As far as passwords go, the internet can be a painful environment as a consumer. The new Heartbleed bug is something of a disaster. There’s an expectation that your information is safe, especially with big companies like Adobe, PlayStation, LinkedIn, Steam – all of whom have been breached in some way in recent times. The Heartbleed bug is different because it exposes potentially millions of sites secured with OpenSSL.
It’s possibly the worst security issue in the internet’s history and to make matters worse it has been around for two years. Now it’s out in the open, it’s a race for everyone to fix the issue. This morning I received my first email (shown below) from a site taking action and warning their users – IFTTT.com – well done to them for acting fast and warning their users. At this point I’m hoping for and expecting a lot of similar emails from other services.
[24-hour update] Surprisingly few companies have emailed their customers. Mashable has published a good list of compromised sites. It’s currently unclear if Facebook has been compromised but it is advised that passwords be changed. This could have severe ramifications for agencies managing client accounts so this should be addressed urgently.
So what should you do? Here’s some good advice from The Atlantic:
Personally in terms of password management I’ve been using LastPass.com for a few years. It’s a service I recommend highly and has useful tools for making sure that you are safe and secure as possible. As you can see from the screenshot I took below from my account today, they not only store passwords but give very useful advice in matters like these showing you exactly what you need to do to resolve issues. (Thanks, LastPass!)
Iain McDonald
@eunmac
• This article was originally posted on Iain's blog, Chief Disruption Officer