have to do with other companies who patch in the future. If there’s a site you normally use, check the Mashable site in references below or use the LastPass Heartbleed Test – one site at a time.
- Google – including Gmail, Wallet, Play
- Yahoo – including Yahoo Mail
I have compiled a Google Spreadsheet that you can use to keep track on when you changed your passwords. I put a column for the date changed as well. NOT the new password. If you want a copy of this you can print it out, save it, or copy it into your Google Docs and use it. I’ve listed these in order of importance (my opinion of course).
A note about changing passwords – now’s the time to have NEW PASSWORD FOR EVERY SITE. As almost all of you have either one or two passwords for every site (trust me, after 20 years in the tech business, I know), when your password is compromised on one site, most hackers know this is your password for every site and they’ll try it on all your bank accounts, email accounts and social media accounts.
But, you say, WHAT A PAIN IN THE A**! Well, use a password manager. See our tutorial on changing your passwords and checking strength of passwords.
For Additional Reference
Very through list of sites that have changed and need changing – constantly updated – by Mashable.com
HeartBleed explained in Simple Video
Top 10,0000 worst passwords
Check One Site at a Time – see if it’s been patched – By Lastpass.com
First off, let me just say this: Yes, passwords are important. Many of us tell ourselves that they are just formalities, or that you don’t store information online or on a hard drive, but the facts are this: Someone, somewhere, “keeps your record on file.” I’m not saying we should all have less faith in our neighbors, but someone is keeping close tabs on you, and there is no harm in protecting yourself. So change your password. It is the simplest and least expensive identity and privacy protection you can get.
So, now that that diatribe is out of the way, let’s be frank about the actual password. In short, make it a good one. Yup, having your child’s and/or pet’s name as your password, not such a good idea. And don’t even try to keep inquiring minds away with “love” or “god.”
And having the same password for all site – phones – computers (computer admin, email, social media, shared accounts, billing and bank services) is not practical or fruitful.
One solution: Password Managers to help keep the login info within reach.
Our 3 Preferred Password Managers: LastPass, Roboform, 1Password. All 3 of these are compatible with Windows, Mac, iPhone, Andorid, iPad. LastPass & Roboform are more versatile in that both support Windows Phones and LastPass supports Blackberry devices. We like LastPass Premium the best of the three. All 3 of these excellent Password Managers will generate and save non-pronounceable passwords for you.
A few good choices
Password Generator (like this one – you can save a copy of page on your desktop – so it doesn’t access internet when setting passwords)
Note: all Password Managers mentioned above will also generate very secure passwords.
PS This is an update of a September 30, 2010 post. Those of you who followed this advice from four years ago then most likely will find it much easier to update passwords using one of the Password Managers I mentioned.
PPS Worst passwords you can use (aka most common) – Top 10
Yes, the apocalypse is happening. It’s April 9, 2014 and Microsoft has ended support for Windows XP.
The great news is that both your computer and your Office 2003 documents and Word, Excel, PowerPoint and Outlook 2003 will continue to function just fine. The main drawback on this end of support is security vulnerabilities.
So, you have Windows XP and you’re wondering what this means to you, who still have Windows XP on your 10 year old laptop or desktop.
1. You can no longer call Microsoft Support if you have any Windows XP questions.
2. You will no longer get Windows updates every Tuesday, this includes updates to Internet Explorer versions that are supported on Windows XP. Internet Explorer 7 and 8 will no longer get updates.
3. Microsoft Security Essentials will no longer be updated. Many of you and definitely many of my clients use this as their primary protection against Viruses.
So, what to do?
1. Stop using Internet Explorer immediately on Windows XP.
2. Start using Firefox or Chrome. FYI – support for Chrome/Windows XP will end sometime in 2015. These browsers will continue to be supported.
3. Uninstall Microsoft Defender and Security Essentials.
Ultimately, we recommend you get a new computer (which will often require a new printer, possibly a new monitor as well) with Windows 7 (support ends in 2020) or Windows 8 (support ends in 2023).
Yes, in a sad/true story, the best Office Suite (in my opinion), Office 2003, has been “end of life’d” for support. This ended on 4/8/2014 as well. This Office Suite included Word 2003, Excel 2003, PowerPoint 2003, Outlook 2003, and Publisher 2003. The product will still work beautifully, but won’t have any future security updates. Side Note: I’ve yet to see a direct security attack come through MS Office product.
FitbitOne – Great way to track your movements
Pedometers have come a lllllooooonnnggg way since people started tracking their steps with devices like the Suprex Pedometer. Now, you can see how much they’ve shrunk and have become digitized.
Tracking steps can be fun, challenging, and bottom-line healthy!
Have been watching all my friends slowly get hooked on these little devices which track their daily steps, their daily calories, their steps and even their sleep! After researching a bunch of these trackers (ranging in price from $55-$355) like the FitBit One, Nike+ Sport Watch, Jaw Bone Up, Nike+ Fuel Band and the LifeTrack C200 Core, I decided on the FitBit. First I heard of it was with a client whose unit was not properly synchronized and I asked to see device. She hemmed and hawed and said she stored it in her bra (I thought, “Say what?”). But once, I saw how small the device as I understood. I just easily attach it to my pocket
The incredible thing about the FitBit is how easy it is to use and set up. You just turn the thing on and it starts tracking. No setup, No measuring your steps, No reading a manual. Just turn it on and start walking.
It did get a little trickier when I started to synchronize to the computer. It comes with a bluetooth dongle you can attach to either a Mac or Windows computer and download the software. I probably spent about 15 minutes working on setting it up and finally got it working. Then I read further and realized you could synchronize to your phone – either iPhone or Android. I sync the Fitbit One to my Samsung Galaxy S3 and it happens automagically throughout the day. I have now removed the bluetooth dongle from my computer. Now, as it synchronizes, it shows up on my www.fitbit.com account. (You have to set up a free fitbit.com account first).
Next Up is a great way to track food eating while automatically synchronizing with your FitBit One.