What To Do About The New Heartbleed Internet Security Flaw.
If you live on a remote island or in the middle of the Sahara Desert, you probably haven’t heard about the latest security breach on the Internet. And you probably don’t need to know about it.
But if you live in the real world and you use email, online banking, social media, you need to know about the newly-discovered Heartbleed security flaw. This security flaw, found in the code of a ubiquitous software program that encrypts information on many supposedly secure websites, allows hackers to steal your passwords and other sensitive personal information about you. And the big problem is – sites that have been hacked through this new security breach cannot even be sure if their data was compromised and whether or not the hacker has stolen your password.
Internet security people have known about this flaw for at least two years, but it was only made public last week.
What do you do now that this security flaw has been exposed?
The first thing you need to do is change your password at every supposedly secure site you use. There is some disagreement among Internet security experts as to the best time to change your passwords. Some say to change your passwords immediately. Others say to wait until the affected websites have fixed (patched) the flaw, then change your password. Others say to change your password immediately and then change it again in a week’s time when the affected companies have announced that they have fixed the problem at their end.
Regardless of which route you take, security experts warn all users not to use the same passwords on different websites. They tell us that if, say, LinkedIn was hacked, the hackers now have your LinkedIn password. If you use the same password on, say, Yahoo Mail, the hackers now have that password and can access your Yahoo Mail account. If you use the same password to get in to do your online banking, the hackers can now access that too.
Sites that have been or may have been affected by the latest security vulnerability include Yahoo, Amazon, PayPal, Netflix and other major e-commerce websites. You can bet that the main social media sites like Twitter, Facebook, Tumblr, Google+ and LinkedIn have also been hacked. All these companies say they are addressing the problem and patching the security hole as we speak.
The major banks say they have not been compromised, but are updating their security procedures as a precaution.
So here is some advice about changing your passwords to reduce or minimize your vulnerability to hackers:
- Right now, change every password you have on every site you use.
- Change those passwords again next week after all affected sites have inserted the patch and removed the vulnerability.
- Do not use the same password on each site.
- Store your new passwords in a safe location – NOT on your computer.
Security experts provide the following advice for generating new passwords:
- A password must be at least 14 characters long.
- Passwords must contain Upper case and lower case letters, numbers, and special characters like @, #, $, %, &.
- Never use a dictionary word for a password – these words are the easiest to hack.
- Use a different password for each site you access regularly.
Finally, visit the website LastPass.com and check exactly which websites your computer is storing passwords for and which ones you need to change. It will tell you which of your sites has already fixed the problem, in which case you can go ahead and change your password now, and which sites have not yet installed the patch so you should wait until they do.
Please note: the large E-commerce sites all have big IT departments, and they know how to address these issues quickly. But if you run a small business website on a shared server at a web hosting company, security experts suggest you actually shut down your website until you have heard that your hosting company has addressed the security issue and installed the patch.
Google now requires all websites to be fully integrated with SSL certificate. It is one the factors in your Local SEO Checklist now, specially if you are a small business owner.