Heartbleed is a serious security threat. Potentially it means hackers can read everything: your user ids, passwords, credit card details and private information. Most security threats exploit people’s laziness or ignorance. Heartbleed threatens those of us who take care with online security. The worst thing about Heartbleed and the attacks that may come in its wake is that it isn’t enough for penetrated sites to patch their OpenSSL software. They need to put new Secure-Socket Layer (SSL) certificates in place.
Don’t update passwords until sites fix Heartbleed holes
Until sites have done all the repair work, it isn’t be safe to update your passwords. And you will need to replace all of them. If that all sounds hard work, difficult to follow and somewhat scary, you are not alone. Fixing security could be a long haul. I’ve got more than 300 online accounts with passwords, many are possibly compromised by Heartbleed.
LastPass takes Heartbleed strain
The good news is there is help. LastPass has long been a great tool for managing online passwords. Now there’s an added service that checks your passwords and log-ins to see if you have Heartbleed vulnerabilities.
To use it you need a LastPass account, then just run the Security Check tool. I ran the check a week ago and found I needed to immediately change more than passwords.
In some cases LastPass told me to wait while sites fix their security. Most are sites I no longer use, some are dead or on life support, so I worked down the list killing old, unused accounts.
Checking and changing passwords is still a long job, but LastPass does much of the heavy lifting.
One of its features is a secure password generator that comes up with hard to crack and equally hard to remember passwords. If you use LastPass, you don’t need to do the remembering, the program does that for you.
I took the opportunity to beef up my password security, making them all longer and more complicated.
LastPass is free for Windows and OS X computers. If you want to run it on mobile devices there are apps, but you need the pro version if you want to sync data across all your devices. At just US$12 a year, LastPass Pro is great value. I’ve used it for a couple of years and recommend the investment.