Quick “To-Do” List
Important Update (4/14/14) If you get any email, no matter how legitimate it looks, telling you to click on a link and update your password, DO NOT CLICK ON EMAIL LINK. No legitimate company would do this. The only way you should update passwords is to go to your web browser of choice and click in “www.” and the website. Never go from a link.
Note: For those of you who don’t want (or care) to read the details below – change passwords for your most important websites: http://bit.ly/1kY8wIK
1. If you’re not using Last Pass Premium. Get it. Buy It. Use it to generate all passwords and save all passwords. Works on all Computers, all mobile devices. Note: When setting password for Last Pass – go here to check how good your password really is and how easy it can be cracked.
2. Go to this spreadsheet – update all of these passwords – immediately – with different passwords for each: Google Spreadsheet – Copy and paste this link: http://bit.ly/1kY8wIK if “Google Spreadsheet” link didn’t work for you
3. Just to make sure, update banking passwords – even though those were probably not affected.
4. Only use Last Pass to fill in passwords on sites. (BTW, Roboform and 1Password are awesome, too, we just like LastPass best. No need to switch if using others).
5. Check Mashable’s List of Sites regularly for next 2-3 weeks and see which sites have been patched after you’ve done your spreadsheet mentioned above.
6. Bonus Tip – when going through and changing passwords, you’ll probably be looking at a list of passwords, cancel the accounts you don’t use any more. Here are two great sites for cancelling accounts: Account Killer & Wiki Cancel.
The Heartbleed Security Vulnerability is probably the biggest security issue we’ve seen to date – ever seen. The bug has been around since December 2011. Many programs started using vulnerable software starting in May 2012. So any password you’ve used since December 2011 is vulnerable to this attack. Even if the service that you use (Facebook, Gmail, Pinterest, GoDaddy) put the patch in place, you’re still vulnerable because the evil password stealers out there could be sitting on your passwords waiting to use sometime in the future. This could very well be the reason so many people’s email accounts get hacked.
Who’s affected? Yeah, that would be anyone who uses a Mac, a Windows, A Linux Computer, an iPhone, an iPad, a Galaxy S-S5, or any other mobile device to access a website on the Internet.
So, the vulnerability was widely disclosed last week and many people have scrambled to fix their servers. The following list have guaranteed to have patched their servers already. But, many others could take months to patch their servers. The good news is that most financial institutions appear not to have been affected.
Change Passwords on the following sites – These are the major sites that have been patched, so your changes will stick and you shouldn’t have to “re-change” your password, like you’ll have to do with other companies who patch in the future. If there’s a site you normally use, check the Mashable site in references below or use the LastPass Heartbleed Test – one site at a time.
- Google – including Gmail, Wallet, Play
- Yahoo – including Yahoo Mail
I have compiled a Google Spreadsheet that you can use to keep track on when you changed your passwords. I put a column for the date changed as well. NOT the new password. If you want a copy of this you can print it out, save it, or copy it into your Google Docs and use it. I’ve listed these in order of importance (my opinion of course).
A note about changing passwords – now’s the time to have NEW PASSWORD FOR EVERY SITE. As almost all of you have either one or two passwords for every site (trust me, after 20 years in the tech business, I know), when your password is compromised on one site, most hackers know this is your password for every site and they’ll try it on all your bank accounts, email accounts and social media accounts.
But, you say, WHAT A PAIN IN THE A**! Well, use a password manager. See our tutorial on changing your passwords and checking strength of passwords.
For Additional Reference
Very through list of sites that have changed and need changing – constantly updated – by Mashable.com
HeartBleed explained in Simple Video
Top 10,0000 worst passwords
Check One Site at a Time – see if it’s been patched – By Lastpass.com