Heartbleed security vulnerability

I hadn’t been paying much attention to the Heartbleed vulnerability, but a colleague talked me through it and I thought I’d share what I learned.

By way of background, Mashable calls the Heartbleed bug “one of the biggest security threats the Internet has ever seen.”

From what I understand, passwords may have been compromised for many of the Internet’s most popular services, including Facebook, Google, Yahoo, YouTube, Dropbox, etc. (full lists from Mashable and CNET).

Even though all of these site have now addressed the vulnerability, there is no way to know whether passwords have been stolen and, if they have, when your account might be hijacked.

So, to be safe:

  1. I changed my passwords on all of those services
  2. I enabled two-step verification wherever I could. All this means is that if I want to log in to my Gmail or Dropbox or whatever else from a new device, I will have to enter a code that will be sent by text to my phone.

Other hints, since finding where to change your passwords is a hassle:

  • For Google, click on the top-right (on your picture) and then click on Accounts and then Security
  • For Yahoo!, click on the gear in the top right and then on “Change Your Password” under “Sign in and Security”
  • For Facebook click on the little arrow next to the padlock on the top right, and then on Settings.
  • For Dropbox click on your name and then Settings and then Security

It’s worth the 5 minutes it takes to do this.  And since you probably have the day off today, you have the time to do it.