The Heartbleed bug has drawn a confused and confusing reaction from techies and commentators alike. Some have said change your passwords immediately, others have advised checking with affected websites before doing anything.
The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. Whenever you send information across the Internet by for example, filling out and submitting a form, this information is encrypted (scrambled so it can’t be read) and then stored. When the information is retrieved for display or use, the encrypted information is unencrypted so it can be used. The widely used Open SSL system does all this all this work quietly in the background and this is what contains the bug that leaves people’s sensitive information vulnerable.
Rather than leap straight in and change all your passwords immediately you should follow these steps:
- Check which websites have been affected and take action based on the latest advice. Not all websites have been affected and there’s no point changing your password until the website server has been been patched. See this link for an updated list of affected websites and the latest advice: The Heartbleed Hit List: The Passwords You Need to Change Right Now
- When you do change your password make sure you make difficult to guess, e.g. your child’s or pet’s name plus their year of birth is a common but very insecure password pattern that is easily guessed. Here’s some advice on choosing a strong password: Create a strong password
- Keep checking regularly updated technology news websites for the latest advice: Heartlbleed
Please get in touch if you have any concerns about Internet security by filling out our Contact form.