Over the last few days, the world has been made aware of a serious and potentially catastrophic security vulnerability that affects millions of web servers across the world.
Whilst a global fix has now been issued, the vulnerability had gone unnoticed for over 2 years. During that time, your usernames and passwords for many popular websites (such as Gmail, Facebook and Dropbox) have been unprotected.
In addition, approximately 100 million Android devices (running Android 4.1.1), and more than 6,000 apps across Apple, Android and Blackberry apps stores are at risk from the HeartBleed SSL vulnerability.
It is vitally important that you take swift and appropriate action to secure yourself against this security disaster.
HeartBleed Security Checklist
- Don’t reuse passwords – create a secure complex password for every site you use! Microsoft have some helpful advice here
- Use a password manager such as Roboform, Lastpass, or KeePass to encrypt and store your passwords.
- Use two factor authentication (ie using Google Authenticator) for all sites that support it, such as Microsoft, Google, Facebook, and Evernote.
- Be aware of Phishing emails with bogus HeartBleed advisories asking you to reset your login details through your email.
- Change passwords regularly – keep ahead of any future security vulnerabilities that aren’t reported immediately.
In the coming days and weeks, phone manufacturers should be releasing security fixes for their operating systems and marketplace apps. Until your device or app has been patched, remain vigilant!
The links below that will provide further in-depth information about the vulnerability, and how you can improve your password security.
Information about HeartBleed.
List of popular sites affected by HeartBleed.
LifeHacker – what the HeartBleed security bug means to you.
Gizmondo – how HeartBleed works.
HaveIBeenPwned – check if any of your online accounts are at risk.