As fallout from the Heartbleed bug continues to echo across the Web, people have been left with more questions than answers. Should you change all your passwords? When is it okay to change passwords? What websites are safe? How can you tell if your information was leaked?
To help clear up confusion about Heartbleed, ZixCorp’s own Dave Robertson recently participated in a live chat on o.canada.com with security experts including Tyler Cohen Wood, cyber branch chief for the Defense Intelligence Agency, and Zhiqiang Lin, UT Dallas assistant professor of computer science and member of the Cyber Security Research and Education Institute.
During the chat, panelists put the scope of Heartbleed in perspective and discussed how there’s no denying this is one of the worst security bugs in the history of the modern Internet. Never before has there been such a widespread vulnerability with the potential to affect so many people, while not allowing people to take control of their own protection.
The conversation shifted to password protection – a top of mind topic for live chat participants.
The panelists recommended that, with so many sites affected, Internet users should change their passwords to mitigate immediate risks. Once notified by sites that the flaw is fixed, users should change their passwords again. If sites do not proactively reach out to you, contact the services you use and ask. This can include banks, credit cards or frequently used shopping sites. People can use this as a “lessons learned” opportunity to begin practicing good password habits. Users should change passwords every three to four months and ensure that they are strong passwords that alternate upper and lowercase letters and numbers.
But, what else can be done outside of changing passwords?
After changing your passwords, the best thing that can be done is monitoring your credit report and keeping an eye out for any anomalies that could signify someone gained access to your information. Also, monitor your critical financial accounts closely and look for any suspicious activity.
Remember, just because something hasn’t happened yet, doesn’t mean someone won’t try to use your information in the future. It is very possible that criminals have collected information and are waiting to use it. While it is impossible to know for sure if your information has been exposed, taking a break from the Internet won’t help you now. If your information has been exposed, there is no going back. Instead, make sure you are proactively monitoring your accounts and regularly changing passwords.
Parting advice from the panelists:
- •Dave Robertson: “As a comsumer, also remember that it's not just Web sites that are vulnerable. Healthcare systems that carry personal information by email for example can use OpenSSL. Layers of security are smart. If you have access to additional encryption services (for private email for example), using them is better than losing your private information.”
•Zhigiang Lin: “Changing your password very often, watching suspicious behavior in your account, and turning on two factor authentication.”
•Tyler Cohen Wood: “My one piece of advice would be to monitor for services that you use that are vulnerable to Heartbleed to inform you when they are fixed, change your password (which you should do often) and watch your accounts.”
You can check out the entire Live Chat HERE.