Category Archives: AverageUsers

8 things the average person should do about the Heartbleed Virus

image

You’re worried about the heartbleed virus, right? Well don’t worry, you’re not alone. It’s been all over the news, the internet is buzzing about it, and let’s not even bring up social media. Some  news media outlets / websites think that the sky is falling. Some poor network administrators are losing a whole lot of sleep over it, either from worry or late night patching binges.

What should the average computer user at home do though? Personally, I’m not changing any password unless the web site tells me I should, but I already have a good password policy in place. If you use the same password on every site, then here are some steps that will help to keep you safe.

The Short / Mobile Version

  1. Don’t Panic
  2. Change your password policy, have at least 4 different ones, using strong passwords for email and financial institutions.
  3. Learn how to make a strong password
  4. Check your email provider with this tool and change the password if they were affected but are patched.
    https://lastpass.com/heartbleed/
  5. Use the same tool to check each of your financial institutions and change the password if they were affected and are now safe.
  6. Same thing, but for important web services / web sites that you use.
  7. Keep an eye out for unusual financial activity
  8. Keep an eye out for messages from your web sites / banks etc telling you to change your password. Don’t follow the link in the message though, it could be a scam. Go directly there and change the password.

If you want a better explanation, keep reading.
The Regular Verison

1. Don’t Panic
Take it easy, there’s no reason to get hysterical. This is happening to everyone, and no one yet knows how much information has been taken. If you keep an eye on your accounts and report any weird financial stuff to your credit card company or your bank in a timely manner, you won’t be responsible for it. Any damage can be handled.

    2. Think about your passwords.
I mean really think about your passwords. Do you use the same password on every web site and service? If so, that’s got to stop now. Seriously, don’t do that.

You should at the very minimum have 4 different passwords:
– One very good password for your email account
– A different strong password for each of your bank accounts
– A different strong password for each of your credit card accounts
– Another decent password for other services (Facebook, twitter, whatever you use)

If the bad guys get your password and email address, and it’s the same password you use for your email account, then it’s game over. They can now get into your email, change your password, and then request password resets on all of your other services, including your bank.

Yes, most banks have other measures of security, but if I can get into your facebook account and your email, how hard would it be to find out the name of your high school, dog or child? Maybe your mother’s maiden name is in there too. Maybe I could post on facebook and ask, do you think some of your friends might answer?

Vulnerabilities happen all of the time, and they don’t usually get this much publicity. Even if it isn’t a vulnerability like Heartbleed, internet companies get hacked fairly often. If they do, then you don’t want the bad guys to have access to every other account you have.

    3. Learn how to create a strong password
It’s not terribly hard, longer is better, but use something easy to remember. For example, if you like NASCAR, use driver’s names, or the names of tracks. If you like Game of Throes, try character names. Then after you pick something, swap out a letter for a number that looks like the letter, and add a special character (like @#$%^) and / or a number.

So if you chose “Lannister” as a password, you could replace the a with an “@” symbol and make it “L@nnister”, then add a 1 after it to make it “L@nnister1”. That’s a pretty good password. Want to make it better? Make it longer, “L@nnister1-Boo” is even better, or “SitUponTheThroneofSwords4me!” is a really strong. You get the idea.

4. Check to see if your email provider is safe.
Now that you have some good passwords, let’s put them to use!

This tool will let you know if they are safe: https://lastpass.com/heartbleed/
If they are safe, but were vulnerable, you probably want to change that password. Also, see the note in Step 3.

    5. Check to see if your Financial institutions are safe.
Use the same tool to check your bank, credit card company, or other financial institutions https://lastpass.com/heartbleed/
Follow the same advice as above, if the bank is safe, and they were never vulnerable, don’t worry about changing your password. If they are safe, but they are now OK, then you should probably change your password.

Note: If either your bank or your email service shows up as still being unsafe, you probably should change the password, but keep checking back until they are listed as safe. At that point, you’ll have to change your password again just in case.

6. Other web services and social media.
If you use a site all the time, and you want to be super safe, then you probably should change the password.
Check them out with the tool https://lastpass.com/heartbleed/

Follow the advice above for the bank and for your email account.

But if you created an account and then never used it, don’t sweat it. If it’s something you use a lot, then think about the last time you changed your password. If you can’t remember when it was, then go ahead and change it anyway.

    7. Keep an eye out on your accounts.
I know I said it in #1, and we pretty much all do this already these days, but if you don’t, start keeping an eye on your bank accounts and credit cards for weird charges. The idea here is to catch anything as soon as you can so that you can report it to the bank or credit card company within a reasonable amount of time (30 days is the typical window you have to deny charges).

   8. Keep an eye on your email
If you receive a message from a site you use telling you to change the password, don’t follow the link in the email (it could be a scam), go directly to the site and change your password.