Heartbleed Bug Series Part-3: Damn! That’s bad. How can I protect myself ?!

The newly discovered Heartbleed bug is being touted as the Web’s worst security bug ever. So, I decided to write a series of 3 posts explaining what it is, which sites are affected and what you should do to protect yourselves from this “Greatest Virtual Horror of All Time.” 

Because this “bug” is so specific, the number of servers actually affected is significantly fewer than many thought originally. In fact, while some estimates mentioned that 60% of all Internet servers had the Heartbleed bug, Netcraft says the number should be much lower, and under 17.5% (well, that’s still a lot of servers, but still less than 60).

After the discovery of the bug, the OpenSSL software was rapidly patched, and as of version 1.0.1.g the problem no longer exists. Even before that, if the OpenSSL software was installed without the heartbeat extension, the server never would have been vulnerable.

If you need the TL;DR, here it is: Do not panic.

Now, the important question is if you should worry about this problem? The short answer is: “yes, but don’t panic”. You should definitely change your passwords at least for the services confirmed as vulnerable but have now been fixed, such as Google and Yahoo!. But you should be changing your passwords regularly no matter what. If you have trouble remembering your passwords, you can always use a password manager such as LastPass[Mac/PC/iOS/] or 1Password[Mac/iOS]

(REMEMBER: Never write down your passwords on a Sticky note next to your monitor, a notepad, or a document inside the computer).

This password changing recommendation is nothing but a precaution, because even if hackers knew about the problem (something that hasn’t been confirmed –- aside from by our friends at the NSA, apparently), the chances of them getting your password, and being able to match up that data to your username are pretty slim. Some people claim that the encryption certificates for servers (a technology that allows us to confirm that a website is in fact what it says it is) could have been stolen, but the company CloudFlare has said it’s very difficult to do. It published a challenge to whoever could steal this key, and it appears that someone did, during a server reboot. Regardless of the probability, companies are changing encryption keys so new data is not vulnerable if somebody was able to obtain the old keys.

But this is gonna take forever!

Don’t worry, to help you on your password resetting chores, I’ve compiled the best tools to make the process as quick and painless as possible. Also, they’ll sync your new passwords to your iPhone/Android — all in under 10 minutes.

Fixed Heartbleed Sites:

heartbleedmac-640x320

The following sites were vulnerable to the Heartbleed bug but have since updated their servers to fix the hole and are advising users to update their passwords.

The links below will take you directly to the site’s password reset page once you log in, saving you further clicks.

Facebook
Facebook’s password reset page

IFTTT
IFTTT’s password reset page

Instagram
Instagram’s password reset page

Pinterest
Pinterest’s password reset page

Tumblr
Tumblr’s password reset page

Google/GMail
Google/GMail’s password reset page

Yahoo
Yahoo’s password reset page

Amazon Web Services
Amazon Web Services’ password reset page

TurboTax
TurboTax’s password reset page

Dropbox
Dropbox’s password reset page

OKCupid
OKCupid’s password reset page

SoundCloud
SoundCloud’s password reset page

GoDaddy
GoDaddy’s password reset page

Etsy
Etsy’s password reset page

Minecraft
Minecraft’s password reset page

Mac/iOS ecosystem

Tools

icloud1password

1Password & 1Password Extension – There is no magic button to reset all your passwords at once but the tools from 1Password make the process a lot quicker with password generation features, auto-filling and synching to the iPhone app.

Safari & iCloud Keychain – Safari’s new iCloud Keychain features can also auto-generate passwords, auto fill forms, and sync your info across devices. It’s not as feature rich as 1Password, but it’s free and you can sync your data with 1Password via iCloud.

DiceWare (optional) – If you have a hard time remembering the random generated passwords created by iCloud Keychain or 1Password, DiceWare has a random generator for passwords that are easy to remember.

 

Resetting Passwords
1Password

resetfacebook-640x289

1. Install the 1Password Extension
2. Click the links above to go straight to the Password Reset page of your vulnerable account
3. Log in
4. Click the 1Password extension button to generate a new secure password or create your own
5. Hit Autofill
6. Select Save Changes on the website
7. Select Update on the 1Password Update Login prompt

1P4-Mac-update-Login
8. Repeat with next website.

1password

Once you’ve updated all your passwords, you can use 1Password for iOS or Mac to view and edit login credentials and sync the new passwords across all devices.

iCloud Keychain

autofill-640x552

1. Enable iCloud Keychain on Mac by going to System Preferences >> iCloud >> Keychain
2. Open the links above in Safari to go straight to the Password Reset page of your vulnerable account
3. Log in
4. Reset your password by clicking the Auto-Generated Password or by creating your own
5. Save changes and repeat with next account.

IFTTTreset

Ensure that you have iCloud Keychain enabled on iOS by going to Settings >> iCloud >> Keychain. Once you’ve reset all your passwords, iCloud will sync the new info to your iPhone. You can also search through and edit your passwords under Settings >> Safari >> Passwords & Autofill >> Saved Passwords.

For Windows/Android Users

Tools

password manager apps

 

Dashlane Password Manager

[Price: Free / $29.99/year]
Dashlane is another very popular and very solid password manager app that’s made top lists before in this category. This one has more unique features including auto-login on websites and apps, compatibility with Google Authenticator, a password generator, and auto-locking with a PIN. The only caveat is that there is a subscription service that costs $29.99 per year or about $2.50 per month. Dashlane does come with a Get it on Google Playbetter looking interface than most and the feature set is more than you’ll see with many others. If you’re okay with shelling out the money every year, this is a great option to entertain.

password manager apps

Lastpass-icon

LastPass Password Mgr Premium*

[Price: Free / $12/year]
LastPass is an increasingly popular, cross-platform password manager. The desktop version is actually free while the mobile version is $12 per year or $1 per month. It features a recently re-designed UI that doesn’t look bad, a password generator, a built-in browser so you can auto-login to sites if you so choose, and even support for tablets. This is a popular option because it’s very simple and there are LastPassGet it on Google Playplugins available for Chrome and Firefox should you want it there (which we recommend). It’s solid, it’s simple, and it’s powerful. Definitely worth trying out the 14-day free trial.
password manager apps

password manager apps

 

mSecure – Password Manager

[Price: Free / $19.95]
mSecure is among the most popular on the list and you’ll likely see it on all the other lists like this one too. It’s cross platform with desktop versions. Everything together costs $19.95 but they frequently have sales which is nice. It comes with an exhaustive list of features and they include a password generator, auto-lock, auto-backup, a self destruct if a hacker tries to gain access to it, categorical organization, Get it on Google Playtablet UI support, Dropbox sync, and a whole bunch more. Really, the list is pretty impressive. You do get a free trial so you can try it out if you want and we recommend you do.
password manager apps

 

Happy resetting!

Check out the previous parts of the series:

Heartbleed Bug Series Part-1: So, what is it anyways?

Heartbleed Bug Series Part-2: How bad is it?

 

If you like my articles don’t forget to Like, Share and Tweet!
Advertisements

Published by

Shaminder Pal Singh

I am a student by day and tech blogger by night. I try to bring to the public the latest and greatest news from the tech world!

2 thoughts on “Heartbleed Bug Series Part-3: Damn! That’s bad. How can I protect myself ?!”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s