Wednesday, April 16, 2014

Heartbleed: What You Need To Do

Most of us have heard the news about the "Heartbleed" vulnerability, which possibly allows hackers to retrieve your login password or other personal information from many popular web sites. So what's it all about?

"Heartbleed" refers to a vulnerability in an encryption library that's used by many different web servers. The library is called "OpenSSL," and it's what's used to make online commerce, banking and other activities secure. OpenSSL is not the only encryption library available, but it's one of the most popular.

So what do you need to do? Just to be safe, change your online passwords. If you have a lot of them, that's a hassle. And if you use the same password for many different web sites, that's just plain risky - even without the Heartbleed vulnerability. First things first, go to this web site to find out if any of your online services are affected by Heartbleed. If you don't see one of your favorite web sites on the list, then you can type in its address here to check if it's vulnerable.

Second, start using "two-factor" authentication. What's that? Well, it's "something you have" combined with "something you know." Both "somethings" are required to login to a web site. A password is "something you know," so just using two passwords isn't really two-factor authentication. What if you wrote them both down on the same piece of paper and someone else found it? One the other hand, "something you have" can be something that you always have with you, like your cellphone.

When you enable two-factor authentication for Google or Dropbox, for instance, as soon as you type in your password (something you know) then the web site sends a text message to your phone (something you have) containing a one-time, temporary code. Type that temporary code into the web site and you're authenticated! Now if you lose the piece of paper on which you unwisely wrote your password, your online account is still safe. Here are two lists of web sites that use two-factor authentication.

Finally, start using a password manager, such as Lastpass. It makes keeping track of all your various online passwords very simple, on pretty much any computer or device that you use.

For more information on Heartbleed, you can go here or here. Have fun!