An attempt … to quench some heartburn over the Heartbleed security hole. Digest this opinion before you rush in a panic to comply with mainstream news suggestions.
First, can we all just take a breath? News agencies like MSNBC and FOX thrive on viewers. Viewers respond to two basic kinds of content:
- Threats, Disaster and Rumor
The news carried to the masses recently on Heartbleed has conformed to the first point.
Short of consuming the technical details discussed in various forums , you won’t be able to comprehend some of the whys and wherefores. But it raises the question — who’s advice are you trusting where your personal tech and office tech are concerned?
Some facts that are important to understand:
- The security hole generating panic is more than two years old
- It affects a certain swath of web servers (Amazon is an example)
- It’s quite likely your accounts are under observation by at least a few other means
- Don’t rush out to change passwords everywhere. Change the ones at your bank, after checking with them first. If they send you an email, follow the instructions ASAP.
- Do subscribe to a password management tool. I like to keep mine in the “Cloud.” I use both Apple ICloud (personal items) and this one: http://passpack.com for professional purposes.
- Always try to improve your “Password Hygiene” – change them regularly, use complex phrases. Avoid personally identifiable characteristics (like pet names.)
- Begin to deploy multi-factor authentication. Google offers this as do many others. There are a range of options learn about the basics courtesy of Amazon: http://aws.amazon.com/iam/details/mfa/
- Use the internet like you’re aboard the Washington State Ferry commuting from Seattle to Bainbridge Island. Assume that everything you talk about is overheard. Assume that every connection you use is monitored.
Unfortunately, sometimes we should just wait and see. Nerve wracking. Certainly.
The effort you extend in a panic to change everything right now, might be wasted. Either because it’s actually unneeded or that you’ll be asked to do it again soon.