Yes, I know. Changing your passwords is a total pain in the neck. Especially if you’re like me and you have to keep track of hundreds of passwords for yourself and for your clients.
But seriously. This time it’s important.
The Heartbeat/Heartbleed Bug was announced yesterday and everyone is vulnerable. It’s not a virus that infects your machine, rather a weakness in the way your computer talks to the web servers that link together to create and run the Internet. (If you want more details, click here. If you want even more details, click here.)
Sites and servers that don’t use OpenSSL may not be compromised, but you just can’t be sure because as consumers, we can’t know if those sites connect to others that do use the Open SSL. While servers and the techies are patching and fixing things as I write this, the one thing we can do is change our passwords.
I’m changing mine now but PLEASE NOTE, if a vulnerable site has not patched the problem, you may need to change your passwords again in the near future. I’m going to go ahead and do it now, and then repeat it again in 3 months or so, or sooner if I am contacted by sites that tell me I need to do so.
(Good Rule of Thumb: Change your passwords every 3 to 6 months anyway.)
If you have a lot of accounts and passwords, you’re going to need to prioritize. This is what I’m doing:
1. Money Accounts: Start with my money accounts—banks, credit unions, charge cards, PayPal, app store, etc. Any place where I regularly send and receive money.
2. My Websites: personal and business, blog, online store, all of those. Also the accounts I use to send out my newsletters, and any other place where visitors to my sites might be compromised if I got hacked.
3. Social Media: because that’s just a wide open field ready to plunder.
4. Everything Else: all the other places I’ve created accounts online. And while I’m there, I may shut down a few I don’t visit anymore.
If you need help in picking passwords that are strong, secure AND easy to remember, here’s a great article: How to Choose Good Passwords.