Here is the skinny from the tech world on HeartBleed: Yes, it is a real issue and it is big. Huge companies you likely have an account with like WordPress, Yahoo, and Dropbox were vulnerable. However, the other unknown here is if/when anyone who was causing harm (or anyone besides the NSA) actually knew about the vulnerability risk for the 2 years it existed before it was fixed, or at least more than a very small number of people.

Where to Check & Change Passwords

If you want to be 100% protected against any risk from the vulnerability of Heart-Bleed, you need to change a good chunk of your passwords for your online universe. If the thought of tracking down and changing all of your passwords RIGHT NOW is causing you to panic, take it one step at a time and focus on changing these ones first (if yours were impacted, see below for how to tell):

  • Email Accounts
  • Bank Accounts
  • Credit Card Accounts

To check your email and financial accounts one by one, stick the website in to LastPass’s handy HeartBleed Vulnerability Checker.

If you want to be cautious (and you should), you want to change any account that used the OpenSSL technology (to explain the technology I’d have to go all nerd on you), which is about 50-60% of the major social and business enterprise accounts the typical tech-savvy business owner would have today. Here’s a good list of those that you are supposed to change: HeartBleed Bug Websites Affected list.

While You’re At It, Get Your Passwords RIGHT

As you get your passwords updated, you may as well get them right this time. Go for these rules of thumb:

  • At least 1 number
  • At least 1 capital letter (and non-capitals)
  • At least 1 symbol ([email protected]#$%^&*()
  • At least 8 characters total (for bank accounts I do 10-12)
  • Don’t use pets names, ex-girlfriends, anniversary dates, names of family, etc… in other words, you’re going to have a hard time memorizing it, I know, it stinks.

doh password security failIf remembering passwords are making your head spin, try out the free version of LastPass, which stores all of your passwords and was NOT vulnerable to HeartBleed. In other words, they’re smart cookies!

Finally, keep in mind that THIS type of bug is exactly why you get warnings from tech nerds not to use the same password on more than one site. IF you used it on one site that was vulnerable, guess what? Yep, you need to change that password on all accounts that used it. D’OH!

Image Credit: User Filippo from Yahoo! Creative Commons