The Internet responded to Heartbleed. They even have stickers.*
But if you’re reading this, you’re still mulling it all over. I know I am.
So let’s cut the subtly and even the low-level tech conversation. Let’s talk about why you need to act and what you need to do to act right now.
Step 1: What Heartbleed Means To You
Here’s how I understand it:
Assume every single website you’ve ever logged into can be logged into, as you, by someone else.
If that does not scare you a little, read it again.
Ever single place you have an account on the Internet could be logged into by a total stranger without your password.
The discovery of Heartbleed shows that a fundamental building block of Internet security has not been secure for a while. It’s identify theft to the max.
It doesn’t mean your assets are in danger. Every respectable website that manages your money pays attention to your IP address and access patterns.
Step 2: Manage Your Passwords with LastPass
Let’s look at the bright side. Your password strategy sucked already. You use the same password everywhere or you forget it once a week and have to reset.
Maybe Heartbleed is a fresh start for you.
Do yourself a huge favor as you start fresh in the right direction: use LastPass to manage your password.
The software is simple and secure. No further thought be needed here. It installs per web browser you use (like Chrome, Firefox, Safari) all from the same location:
- Download from here (it will recommend what version based on your browser)
From this point forward, you have just one password you HAVE to remember. Remember your password to LastPass.
In all honesty, you could still keep your passwords memorable through a password theme. It makes it easy to remember each one you write by having a certain website-dependent structure. For example, “[website]77Wahoo!!” could be your format. You would use:
- Facebook77Wahoo!! on Facebook.com
- Twitter77Wahoo!! on Twitter.com
- Google77Wahoo!! on Google.com
Side note for those interested: I ran LastPass side-by-side with Password1 and found Password1 didn’t keep up. There are two cases that killed it:
- Password updates: Password1 could create duplicate entries on update and required manual intervention to fix it. LastPass has a beautiful auto-update feature.
- Form Filling: LastPass is a ninja on filling out forms. I haven’t written out my home address on a website since using it. Password1 supposedly has a form filling functionality, but it didn’t fill out all forms smoothly, nor handled drop downs as seamlessly as LastPass.
- Bonus: LastPass is free. And it’s better. And also free.
Step 3: Change Your Passwords After You Get The Email
First you need “the email” from your vendor, like this one:
IFTTT is telling you they are no longer vulnerable. That’s a green light to update your password.
If you update your password before the vulnerability is fixed, you just have a new password that’s easily bypassed through Heartbleed.
So wait for the email.
So you’ve waited for the email. You have LastPass on your favorite browser(s).
Good. Now you have to deal with Heartbleed. Now go change all your passwords. Use LastPass to save them securely. You can even choose to auto-login on sites like this:
What sites do you really have to change?
Conclusion: Is The Internet Still Safe?
I think of the honest people on the Internet as a pack of gazelle.
The more noticeable you are – public figure or due to personal assets – the further you are from the center of the pack. The less noticeable you are on the internet, the closer you are to the center.
Now the other factor.
The more up-to-date you are on software updates, the more often you change your password, the bigger, faster and stronger you are. The less secure your practices, the smaller and weaker you are.
Long metaphor short, don’t be this guy.
Will I still continue to bank, buy and build everything online?
* Feel free to send me a sticker if this post is helpful!