Most everyone by now has heard of Heartbleed and we all recognize that’s it’s not a good thing. But for many of us, we don’t have a clue about what it is and what we should be doing about it. Even when Heartbleed became the top news story, there were conflicting reports on what the average person should do to protect their personal information that is stored online.
It doesn’t help that when you ask a more technically-inclined person to explain this worldwide phenomenon, they tend to roll their eyes at you when you stare blankly at their answer. And, if you look at all the tech websites and blogs out there, their cartoon depictions that were created to explain everything to us ‘dummies’, make me feel even dumber!
So, I’ve gone to the programmers at FrontRunner and asked them to explain this so everyone understands. Thankfully, they are patient and keep the eye-rolling to a minimum or they at least wait until I’ve left the room.
A few important terms to know
- OpenSSL (Secure Sockets Layer) – the method used by many websites to encrypt (protect) data.
- Heartbeat option – a function within OpenSSL that allows messages to be sent and received between a computer and a website’s server.
- Heartbleed – a flaw in OpenSSL that allows hackers to manipulate the heartbeat and fool a website’s server to release (leak) all kinds of data including sensitive information
Since passwords are incorporated into all secure information, changing passwords is the final step to ensure that any information that may have leaked is no longer vulnerable.
Apparently, this flaw was inadvertently programmed into OpenSSL two years ago but the hackers just discovered it or at least, they just started to take full advantage of this ‘opportunity.’ It’s estimated that up to 2/3 of all online businesses, large and small, use OpenSSL, which is why this threat is so profound. It has affected social, email, banking, government and commerce websites around the world.
Programmers have been incredibly quick to respond to the threat by implementing security patches. Here at FrontRunner, we are confident that our system and your data were not compromised in any way and that your information remains safe and secure. Unfortunately, the same claim can’t be made by all companies and organizations.
So – what do you do?
In a nutshell, login to each and every website site that contains any information about you and change your passwords. This includes your FrontRunner IMS. And, you should create a different password for every website and set up a schedule to change your passwords on a regular basis.
Creating passwords sounds easy enough to do but creating effective passwords is a whole other ballgame. In fact, it’s suggested in the online world that you develop a personal password strategy in order to keep your information secure. This task is not the least bit appealing to me since I have trouble remembering my own name most days so different passwords for every login is a monumental undertaking for my brain. That said, it’s a necessary step and one of the things that I and everyone else should be prepared to do.
Here are some tips on creating effective passwords:
- The longer the password the better. Each should be at least 8 characters although the more characters, the better
- Use both upper and lower case letters
- Add numbers and symbols
- Avoid using numbers (phone) or names (children) that are publicly accessible.
- Create memorable passwords (for you) that can’t be easily guessed (by hackers)
- Use a phrase and incorporate codes or acronyms
You may have a long list of new passwords that you may choose to write down in order to be able to refer to them in the future. Not a bad idea but don’t keep those passwords in an obvious place. Writing a memo on your phone with all the details about every account and related password won’t serve you well at all if your phone is ever stolen.
It’s unfortunate that the largest online security breach to ever hit has affected so many people. At the same time, it’s almost like we need something like this to happen to convince everyone that strong passwords are critical to help ensure our private information remains safe.
A note to FrontRunner Clients: To change your IMS password, login to the system and go to your System Settings. From the menu, select ‘User Profiles’. Find and click on your profile and enter a new password in both of the ‘New Password’ fields. Hit the Save button and you’re all set. You will be required to use the new password the next time you login.