By now you’ve (hopefully) heard of the Heartbleed computer bug (for more info on that see below). What this post is about is the gut wrenching, annoying process of creating new passwords and then …ugh… remembering them.
Here in the office we’re referring to this process as PTPS [Post Traumatic Password Syndrome].
As self proclaimed techies and savvy internet consultants we strongly persuade our clients to change their passwords to dynamic (and difficult to remember) passwords that not only include numbers or symbols, but caps and lowercase letters as well. There are a few websites that help with password generation but we find that if you think of a theme; be it a pet, favorite food, vacation spot, high school crush — and then use words that relate to that theme changing a few of the letters to symbols, numbers etc… you are more likely to remember the password.
Where you keep all of these passwords is another element of PTPS. Jen Lew Marketing & Design uses a project management system that stores our shared documents. This isn’t a highly protected system but effective for internal sharing of information. For highly protected client passwords we use either Last Pass or 1Password these are the armored truck of password protection. Plus, for convenience their are plenty of password protection apps for your smart phone – these range from free to paid versions. A few of the most popular options are free iPhone password managers Quick Password Manager, Strip Lite, and Password Manager Secret Server. There are also free Android password managers including KeePass, Secrets for Android.
Heartbleed bug website checker.
Heartbleed can reach out in numerous ways ranging from phishing emails to phone calls. Since Heartbleed could have been lurking around for years, it’s unknown how much information is already available to cyber criminals who may now be putting it to use.
Changing passwords on websites that have now protected themselves against Heartbleed – which exploits some types of Open SSL software – should stop information from leaking out from that point forward. However, the information already available via Heartbleed may be coming back to you in various ways.
The information obtained through Heartbleed can be used by cybercriminals in a variety of “phishing” schemes that use personal data to send emails, texts and phone calls that seem legitimate. Such contact may ask you to update credit card info or account numbers and can appear to be coming from a bank or mobile phone company.
Here’s what you need to be on the lookout for to see if Heartbleed-leaked information is being used in a phishing scheme:
1. Be on the lookout for a flood of emails asking you to “click here” to change password or update account information. Companies generally don’t ask for this information or updates via email so don’t follow an email link to change password. Go to the company’s website directly and don’t copy and paste the address from the email you’re sent.
2. Don’t fall for a phone call that says you need to give them your passwords, account access or credit information to protect yourself from the Heartbleed bug. If someone calls you seeking information and won’t allow you to disconnect and return a call to customer service through a number you find on your own, hang up.
3. Don’t open any links or photos or call back a number on a text message from an unknown number.
4. Don’t return cell phone calls from unknown numbers.