It doesn’t help that when you ask a more technically-inclined person to explain this worldwide phenomenon, they tend to roll their eyes at you when you stare blankly at their answer. And, if you look at all the tech websites and blogs out there, their cartoon depictions that were created to explain everything to us ‘dummies’, make me feel even dumber!
So, I’ve gone to the programmers at FrontRunner and asked them to explain this so everyone understands. Thankfully, they are patient and keep the eye-rolling to a minimum or they at least wait until I’ve left the room.
A few important terms to know
- Heartbeat option – a function within OpenSSL that allows messages to be sent and received between a computer and a website’s server.
- Heartbleed – a flaw in OpenSSL that allows hackers to manipulate the heartbeat and fool a website’s server to release (leak) all kinds of data including sensitive information
Since passwords are incorporated into all secure information, changing passwords is the final step to ensure that any information that may have leaked is no longer vulnerable.
Apparently, this flaw was inadvertently programmed into OpenSSL two years ago but the hackers just discovered it or at least, they just started to take full advantage of this ‘opportunity.’ It’s estimated that up to 2/3 of all online businesses, large and small, use OpenSSL, which is why this threat is so profound. It has affected social, email, banking, government and commerce websites around the world.
Programmers have been incredibly quick to respond to the threat by implementing security patches. Here at FrontRunner, we are confident that our system and your data were not compromised in any way and that your information remains safe and secure. Unfortunately, the same claim can’t be made by all companies and organizations.
So – what do you do?
In a nutshell, login to each and every website site that contains any information about you and change your passwords. This includes your FrontRunner IMS. And, you should create a different password for every website and set up a schedule to change your passwords on a regular basis.
Here are some tips on creating effective passwords:
- The longer the password the better. Each should be at least 8 characters although the more characters, the better
- Use both upper and lower case letters
- Add numbers and symbols
- Avoid using numbers (phone) or names (children) that are publicly accessible.
- Create memorable passwords (for you) that can’t be easily guessed (by hackers)
- Use a phrase and incorporate codes or acronyms
You may have a long list of new passwords that you may choose to write down in order to be able to refer to them in the future. Not a bad idea but don’t keep those passwords in an obvious place. Writing a memo on your phone with all the details about every account and related password won’t serve you well at all if your phone is ever stolen.
It’s unfortunate that the largest online security breach to ever hit has affected so many people. At the same time, it’s almost like we need something like this to happen to convince everyone that strong passwords are critical to help ensure our private information remains safe.
