Since news of the Heartbleed bug broke a few days ago, the Internet community has divided into various camps over the issue. There’s one that says you should do nothing, another that tells you to change all your passwords now, and yet another that advises that you should change passwords only at sites that have addressed the problem. Then of course there are those who say, “What’s the Heartbleed bug?” If you haven’t heard about it yet, you should know that it could threaten the security of some of your online accounts, but it’s not the end of the Internet, or of the world.
On the other hand, the problem with reacting to Heartbleed by updating all your passwords with reckless abandon is that if a site is currently vulnerable, changing your password now won’t help. The key to handling the issue is to wait until each site you use announces that it has secured itself against Heartbleed, and then change your password at the site.
For now, it’s probably best to do nothing, but be prepared to change some passwords in the next day or two. Change your password if you see some official word from a site that you should, but double check the “official” word with other sources.
Also be aware that hackers will probably try to take advantage of the Heartbleed scare to try to steal personal information in another way. If you receive an email or see a post somewhere that tells you to “click here” to change your information on a site you use, do not click on it. The safe way to go to a site to change your personal information is to open your browser window and type in the URL of a site directly.
Along with the chorus of voices telling people when or if to change their passwords, there are also those who claim it doesn’t matter because Heartbleed has actually been around for about two years. This is true, but misleading. One piece of bad advice that’s going around is that your passwords are safe if they haven’t been updated in two years or more. Keeping the same password for years is almost never good advice, and it isn’t in this case.
On the other hand, the problem with reacting to Heartbleed by updating all your passwords with reckless abandon is that if a site is currently vulnerable, changing your password now won’t help. The key to handling the issue is to wait until each site you use announces that it has secured itself against Heartbleed, and then change your password at the site.
The good news is that some major sites have already patched, and some were never affected in the first place. PayPal users don’t have to worry and don’t have to change their passwords. Many online retail stores, like Amazon, Wal-Mart and Target say that they were never affected by the Heartbleed bug. Sites like Yahoo, Facebook and Gmail apparently were affected and have patched, but it’s hard to be sure of any site until the site itself reports. There is much conflicting information online about which sites are safe and which are not.
For now, it’s probably best to do nothing, but be prepared to change some passwords in the next day or two. Change your password if you see some official word from a site that you should, but double check the “official” word with other sources.
Also be aware that hackers will probably try to take advantage of the Heartbleed scare to try to steal personal information in another way. If you receive an email or see a post somewhere that tells you to “click here” to change your information on a site you use, do not click on it. The safe way to go to a site to change your personal information is to open your browser window and type in the URL of a site directly.
Related Articles
Stay Informed
Get the best articles every day for FREE. Cancel anytime.