Thursday, April 10, 2014

Are you worried about HeartBleed?

Have you heard of the latest hacker issue, HeartBleed?  Once again, our on-line information is at risk.

As has been reported 2/3 of on-line interfaces use the software in question.  So for every 10 accounts you have....at least 6 of them could be at risk.  It may be your banking....it may be your subscription to Groupon.  (I have no idea what is actually using the software....just picking random things). 

Financial experts have cautioned users about this, and are suggesting changing your passwords on all of your accounts.  EEK.  My fingers just know what keys to hit to log into the bank...and now my fingers and brain will have to relearn that.  Along with a myriad of other passwords that I will probably have to change.

After looking at several articles about changing your passwords, I found out that this can be a HUGE undertaking, depending on how many accounts you have.  Think about every e-mail, financial, store, and newsletter account you have.  It adds up.  Additionally, many are not as simple as "change password" so additional steps may be necessary.

Next, I am guilty of this one....weak and re-used passwords.  C'mon...I guarantee just about everyone out there has them.  Some password you use for "everything" or the name of your dog, or even "password."  (For the record, if you try and hack any of my accounts....I don't use "password" for anything, so I just saved you from trying it.)

Now, what will your new password be?  Man, there is no way I am going to remember some string of random letters, symbols, and whatnot.  Let alone 45 of them.  So you better write them down.  Wait, they say don't write it down....because you will probably leave it next to your computer and when someone breaks into your house, all they have to do is look at your list and they have everything.  What good does a password do if you just hand it to someone?  You can lock them up in a safe....and most likely will get them out of the safe, and never put it back...because who has times for all of that???

Enter the password manager.  Basically it is an on-line vault that keeps your passwords.  You log into the manager (which you give an incredibly strong password), and then you can access your passwords (or some of them will even generate the passwords for you, but you can't see them!  Then you have to log onto your website through their site).  I considered this route, but G-man talked to the computer guys at work (not the IT guys....these are the guys who do all the fancy criminal stuff) and they said even if you keep them in an on-line vault.....they can still be hacked.  Nothing is 100% safe.

Well terrific.  All of my personal information is just there for the taking, and even trying to be responsible may backfire.

I plan on changing all the passwords for our financial websites, and any that MAY have debit/credit card information stored (like Amazon).  And will work on changing the rest as I go.  And I do plan on writing it all down, and I do plan on keeping it in a binder.  Sure, someone could break in....but I am going to take my chances.

How about you?  Any concerns?  Do you already do this stuff?  Are you a fan of the on-line manager and if so, tell me about it!


11 comments:

  1. I have looked into this, too. From what I have read, it won't do any good to change your password before the affected services install the software fix that has been released. The experts say the onus is on the internet services to let users know when to change their passwords. Any way you look at it, it's a pain in the neck.

    ReplyDelete
    Replies
    1. Yes....after the fix. However, will the internet services ACTUALLY tell us when to do it??

      Delete
  2. Yes, what Sarah and Jenny said ^.

    But on the topic of passwords, I read an article (probably a blog post) a couple of years back on making passwords that are hard for hackers to guess, yet relatively easy for you to remember. Pick some string of numbers, maybe the last five digits of your childhood telephone number. Something random, not something you're using today like a current telephone number. Then choose a couple of symbols.

    So you would have 89652 as your string of numbers and &# as two random symbols. Then use two letters of the site you're on, one capital and one lower case...and make that your password. It would look like:
    89652&#Fb for Facebook.
    89652&#Gm for gmail.
    89652&#Ba for bank.

    That way, it's repetitive enough that you can remember it, but strong enough that it isn't likely to be hacked.

    ReplyDelete
    Replies
    1. See, and I read that pattern recognition is part of the tools that hackers use. So you use 89652&# over and over...and then they just need to run random letters for the last 2.

      Most of what I have read in creating a strong password makes it so hard!!

      Delete
  3. Not a whole lot they can do once they are in your bank account or CC, even a change of password or email triggers an email alert... if something happens I can call Citi or BOFA quickly.

    ReplyDelete
    Replies
    1. Yes you can call...but wouldn't you rather try and at least keep them out? Granted, they may already have all the info they need to ruin your credit and financial life. But I have my bank, my credit union, Cap One 360. Plus credit cards (even those with a zero balance), and student loans, and a zillion other places that I use money!

      Delete
  4. If it is not this, then it will be another scare. I am not changing anything.

    ReplyDelete
  5. I change my usernames/passwords about once/year.

    ReplyDelete
    Replies
    1. Good for you.....I am so lazy about it, but I am realizing how important it is.

      Delete
  6. My wife and I had our Tax Return hacked this year, and someone file a tax return using our S.S. numbers, so yes I need to be concerned about anything like this. I keep all my passwords for all my accounts on a app on my iPhone. I would never put them in one place online, that to me is just asking for someone to take them. When identity theft happens to you, you see the world in a whole different view.

    ReplyDelete
    Replies
    1. Oh no!! I am so so sorry that happened to your family.

      Are you concerned about having your passwords on your phone? How is it different than having them in a password manager?

      Thanks for commenting and sharing.

      Delete