The Heartbleed issue was discovered earlier this month. A defect in the security technology used by many websites and equipment makers have put millions of passwords, credit card numbers and other personal information at risk.
Rob Thomas with DTE Technologies in Jacksonville explains how it works and what you can do to protect your computer and your identity.
“It allows you to intercept the password as it goes to the site and comes back to you. They are rapidly updating most of the sites; Yahoo’s updated as of this morning, Facebook is already fixed, Gmail’s fixed. Most of your common sites have already got this bug patched,” he says.
“The problem runs in to when you have local banks, local sites who don’t do a lot of updating. What I’ve been recommending to all my clients is change your passwords, check with your bank. If they are affected, they’ll tell you, and if they don’t in ten days, change your password again, keep changing that password. You really should update your passwords anyway,” Thomas continues.
Thomas says you should change your password every 30 days as a general practice.
Another way you can protect yourself is through “third party authentication,” something Thomas says services like Google and Facebook use.
“When you log in to your account from any device that’s a new device, say like a new laptop, a new phone for the first time, it will automatically prompt you and say ‘please enter this code,’” Thomas explains.
“They’ll either send you a text or you can launch an app on your smartphone that can tell you those codes. Those codes expire every 30 seconds, so if say your password was to get leaked and you have third-party authentication, that person wouldn’t have access to those codes and they couldn’t get in,” he continues.
Another way to keep your computer protected is to make sure your anti-virus software is up to date. For PC users, Thomas adds making sure you install the latest Windows update.
For a full list of sites affected by Heartbleed, click here.